Filed a ticket.
On Thu, May 16, 2013 at 3:43 AM, William Muriithi < [email protected]> wrote: > Thank you > > That's what I was looking for. Agree, its a little unnecessary but prefer > not being too generous as the application is external facing. > > If you guys ever get around cleaning the code to just use select, insert, > update and delete, please document it somewhere > > William > On May 15, 2013 10:12 AM, "Ruslan Zakirov" <[email protected]> wrote: > >> On Wed, May 15, 2013 at 4:23 PM, William Muriithi < >> [email protected]> wrote: >> >>> Hello, >>> >>> I have spent an hour or so looking at the least recommended permission >>> RT need to be able to manage mysql database and everybody seem to be taking >>> the easy way, grant everything >>> >> People usually don't grant any mysql level permissions and just trust RT >> to do so and the following is what RT grants: >> >> 18 "GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE >> 19 ON `$db_name`.* >> 20 TO '$db_user'\@'$db_rthost' >> 21 IDENTIFIED BY '$db_pass';", >> 22 ); >> >> It's a bit over-granting and I believe that our code is clean enough that >> it's possible to limit the list to SELECT,INSERT,UPDATE,DELETE, but I can >> not say it's possible for sure without fixing code. >> >> >>> Is it possible Best Practice has listed the necessary grants that is >>> needed for RT to work successfully on mysql server that I missed? Would >>> appreciate any guidance >>> >> >> RT's user in mysql (RT uses one account for operation) has to have >> SELECT, INSERT, UPDATE, DELETE rights on all RT's tables to operate. >> Upgrade steps should use DBA account for steps that require >> DROP/CREATE/ALTER/INDEX or any other rights, but as I said, considering >> above GRANT, this code may have "bugs" and use RT's primary account to >> perform some upgrade operations. >> >> What is the problem you're trying to solve? >> >>> Regards, >>> >>> William >>> >> >> >> >> -- >> Best regards, Ruslan. >> > -- Best regards, Ruslan.
-- RT Training in Seattle, June 19-20: http://bestpractical.com/training
