<div dir="ltr">Filed a ticket.</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 16, 2013 at 3:43 AM, William Muriithi <span dir="ltr"><<a href="mailto:william.muriithi@gmail.com" target="_blank">william.muriithi@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p>Thank you</p>
<p>That's what I was looking for. Agree, its a little unnecessary but prefer not being too generous as the application is external facing.</p>
<p>If you guys ever get around cleaning the code to just use select, insert, update and delete, please document it somewhere </p><span class="HOEnZb"><font color="#888888">
<p>William </p></font></span><div class="HOEnZb"><div class="h5">
<div class="gmail_quote">On May 15, 2013 10:12 AM, "Ruslan Zakirov" <<a href="mailto:ruz@bestpractical.com" target="_blank">ruz@bestpractical.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">On Wed, May 15, 2013 at 4:23 PM, William Muriithi <span dir="ltr"><<a href="mailto:william.muriithi@gmail.com" target="_blank">william.muriithi@gmail.com</a>></span> wrote:<br><div class="gmail_extra">
<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><p>Hello,</p>
<p>I have spent an hour or so looking at the least recommended permission RT need to be able to manage mysql database and everybody seem to be taking the easy way, grant everything</p></blockquote><div>People usually don't grant any mysql level permissions and just trust RT to do so and the following is what RT grants:</div>
<div><br></div><div><div>18 "GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE</div><div>19 ON `$db_name`.*</div><div>20 TO '$db_user'\@'$db_rthost'</div><div>21 IDENTIFIED BY '$db_pass';",</div>
<div>22 );</div></div><div><br></div><div>It's a bit over-granting and I believe that our code is clean enough that it's possible to limit the list to SELECT,INSERT,UPDATE,DELETE, but I can not say it's possible for sure without fixing code.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<p>Is it possible Best Practice has listed the necessary grants that is needed for RT to work successfully on mysql server that I missed? Would appreciate any guidance</p></blockquote><div><br></div><div>RT's user in mysql (RT uses one account for operation) has to have SELECT, INSERT, UPDATE, DELETE rights on all RT's tables to operate. Upgrade steps should use DBA account for steps that require DROP/CREATE/ALTER/INDEX or any other rights, but as I said, considering above GRANT, this code may have "bugs" and use RT's primary account to perform some upgrade operations. </div>
<div><br></div><div>What is the problem you're trying to solve?</div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<p>Regards,</p>
<p>William</p>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>Best regards, Ruslan.
</div></div>
</blockquote></div>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Best regards, Ruslan.
</div>