a quick tour of mysql 8 0 roles
play

A quick tour of MySQL 8.0 roles Giuseppe Maxia Software explorer - PowerPoint PPT Presentation

Jul 31, 2023 •340 likes •799 views

A quick tour of MySQL 8.0 roles Giuseppe Maxia Software explorer #fosdem #mysqldevroom 1 About me Who's this guy? Giuseppe Maxia, a.k.a. "The Data Charmer" QA Architect at VMware Several decades development and DB

  1. A quick tour of MySQL 8.0 roles Giuseppe Maxia Software explorer #fosdem #mysqldevroom 1

  2. About me Who's this guy? ‣ Giuseppe Maxia, a.k.a. "The Data Charmer" ‣ QA Architect at VMware ‣ Several decades development and DB experience ‣ Long timer MySQL community member. ‣ Blog: http://datacharmer.blogspot.com #fosdem ‣ Twitter: @datacharmer #mysqldevroom 2

  3. Roles overview A long coveted feature finally arrives ‣ Available since MySQL 8.0.0 ‣ Created like an user ‣ Granted like privileges ‣ Need to be activated (with tricks) 3

  4. Before roles Up until the current GA (MySQL 5.7) there were no roles In short: a lot of work, with many chances to make mistakes ‣ CREATE USER ‣ GRANT, GRANT, and more granular GRANT ‣ CREATE USER ‣ GRANT, GRANT again, and then GRANT ‣ CREATE USER ‣ GRANT, GRANT, GRANT, GRANT, oops! 4

  5. Advantages of roles Why bother with this new feature? ‣ Faster user administration define a role once • assign it many times • ‣ Centralised grants handling grant and revoke privileges to roles • No need to edit all users profiles • ‣ Easy to understand grants statistics 5

  6. A BAD example. (1) So far, so good 6

  7. A BAD example. (2) WHAT DID JUST HAPPEN ? STAY TUNED TO FIND OUT 7

  8. Roles 1 CREATE ROLE usage GRANT 2 PRIVILEGES to ROLE 3 CREATE USER 4 GRANT ROLE TO USER 5 SET (DEFAULT) ROLE 8

  9. Create role Like creating a user CREATE ROLE r_lotr_dev; ## NOTE: there is no " IDENTIFIED " clause 9

  10. grant privileges to role Same as we do it with users GRANT ALL ON lotr.* TO r_lotr_dev; 10

  11. Create user This one is already known CREATE USER aragorn IDENTIFIED BY 'lotrpwd'; 11

  12. Grant role to user We grant a role in a way similar to granting a privilege GRANT r_lotr_dev TO aragorn; ## NOTE: there is not an " ON " clause ## in the GRANT statement. 12

  13. Set [default] role The role needs to be activate ALTER USER aragorn DEFAULT ROLE r_lotr_dba; ## OR SET DEFAULT ROLE r_lotr_dba TO aragorn; There is more than one way to do it Unfortunately 13

  14. #fosdem #mysqldevroom Some important points 14

  15. A user can be granted more roles Grants are the total of all roles privileges ‣ User can have many roles ‣ The default role can be a list of roles 15

  16. Roles are saved in 'user' table This may cause some confusion ‣ Roles are users without login (= account locked and expired password) 16

  17. Granting a role to a user is not enough It is there, but you can't see it ‣ When we grant a privilege, the user can use it immediately. ‣ When we grant a role, we first need to set the default. 17

  18. We can grant a user to a user This may look tricky, but it is really simple ‣ Roles are users without login ‣ But roles with login (i.e. users) can be granted. ‣ Privileges are assigned regardless of the host of the user. GRANT root@'localhost' to someuser; ‣ user someuser@'%' has all privileges of root from any host 18

  19. SET ROLE anyone? You can lose track easily here ‣ SET ROLE role_name is a session assignment of a role ‣ SET DEFAULT ROLE role_name is a permanent assignment of a role for a user ‣ SET ROLE DEFAULT means assign the default role to this user for the session. 19

  20. Telling roles from users Sadly, it's up to the DBA's ingenuity ‣ Roles are users with expired password and locked account. ‣ A good workaround is using a naming convention to tell roles apart (e.g. "r_something") There is a feature request about this matter, but I haven’t seen any progress on it. 20

  21. Tables for roles We have two new tables in 'mysql' DB dedicated to roles ‣ role_edges reports which roles are assigned to which users. ‣ default_roles takes track of the current default roles assigned to users. 21

  22. #fosdem #mysqldevroom Roles in action 22

  23. Create roles 23

  24. Create users and apply roles 24

  25. Users and roles 25

  26. Finding roles empirically 26

  27. role_edge table (Which roles were assigned) 27

  28. default_roles table (Which roles are set as default) 28

  29. Who are the DBAs? 29

  30. Who are the developers? 30

  31. Roles summary 31

  32. Default roles summary 32

  33. user with default role 33

  34. User without default role 34

  35. User without default role 35

  36. SET ROLE is not permanent 36

  37. Back to the BAD example. (2) 37

  38. Back to the BAD example. (3) 38

  39. Roles can be active by default It’s a all-or-nothing option ‣ Starting in 8.0.2 ‣ You can use option activate_all_roles_on_login When enabled, all roles become active by default • ‣ And mandatory_roles When set, all users will get the role(s) defined • 39

  40. Example with mandatory roles (1) mysql> create schema lotr; Query OK, 1 row affected (0.00 sec) mysql> grant select on lotr.* to r_lotr_reader; Query OK, 0 rows affected (0.00 sec) mysql> set global mandatory_roles='r_lotr_reader'; Query OK, 0 rows affected (0.00 sec) mysql> create user dummy identified by 'msandbox'; Query OK, 0 rows affected (0.00 sec) 40

  41. Example with mandatory roles (2) $ mysql lotr -u dummy -p ERROR 1044 (42000): Access denied for user 'dummy'@'%' to database ‘lotr' # ====== as root ======== mysql> set global activate_all_roles_on_login=1 ; $ mysql lotr -u dummy -p mysql> show grants ; +------------------------------------------+ | Grants for dummy@% | +------------------------------------------+ | GRANT USAGE ON *.* TO `dummy`@`%` | | GRANT SELECT ON `lotr`.* TO `dummy`@`%` | | GRANT `r_lotr_reader`@`%` TO `dummy`@`%` | +------------------------------------------+ 3 rows in set (0.00 sec) 41

  42. Example with mandatory roles (3) $ mysql lotr -u root -p mysql> show grants \G *** 1. row *** Grants for root@localhost: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`localhost` WITH GRANT OPTION *** 2. row *** Grants for root@localhost: GRANT BACKUP_ADMIN,BINLOG_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPL ICATION_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_SLAVE_ADMIN,RESOURCE_ GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SET_USER_ID,SYSTEM_VARIABLES_AD MIN,XA_RECOVER_ADMIN ON *.* TO `root`@`localhost` WITH GRANT OPTION *** 3. row *** Grants for root@localhost: GRANT SELECT ON `lotr`.* TO `root`@`localhost` 42

  43. Latest addition ‣ In 8.0.3+ ‣ You can set the default role within CREATE USER . ‣ Sounds good ‣ Until you notice that you are activating a role that has not been assigned yet. 😨 43

  44. Q & A @datacharmer #fosdem #mysqldevroom 44

Recommend

Maximum Velocity MySQL Jay Pipes Community Relations Manager, North America MySQL Inc. A Quick

Maximum Velocity MySQL Jay Pipes Community Relations Manager, North America MySQL Inc. A Quick

Maximum Velocity MySQL Jay Pipes Community Relations Manager, North America MySQL Inc. A Quick Survey So, how many are using... 3.23? 4.0? 4.1? 5.0? 5.1? MyISAM? InnoDB? Other? Replication? Cluster? Partitioning?

903 views • 61 slides
COLLABORATION In the CrossCountry Toolkit With Helen and Jose Diacono QUICK TOUR OF ZOOM Turn

COLLABORATION In the CrossCountry Toolkit With Helen and Jose Diacono QUICK TOUR OF ZOOM Turn

COLLABORATION In the CrossCountry Toolkit With Helen and Jose Diacono QUICK TOUR OF ZOOM Turn your microphone on and o ff here QUICK TOUR OF ZOOM Turn your video on here if you like. QUICK TOUR OF ZOOM Send chat messages to the group

672 views • 35 slides
By Mario io E. M Moreir ira Quick overview of Agile Roles that are Core Roles that

By Mario io E. M Moreir ira Quick overview of Agile Roles that are Core Roles that

By Mario io E. M Moreir ira Quick overview of Agile Roles that are Core Roles that are Beyond Learn the view and motivation of each role Learn the specific tasks that each roles plays throughout a release and within each

786 views • 39 slides
Quick Tour of Probability CS246: Mining Massive Datasets Winter 2013 Anshul Mittal Based on

Quick Tour of Probability CS246: Mining Massive Datasets Winter 2013 Anshul Mittal Based on

Quick Tour of Probability Quick Tour of Probability CS246: Mining Massive Datasets Winter 2013 Anshul Mittal Based on previous versions in Winter 2011 and 2012 Quick Tour of Probability Basic Definitions Sample Space : set of all possible

248 views • 8 slides
MySQL Replication Update MySQL 5.5 (GA) & MySQL 5.6.2 (Dev. Milestone) Lars Thalmann

MySQL Replication Update MySQL 5.5 (GA) & MySQL 5.6.2 (Dev. Milestone) Lars Thalmann

<Insert Picture Here> MySQL Replication Update MySQL 5.5 (GA) & MySQL 5.6.2 (Dev. Milestone) Lars Thalmann Development Director MySQL Replication, Backup & Connectors O'Reilly MySQL Users Conference, April 2011 MySQL Releases

456 views • 42 slides
INTRO TO DIGITAL COURSE DESIGN With the CrossCountry Toolkit With Helen and Jose Diacono QUICK

INTRO TO DIGITAL COURSE DESIGN With the CrossCountry Toolkit With Helen and Jose Diacono QUICK

INTRO TO DIGITAL COURSE DESIGN With the CrossCountry Toolkit With Helen and Jose Diacono QUICK TOUR OF ZOOM Turn your microphone on and o ff here QUICK TOUR OF ZOOM Turn your video on here if you like. QUICK TOUR OF ZOOM Send chat

752 views • 27 slides
MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers

MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers

MySQL Proxy Making MySQL more flexible Jan Kneschke jan@mysql.com MySQL Proxy proxy-servers forward requests to backends and can transform, handle or block them released under the GPL see http://forge.mysql.com/wiki/MySQL_Proxy

945 views • 27 slides
Introduction to using DTrace with MySQL Vince Carbone Performance Technology Group, Sun MC

Introduction to using DTrace with MySQL Vince Carbone Performance Technology Group, Sun MC

Introduction to using DTrace with MySQL Vince Carbone Performance Technology Group, Sun MC Brown - MySQL Agenda Quick DTrace Overview Tracing User Applications User Process Tracing Case Study MySQL Static probes What

706 views • 26 slides
PHP and MySQL Dr. E. Benoist Winter Term 2006-2007 PHP and MySQL 1 PHP and MySQL Introduction

PHP and MySQL Dr. E. Benoist Winter Term 2006-2007 PHP and MySQL 1 PHP and MySQL Introduction

Berner Fachhochschule - HTI PHP and MySQL Dr. E. Benoist Winter Term 2006-2007 PHP and MySQL 1 PHP and MySQL Introduction Basics of MySQL Create a Table See the content of a DB Tables: Change rows and Insert data Select

637 views • 53 slides
MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is

MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is

MySQL Proxy meets: binlogs Jan Kneschke MySQL Enterprise Tools mailto: jan@mysql.com What is MySQL Proxy Started Feb 2007 Current: MySQL Proxy 0.7.0 Source available on launchpad.net $ bzr branch lp:mysql-proxy Foundation of

308 views • 17 slides
Quick Tour of Basic Probability Theory and Linear Algebra CS224w: Social and Information Network

Quick Tour of Basic Probability Theory and Linear Algebra CS224w: Social and Information Network

Quick Tour of Basic Probability Theory and Linear Algebra Quick Tour of Basic Probability Theory and Linear Algebra CS224w: Social and Information Network Analysis Fall 2011 Quick Tour of Basic Probability Theory and Linear Algebra Basic

539 views • 22 slides
THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR Under the framework of

THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR Under the framework of

THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR THE FUTURE TOUR Under the framework of Bonjour India, the Institut franais en Inde is pleased to present The Future Tour - a series of thematic rendezvous between scientists, academics,

270 views • 5 slides
CSE 461 Midterm Review A quick tour of what we have learned so far Midterm Topic Coverage

CSE 461 Midterm Review A quick tour of what we have learned so far Midterm Topic Coverage

CSE 461 Midterm Review A quick tour of what we have learned so far Midterm Topic Coverage Midterm is on Everything we covered in lecture slides, textbook, and Feb. 10, Mon assignments before Section 3.1 (Backward Learning and Spanning Tree

531 views • 42 slides
A quick tour of computational social choice Where Artificial Intelligence meets collective

A quick tour of computational social choice Where Artificial Intelligence meets collective

A quick tour of computational social choice Where Artificial Intelligence meets collective decision making Sylvain Bouveret LIG Grenoble INP Journes inaugurales du Pr-GDR IA Montpellier, 13 et 14 juin 2016 Outline A short history of

1.92k views • 163 slides
EXPLAINABLE AI (AND RELATED CONCEPTS) A QUICK TOUR AI Present and future Jacques Fleuriot

EXPLAINABLE AI (AND RELATED CONCEPTS) A QUICK TOUR AI Present and future Jacques Fleuriot

EXPLAINABLE AI (AND RELATED CONCEPTS) A QUICK TOUR AI Present and future Jacques Fleuriot STATE OF PLAY Generally, machine learning models are black boxes Not intuitive Difficult for humans to understand, often even by their

387 views • 24 slides
A Walk on the Dart Side A Quick Tour of ext Gilad Bracha Joint Work with the Dart Team Saturday,

A Walk on the Dart Side A Quick Tour of ext Gilad Bracha Joint Work with the Dart Team Saturday,

A Walk on the Dart Side A Quick Tour of ext Gilad Bracha Joint Work with the Dart Team Saturday, November 19, 2011 1 Dart at 50,000 feet Language for Web Programming Sophisticated Web Applications need not be a tour de force Saturday,

657 views • 49 slides
DCR Tools A quick tour of tools for Dynamic Condition Response graphs Thomas T. Hildebrandt &

DCR Tools A quick tour of tools for Dynamic Condition Response graphs Thomas T. Hildebrandt &

DCR Tools A quick tour of tools for Dynamic Condition Response graphs Thomas T. Hildebrandt & Sren Debois IT University of Copenhagen (and joint work with R. Mukkamala, T. Slaats, M. Marquard, F. Zanitti) Dagstuhl Seminar 17051 Theory and

756 views • 56 slides
Stone Age to Iron Age A quick tour of Prehistory The Stone Age Let's Rock!! What is Prehistory?

Stone Age to Iron Age A quick tour of Prehistory The Stone Age Let's Rock!! What is Prehistory?

Stone Age to Iron Age A quick tour of Prehistory The Stone Age Let's Rock!! What is Prehistory? Experts say that History began when people started to write things down. This is because we have a record things that happened, or a witness

348 views • 22 slides
MySQL Group Replication & MySQL InnoDB Cluster Production Ready? Kenny Gryp MySQL Practice

MySQL Group Replication & MySQL InnoDB Cluster Production Ready? Kenny Gryp MySQL Practice

MySQL Group Replication & MySQL InnoDB Cluster Production Ready? Kenny Gryp MySQL Practice Manager Table of Contents Group Replication MySQL Shell (AdminAPI) MySQL Group Replication MySQL Router Best Practices Limitations Production?

993 views • 72 slides
Handling Failover with MySQL 5.6 and Global Transaction IDs Stphane Combaudon FOSDEM February

Handling Failover with MySQL 5.6 and Global Transaction IDs Stphane Combaudon FOSDEM February

Handling Failover with MySQL 5.6 and Global Transaction IDs Stphane Combaudon FOSDEM February 1st, 2014 Agenda Failover with position-based replication Quick introduction to Global Transactions IDs MySQL Utilities Other

572 views • 25 slides
Bringing your Python script to more users! Quick tour from CLI through GUI to Web app with image

Bringing your Python script to more users! Quick tour from CLI through GUI to Web app with image

Bringing your Python script to more users! Quick tour from CLI through GUI to Web app with image size reduction script EuroPython 2020 (2020/07/23) Takuya Futatsugi (a.k.a. nikkie) Hello EuroPython! Nice to meet you! Please call me

1.12k views • 85 slides
PyGTK + ipython + parasite quick tour chrysn <chrysn@fsfe.org> 2010-11-11 GTK+ Language

PyGTK + ipython + parasite quick tour chrysn <chrysn@fsfe.org> 2010-11-11 GTK+ Language

PyGTK + ipython + parasite quick tour chrysn <chrysn@fsfe.org> 2010-11-11 GTK+ Language bindings Getting started More GTK features The boring stuff at the beginning of a presentation G IMP T ool k it (created 1997 for GIMP)

505 views • 24 slides
A G E N D A Tour Policy Oakhill Tour Presentation Travel & Sports Tour

A G E N D A Tour Policy Oakhill Tour Presentation Travel & Sports Tour

Welcome Attendance Register Apologies A G E N D A Tour Policy Oakhill Tour Presentation Travel & Sports Tour Presentation Fundraising Tour Brochure Tour Clothing Tour Committee Appointment

474 views • 16 slides
OTTAWA OTTAWA PROPERTY TOUR PROPERTY TOUR OCTOBER 23, 2019 OCTOBER 23, 2019 OTTAWA PROPERTY

OTTAWA OTTAWA PROPERTY TOUR PROPERTY TOUR OCTOBER 23, 2019 OCTOBER 23, 2019 OTTAWA PROPERTY

OTTAWA OTTAWA PROPERTY TOUR PROPERTY TOUR OCTOBER 23, 2019 OCTOBER 23, 2019 OTTAWA PROPERTY TOUR OCTOBER 23, 2019 PROREIT at a Glance Quick Facts Established in 2013, PROREIT owns $625 million of diversified commercial real estate

412 views • 28 slides

More recommend