passwords and permissions in MySQL
-
29-10-2019 - |
Question
This might come across as a simple question, but I have very limited experience with relational databases. How do I fine tune permissions in MySQL. For example, if I have the following code
CREATE TABLE IF NOT EXISTS user(
ID INT NOT NULL AUTO_INCREMENT,
//...other columns
PRIMARY KEY(ID)
)ENGINE=InnoDB
CREATE TABLE IF NOT EXISTS pictures
(
ID INT NOT NULL AUTO_INCREMENT,
userID INT NOT NULL,
//...other columns
PRIMARY KEY(ID),
FOREIGN KEY (userID) REFERENCES user(ID)
)ENGINE=InnoDB";
and I create two new users, user1
and user2
, I can give them permission to the tables as such
GRANT ALL PRIVILIGES ON db_name.* to ".user1."@\"%\" identified by ".pass1
GRANT ALL PRIVILIGES ON db_name.* to ".user2."@\"%\" identified by ".pass2
but is there anywhere to restrict privileges inside a table to only a specific subset? Should I carry this out in my PHP code instead? I'm used to object oriented programming, so I am not accustomed to massive tables which hold all the information.
Solution
Specifically, you can't grant access to some rows of a table and not others, which sounds like what you are asking to do.
OTHER TIPS
I recommend doing your permissioning for end-users of your application in PHP. Using database users to control access is an antiquated method (in my opinion) and can be difficult to do/support in MySQL/PHP as its not commonly done.
In the Grant Documentation you'll need to check the docs to see what specific privileges you are looking for; but you'll need to perform multiple grants for the same user for each separate privilege (i.e. one for select, one for update, etc...).