[rt-users] Minimum MySQL permission for RT database access

Ruslan Zakirov ruz at bestpractical.com
Wed May 15 10:12:53 EDT 2013


On Wed, May 15, 2013 at 4:23 PM, William Muriithi <
william.muriithi at gmail.com> wrote:

> Hello,
>
> I have spent an hour or so looking at the least recommended permission RT
> need to be able to manage mysql database and everybody seem to be taking
> the easy way, grant everything
>
People usually don't grant any mysql level permissions and just trust RT to
do so and the following is what RT grants:

18        "GRANT SELECT,INSERT,CREATE,INDEX,UPDATE,DELETE
19                ON `$db_name`.*
20                TO '$db_user'\@'$db_rthost'
21                IDENTIFIED BY '$db_pass';",
22     );

It's a bit over-granting and I believe that our code is clean enough that
it's possible to limit the list to SELECT,INSERT,UPDATE,DELETE, but I can
not say it's possible for sure without fixing code.


> Is it possible Best Practice has listed the necessary grants that is
> needed for RT to work successfully on mysql server that I missed? Would
> appreciate any guidance
>

RT's user in mysql (RT uses one account for operation) has to have SELECT,
INSERT, UPDATE, DELETE rights on all RT's tables to operate. Upgrade steps
should use DBA account for steps that require DROP/CREATE/ALTER/INDEX or
any other rights, but as I said, considering above GRANT, this code may
have "bugs" and use RT's primary account to perform some upgrade
operations.

What is the problem you're trying to solve?

> Regards,
>
> William
>



-- 
Best regards, Ruslan.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130515/5f780de9/attachment.htm>


More information about the rt-users mailing list