Re: gourp users

On 17/12/14 18:55, Luuk wrote:
> On 17-12-2014 16:25, Remigio wrote:
>> hi,
>> I'm using a mysql db as backend of some office applications.
>> There are over 40 users which connect to the database and I'd like to
>> group them into 4 or 5 groups for manage their privileges and tables
>> access rights.
>> Is there a way to do this?
>> Thank you very much
>>
>> __
>> Remigio
>>
>
> You should be able to define table(s) which defines the groups and their
> members.
>
> After that you should be able to define a trigger which updates all
> members of a group when the privileges of a member is changed.
>
>
At the SQL level 'logins' can be assigned privileges certainly down to table level and IIRC field levels.

So what I have done in the past is to have a table of users/passwords at the APPLICATION level and issue them with an SQL 'group' login that gives them just the table access they need.

This is all fairly complex and you probably need to build an application to add users and/or change their privileges, fairly early in development.

Depending on the security model you need and how raw an access to the tables you provide, it is often easier to manage all the security at the application level for non critical applications, using a single SQL 'user' identity.

I suggest you review the SQL on line manual, and start with a clean sheet of paper on which you write the reason why you need to do all this.

I spent a week designing a security framework and still got it slightly wrong ;-)

-- 
Everything you read in newspapers is absolutely true, except for the 
rare story of which you happen to have first-hand knowledge. – Erwin Knoll