Re: [rt-users] Minimum MySQL permission for RT database access
Filed a ticket. On Thu, May 16, 2013 at 3:43 AM, William Muriithi william.murii...@gmail.com wrote: Thank you That's what I was looking for. Agree, its a little unnecessary but prefer not being too generous as the application is external facing. If you guys ever get around cleaning the code to just use select, insert, update and delete, please document it somewhere William On May 15, 2013 10:12 AM, Ruslan Zakirov r...@bestpractical.com wrote: On Wed, May 15, 2013 at 4:23 PM, William Muriithi william.murii...@gmail.com wrote: Hello, I have spent an hour or so looking at the least recommended permission RT need to be able to manage mysql database and everybody seem to be taking the easy way, grant everything People usually don't grant any mysql level permissions and just trust RT to do so and the following is what RT grants: 18GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE 19ON `$db_name`.* 20TO '$db_user'\@'$db_rthost' 21IDENTIFIED BY '$db_pass';, 22 ); It's a bit over-granting and I believe that our code is clean enough that it's possible to limit the list to SELECT,INSERT,UPDATE,DELETE, but I can not say it's possible for sure without fixing code. Is it possible Best Practice has listed the necessary grants that is needed for RT to work successfully on mysql server that I missed? Would appreciate any guidance RT's user in mysql (RT uses one account for operation) has to have SELECT, INSERT, UPDATE, DELETE rights on all RT's tables to operate. Upgrade steps should use DBA account for steps that require DROP/CREATE/ALTER/INDEX or any other rights, but as I said, considering above GRANT, this code may have bugs and use RT's primary account to perform some upgrade operations. What is the problem you're trying to solve? Regards, William -- Best regards, Ruslan. -- Best regards, Ruslan. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Minimum MySQL permission for RT database access
On Wed, May 15, 2013 at 4:23 PM, William Muriithi william.murii...@gmail.com wrote: Hello, I have spent an hour or so looking at the least recommended permission RT need to be able to manage mysql database and everybody seem to be taking the easy way, grant everything People usually don't grant any mysql level permissions and just trust RT to do so and the following is what RT grants: 18GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE 19ON `$db_name`.* 20TO '$db_user'\@'$db_rthost' 21IDENTIFIED BY '$db_pass';, 22 ); It's a bit over-granting and I believe that our code is clean enough that it's possible to limit the list to SELECT,INSERT,UPDATE,DELETE, but I can not say it's possible for sure without fixing code. Is it possible Best Practice has listed the necessary grants that is needed for RT to work successfully on mysql server that I missed? Would appreciate any guidance RT's user in mysql (RT uses one account for operation) has to have SELECT, INSERT, UPDATE, DELETE rights on all RT's tables to operate. Upgrade steps should use DBA account for steps that require DROP/CREATE/ALTER/INDEX or any other rights, but as I said, considering above GRANT, this code may have bugs and use RT's primary account to perform some upgrade operations. What is the problem you're trying to solve? Regards, William -- Best regards, Ruslan. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training
Re: [rt-users] Minimum MySQL permission for RT database access
Thank you That's what I was looking for. Agree, its a little unnecessary but prefer not being too generous as the application is external facing. If you guys ever get around cleaning the code to just use select, insert, update and delete, please document it somewhere William On May 15, 2013 10:12 AM, Ruslan Zakirov r...@bestpractical.com wrote: On Wed, May 15, 2013 at 4:23 PM, William Muriithi william.murii...@gmail.com wrote: Hello, I have spent an hour or so looking at the least recommended permission RT need to be able to manage mysql database and everybody seem to be taking the easy way, grant everything People usually don't grant any mysql level permissions and just trust RT to do so and the following is what RT grants: 18GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE 19ON `$db_name`.* 20TO '$db_user'\@'$db_rthost' 21IDENTIFIED BY '$db_pass';, 22 ); It's a bit over-granting and I believe that our code is clean enough that it's possible to limit the list to SELECT,INSERT,UPDATE,DELETE, but I can not say it's possible for sure without fixing code. Is it possible Best Practice has listed the necessary grants that is needed for RT to work successfully on mysql server that I missed? Would appreciate any guidance RT's user in mysql (RT uses one account for operation) has to have SELECT, INSERT, UPDATE, DELETE rights on all RT's tables to operate. Upgrade steps should use DBA account for steps that require DROP/CREATE/ALTER/INDEX or any other rights, but as I said, considering above GRANT, this code may have bugs and use RT's primary account to perform some upgrade operations. What is the problem you're trying to solve? Regards, William -- Best regards, Ruslan. -- RT Training in Seattle, June 19-20: http://bestpractical.com/training