a quick tour of mysql 8 0 roles
play

A quick tour of MySQL 8.0 roles Giuseppe Maxia Software explorer - PowerPoint PPT Presentation

Jul 31, 2023 •340 likes •799 views

A quick tour of MySQL 8.0 roles Giuseppe Maxia Software explorer #fosdem #mysqldevroom 1 About me Who's this guy? Giuseppe Maxia, a.k.a. "The Data Charmer" QA Architect at VMware Several decades development and DB

  1. A quick tour of MySQL 8.0 roles Giuseppe Maxia Software explorer #fosdem #mysqldevroom 1

  2. About me Who's this guy? ‣ Giuseppe Maxia, a.k.a. "The Data Charmer" ‣ QA Architect at VMware ‣ Several decades development and DB experience ‣ Long timer MySQL community member. ‣ Blog: http://datacharmer.blogspot.com #fosdem ‣ Twitter: @datacharmer #mysqldevroom 2

  3. Roles overview A long coveted feature finally arrives ‣ Available since MySQL 8.0.0 ‣ Created like an user ‣ Granted like privileges ‣ Need to be activated (with tricks) 3

  4. Before roles Up until the current GA (MySQL 5.7) there were no roles In short: a lot of work, with many chances to make mistakes ‣ CREATE USER ‣ GRANT, GRANT, and more granular GRANT ‣ CREATE USER ‣ GRANT, GRANT again, and then GRANT ‣ CREATE USER ‣ GRANT, GRANT, GRANT, GRANT, oops! 4

  5. Advantages of roles Why bother with this new feature? ‣ Faster user administration define a role once • assign it many times • ‣ Centralised grants handling grant and revoke privileges to roles • No need to edit all users profiles • ‣ Easy to understand grants statistics 5

  6. A BAD example. (1) So far, so good 6

  7. A BAD example. (2) WHAT DID JUST HAPPEN ? STAY TUNED TO FIND OUT 7

  8. Roles 1 CREATE ROLE usage GRANT 2 PRIVILEGES to ROLE 3 CREATE USER 4 GRANT ROLE TO USER 5 SET (DEFAULT) ROLE 8

  9. Create role Like creating a user CREATE ROLE r_lotr_dev; ## NOTE: there is no " IDENTIFIED " clause 9

  10. grant privileges to role Same as we do it with users GRANT ALL ON lotr.* TO r_lotr_dev; 10

  11. Create user This one is already known CREATE USER aragorn IDENTIFIED BY 'lotrpwd'; 11

  12. Grant role to user We grant a role in a way similar to granting a privilege GRANT r_lotr_dev TO aragorn; ## NOTE: there is not an " ON " clause ## in the GRANT statement. 12

  13. Set [default] role The role needs to be activate ALTER USER aragorn DEFAULT ROLE r_lotr_dba; ## OR SET DEFAULT ROLE r_lotr_dba TO aragorn; There is more than one way to do it Unfortunately 13

  14. #fosdem #mysqldevroom Some important points 14

  15. A user can be granted more roles Grants are the total of all roles privileges ‣ User can have many roles ‣ The default role can be a list of roles 15

  16. Roles are saved in 'user' table This may cause some confusion ‣ Roles are users without login (= account locked and expired password) 16

  17. Granting a role to a user is not enough It is there, but you can't see it ‣ When we grant a privilege, the user can use it immediately. ‣ When we grant a role, we first need to set the default. 17

  18. We can grant a user to a user This may look tricky, but it is really simple ‣ Roles are users without login ‣ But roles with login (i.e. users) can be granted. ‣ Privileges are assigned regardless of the host of the user. GRANT root@'localhost' to someuser; ‣ user someuser@'%' has all privileges of root from any host 18

  19. SET ROLE anyone? You can lose track easily here ‣ SET ROLE role_name is a session assignment of a role ‣ SET DEFAULT ROLE role_name is a permanent assignment of a role for a user ‣ SET ROLE DEFAULT means assign the default role to this user for the session. 19

  20. Telling roles from users Sadly, it's up to the DBA's ingenuity ‣ Roles are users with expired password and locked account. ‣ A good workaround is using a naming convention to tell roles apart (e.g. "r_something") There is a feature request about this matter, but I haven’t seen any progress on it. 20

  21. Tables for roles We have two new tables in 'mysql' DB dedicated to roles ‣ role_edges reports which roles are assigned to which users. ‣ default_roles takes track of the current default roles assigned to users. 21

  22. #fosdem #mysqldevroom Roles in action 22

  23. Create roles 23

  24. Create users and apply roles 24

  25. Users and roles 25

  26. Finding roles empirically 26

  27. role_edge table (Which roles were assigned) 27

  28. default_roles table (Which roles are set as default) 28

  29. Who are the DBAs? 29

  30. Who are the developers? 30

  31. Roles summary 31

  32. Default roles summary 32

  33. user with default role 33

  34. User without default role 34

  35. User without default role 35

  36. SET ROLE is not permanent 36

  37. Back to the BAD example. (2) 37

  38. Back to the BAD example. (3) 38

  39. Roles can be active by default It’s a all-or-nothing option ‣ Starting in 8.0.2 ‣ You can use option activate_all_roles_on_login When enabled, all roles become active by default • ‣ And mandatory_roles When set, all users will get the role(s) defined • 39

  40. Example with mandatory roles (1) mysql> create schema lotr; Query OK, 1 row affected (0.00 sec) mysql> grant select on lotr.* to r_lotr_reader; Query OK, 0 rows affected (0.00 sec) mysql> set global mandatory_roles='r_lotr_reader'; Query OK, 0 rows affected (0.00 sec) mysql> create user dummy identified by 'msandbox'; Query OK, 0 rows affected (0.00 sec) 40

  41. Example with mandatory roles (2) $ mysql lotr -u dummy -p ERROR 1044 (42000): Access denied for user 'dummy'@'%' to database ‘lotr' # ====== as root ======== mysql> set global activate_all_roles_on_login=1 ; $ mysql lotr -u dummy -p mysql> show grants ; +------------------------------------------+ | Grants for dummy@% | +------------------------------------------+ | GRANT USAGE ON *.* TO `dummy`@`%` | | GRANT SELECT ON `lotr`.* TO `dummy`@`%` | | GRANT `r_lotr_reader`@`%` TO `dummy`@`%` | +------------------------------------------+ 3 rows in set (0.00 sec) 41

  42. Example with mandatory roles (3) $ mysql lotr -u root -p mysql> show grants \G *** 1. row *** Grants for root@localhost: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`localhost` WITH GRANT OPTION *** 2. row *** Grants for root@localhost: GRANT BACKUP_ADMIN,BINLOG_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPL ICATION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_SLAVE_ADMIN,RESOURCE_ GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_AD MIN,XA_RECOVER_ADMIN ON *.* TO `root`@`localhost` WITH GRANT OPTION *** 3. row *** Grants for root@localhost: GRANT SELECT ON `lotr`.* TO `root`@`localhost` 42

  43. Latest addition ‣ In 8.0.3+ ‣ You can set the default role within CREATE USER . ‣ Sounds good ‣ Until you notice that you are activating a role that has not been assigned yet. 😨 43

  44. Q & A @datacharmer #fosdem #mysqldevroom 44

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Maximum Velocity MySQL Jay Pipes Community Relations Manager, North America MySQL Inc. A Quick

Maximum Velocity MySQL Jay Pipes Community Relations Manager, North America MySQL Inc. A Quick

Maximum Velocity MySQL Jay Pipes Community Relations Manager, North America MySQL Inc. A Quick Survey So, how many are using... 3.23? 4.0? 4.1? 5.0? 5.1? MyISAM? InnoDB? Other? Replication? Cluster? Partitioning?

903 views • 61 slides
COLLABORATION In the CrossCountry Toolkit With Helen and Jose Diacono QUICK TOUR OF ZOOM Turn

COLLABORATION In the CrossCountry Toolkit With Helen and Jose Diacono QUICK TOUR OF ZOOM Turn

COLLABORATION In the CrossCountry Toolkit With Helen and Jose Diacono QUICK TOUR OF ZOOM Turn your microphone on and o ff here QUICK TOUR OF ZOOM Turn your video on here if you like. QUICK TOUR OF ZOOM Send chat messages to the group

672 views • 35 slides
By Mario io E. M Moreir ira Quick overview of Agile Roles that are Core Roles that

By Mario io E. M Moreir ira Quick overview of Agile Roles that are Core Roles that

By Mario io E. M Moreir ira Quick overview of Agile Roles that are Core Roles that are Beyond Learn the view and motivation of each role Learn the specific tasks that each roles plays throughout a release and within each

786 views • 39 slides
Quick Tour of Probability CS246: Mining Massive Datasets Winter 2013 Anshul Mittal Based on

Quick Tour of Probability CS246: Mining Massive Datasets Winter 2013 Anshul Mittal Based on

Quick Tour of Probability Quick Tour of Probability CS246: Mining Massive Datasets Winter 2013 Anshul Mittal Based on previous versions in Winter 2011 and 2012 Quick Tour of Probability Basic Definitions Sample Space : set of all possible

248 views • 8 slides
MySQL Replication Update MySQL 5.5 (GA) & MySQL 5.6.2 (Dev. Milestone) Lars Thalmann

MySQL Replication Update MySQL 5.5 (GA) & MySQL 5.6.2 (Dev. Milestone) Lars Thalmann

<Insert Picture Here> MySQL Replication Update MySQL 5.5 (GA) & MySQL 5.6.2 (Dev. Milestone) Lars Thalmann Development Director MySQL Replication, Backup & Connectors O'Reilly MySQL Users Conference, April 2011 MySQL Releases

456 views • 42 slides
INTRO TO DIGITAL COURSE DESIGN With the CrossCountry Toolkit With Helen and Jose Diacono QUICK

INTRO TO DIGITAL COURSE DESIGN With the CrossCountry Toolkit With Helen and Jose Diacono QUICK

INTRO TO DIGITAL COURSE DESIGN With the CrossCountry Toolkit With Helen and Jose Diacono QUICK TOUR OF ZOOM Turn your microphone on and o ff here QUICK TOUR OF ZOOM Turn your video on here if you like. QUICK TOUR OF ZOOM Send chat

752 views • 27 slides
MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers

MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers

MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers forward requests to backends and can transform, handle or block them released under the GPL see http://forge.mysql.com/wiki/MySQL_Proxy

945 views • 27 slides
Introduction to using DTrace with MySQL Vince Carbone Performance Technology Group, Sun MC

Introduction to using DTrace with MySQL Vince Carbone Performance Technology Group, Sun MC

Introduction to using DTrace with MySQL Vince Carbone Performance Technology Group, Sun MC Brown - MySQL Agenda Quick DTrace Overview Tracing User Applications User Process Tracing Case Study MySQL Static probes What

706 views • 26 slides
PHP and MySQL Dr. E. Benoist Winter Term 2006-2007 PHP and MySQL 1 PHP and MySQL Introduction

PHP and MySQL Dr. E. Benoist Winter Term 2006-2007 PHP and MySQL 1 PHP and MySQL Introduction

Berner Fachhochschule - HTI PHP and MySQL Dr. E. Benoist Winter Term 2006-2007 PHP and MySQL 1 PHP and MySQL Introduction Basics of MySQL Create a Table See the content of a DB Tables: Change rows and Insert data Select

637 views • 53 slides
MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is

MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is

MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is MySQL Proxy Started Feb 2007 Current: MySQL Proxy 0.7.0 Source available on launchpad.net $ bzr branch lp:mysql-proxy Foundation of

308 views • 17 slides
Quick Tour of Basic Probability Theory and Linear Algebra CS224w: Social and Information Network

Quick Tour of Basic Probability Theory and Linear Algebra CS224w: Social and Information Network

Quick Tour of Basic Probability Theory and Linear Algebra Quick Tour of Basic Probability Theory and Linear Algebra CS224w: Social and Information Network Analysis Fall 2011 Quick Tour of Basic Probability Theory and Linear Algebra Basic

539 views • 22 slides
THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR Under the framework of

THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR Under the framework of

THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR Under the framework of Bonjour India, the Institut franais en Inde is pleased to present The Future Tour - a series of thematic rendezvous between scientists, academics,

270 views • 5 slides
CSE 461 Midterm Review A quick tour of what we have learned so far Midterm Topic Coverage

CSE 461 Midterm Review A quick tour of what we have learned so far Midterm Topic Coverage

CSE 461 Midterm Review A quick tour of what we have learned so far Midterm Topic Coverage Midterm is on Everything we covered in lecture slides, textbook, and Feb. 10, Mon assignments before Section 3.1 (Backward Learning and Spanning Tree

531 views • 42 slides
A quick tour of computational social choice Where Artificial Intelligence meets collective

A quick tour of computational social choice Where Artificial Intelligence meets collective

A quick tour of computational social choice Where Artificial Intelligence meets collective decision making Sylvain Bouveret LIG Grenoble INP Journes inaugurales du Pr-GDR IA Montpellier, 13 et 14 juin 2016 Outline A short history of

1.92k views • 163 slides
EXPLAINABLE AI (AND RELATED CONCEPTS) A QUICK TOUR AI Present and future Jacques Fleuriot

EXPLAINABLE AI (AND RELATED CONCEPTS) A QUICK TOUR AI Present and future Jacques Fleuriot

EXPLAINABLE AI (AND RELATED CONCEPTS) A QUICK TOUR AI Present and future Jacques Fleuriot STATE OF PLAY Generally, machine learning models are black boxes Not intuitive Difficult for humans to understand, often even by their

387 views • 24 slides
A Walk on the Dart Side A Quick Tour of ext Gilad Bracha Joint Work with the Dart Team Saturday,

A Walk on the Dart Side A Quick Tour of ext Gilad Bracha Joint Work with the Dart Team Saturday,

A Walk on the Dart Side A Quick Tour of ext Gilad Bracha Joint Work with the Dart Team Saturday, November 19, 2011 1 Dart at 50,000 feet Language for Web Programming Sophisticated Web Applications need not be a tour de force Saturday,

657 views • 49 slides
Interprocedural Constant Propagation Jump functions [Callahan, Cooper, Kennedy, & Torczon,

Interprocedural Constant Propagation Jump functions [Callahan, Cooper, Kennedy, & Torczon,

Interprocedural Constant Propagation Jump functions [Callahan, Cooper, Kennedy, & Torczon, PLDI 86] How to quickly compute info at c s actuals from proc s formals? Goal: for each procedure, for each formal, identify whether all calls

57 views • 4 slides
Asset Pricing Chapter X. Arrow-Debreu pricing II: The Arbitrage Perspective June 22, 2006 Asset

Asset Pricing Chapter X. Arrow-Debreu pricing II: The Arbitrage Perspective June 22, 2006 Asset

10.1 Market Completeness and Complex Security 10.2 Constructing State Contingent Claims Prices in a risk-Free World: Deriving the term Structure 10.3 The Value Additivity Theorem 10.4 Using Options to Complete the Market: An Abstract Setting

1.1k views • 26 slides
Numerical pricing of Financial options with simple Finite Difference Methods Jens Hugger and Sima

Numerical pricing of Financial options with simple Finite Difference Methods Jens Hugger and Sima

d e p a r t m e n t o f m a t h e m a t i c a l s c i e n c e s university of copenhagen Numerical pricing of Financial options with simple Finite Difference Methods Jens Hugger and Sima Mashayekhi Department of Mathematical Sciences April 2,

853 views • 59 slides
Partial Differential Equations in Option Pricing Jean-Pierre Fouque University of California

Partial Differential Equations in Option Pricing Jean-Pierre Fouque University of California

Partial Differential Equations in Option Pricing Jean-Pierre Fouque University of California Santa Barbara Special Semester on Stochastics with Emphasis on Finance Tutorial September 5, 2008 RICAM, Linz, Austria 1 PART 1: Review of the

938 views • 81 slides
Removing the MAC Retransmission Times from the RTT in TCP E. Dedu , S. Linck, F. Spies

Removing the MAC Retransmission Times from the RTT in TCP E. Dedu , S. Linck, F. Spies

Removing the MAC Retransmission Times from the RTT in TCP E. Dedu , S. Linck, F. Spies Laboratoire d'Informatique de l'Universit de Franche-Comt (LIFC) Montbliard, France Euromedia'2005 Toulouse, France 11 April 2005 Problem: RTT

331 views • 14 slides
Next Steps Rui Ribeiro & Josh Howlett 19 October 2010 eduCONF Workshop - Lisbon - 18 &

Next Steps Rui Ribeiro & Josh Howlett 19 October 2010 eduCONF Workshop - Lisbon - 18 &

Next Steps Rui Ribeiro & Josh Howlett 19 October 2010 eduCONF Workshop - Lisbon - 18 & 19 October 2010 1 eduCONF Workshop - Lisbon - 18 & 19 October 2010 2 Do it all over again? eduCONF Workshop - Lisbon - 18 & 19 October

361 views • 7 slides
Relevant Financial Disclosure(s) <insert speaker name> Directions: 1) Insert your name

Relevant Financial Disclosure(s) <insert speaker name> Directions: 1) Insert your name

Relevant Financial Disclosure(s) <insert speaker name> Directions: 1) Insert your name above. 2) Choose the disclosure statement that reflects your disclosure status 3) Delete the other option and all RED text If NO relevant

205 views • 3 slides
Transaction Management Manage many queries/updates running simultaneously. CS 235:

Transaction Management Manage many queries/updates running simultaneously. CS 235:

Transaction Management Manage many queries/updates running simultaneously. CS 235: Airline reservations, auctions, ATMs. Introduction to Databases Atomicity all or nothing principle. Serializability the effect of

237 views • 4 slides

More recommend