Thank you That's what I was looking for. Agree, its a little unnecessary but prefer not being too generous as the application is external facing.
If you guys ever get around cleaning the code to just use select, insert, update and delete, please document it somewhere William On May 15, 2013 10:12 AM, "Ruslan Zakirov" <[email protected]> wrote: > On Wed, May 15, 2013 at 4:23 PM, William Muriithi < > [email protected]> wrote: > >> Hello, >> >> I have spent an hour or so looking at the least recommended permission RT >> need to be able to manage mysql database and everybody seem to be taking >> the easy way, grant everything >> > People usually don't grant any mysql level permissions and just trust RT > to do so and the following is what RT grants: > > 18 "GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE > 19 ON `$db_name`.* > 20 TO '$db_user'\@'$db_rthost' > 21 IDENTIFIED BY '$db_pass';", > 22 ); > > It's a bit over-granting and I believe that our code is clean enough that > it's possible to limit the list to SELECT,INSERT,UPDATE,DELETE, but I can > not say it's possible for sure without fixing code. > > >> Is it possible Best Practice has listed the necessary grants that is >> needed for RT to work successfully on mysql server that I missed? Would >> appreciate any guidance >> > > RT's user in mysql (RT uses one account for operation) has to have SELECT, > INSERT, UPDATE, DELETE rights on all RT's tables to operate. Upgrade steps > should use DBA account for steps that require DROP/CREATE/ALTER/INDEX or > any other rights, but as I said, considering above GRANT, this code may > have "bugs" and use RT's primary account to perform some upgrade > operations. > > What is the problem you're trying to solve? > >> Regards, >> >> William >> > > > > -- > Best regards, Ruslan. >
-- RT Training in Seattle, June 19-20: http://bestpractical.com/training
