[rt-users] Minimum MySQL permission for RT database access

Ruslan Zakirov ruz at bestpractical.com
Fri May 17 05:28:00 EDT 2013 

Filed a ticket.


On Thu, May 16, 2013 at 3:43 AM, William Muriithi <
william.muriithi at gmail.com> wrote:

> Thank you
>
> That's what I was looking for. Agree, its a little unnecessary but prefer
> not being too generous as the application is external facing.
>
> If you guys ever get around cleaning the code to just use select, insert,
> update and delete,  please document it somewhere
>
> William
> On May 15, 2013 10:12 AM, "Ruslan Zakirov" <ruz at bestpractical.com> wrote:
>
>> On Wed, May 15, 2013 at 4:23 PM, William Muriithi <
>> william.muriithi at gmail.com> wrote:
>>
>>> Hello,
>>>
>>> I have spent an hour or so looking at the least recommended permission
>>> RT need to be able to manage mysql database and everybody seem to be taking
>>> the easy way, grant everything
>>>
>> People usually don't grant any mysql level permissions and just trust RT
>> to do so and the following is what RT grants:
>>
>> 18        "GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE
>> 19                ON `$db_name`.*
>> 20                TO '$db_user'\@'$db_rthost'
>> 21                IDENTIFIED BY '$db_pass';",
>> 22     );
>>
>> It's a bit over-granting and I believe that our code is clean enough that
>> it's possible to limit the list to SELECT,INSERT,UPDATE,DELETE, but I can
>> not say it's possible for sure without fixing code.
>>
>>
>>> Is it possible Best Practice has listed the necessary grants that is
>>> needed for RT to work successfully on mysql server that I missed? Would
>>> appreciate any guidance
>>>
>>
>> RT's user in mysql (RT uses one account for operation) has to have
>> SELECT, INSERT, UPDATE, DELETE rights on all RT's tables to operate.
>> Upgrade steps should use DBA account for steps that require
>> DROP/CREATE/ALTER/INDEX or any other rights, but as I said, considering
>> above GRANT, this code may have "bugs" and use RT's primary account to
>> perform some upgrade operations.
>>
>> What is the problem you're trying to solve?
>>
>>> Regards,
>>>
>>> William
>>>
>>
>>
>>
>> --
>> Best regards, Ruslan.
>>
>


-- 
Best regards, Ruslan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130517/748d98e7/attachment.htm>

More information about the rt-users mailing list