Last modified: 2013-05-27 22:52:48 UTC
At moment the tools are not allowed to create own databases. I think it would be nice if they could create DB like <toolname>_<db>. Two possible solutions: 1. Create a mysql-procedure for this. 2. Using "GRANT ALL PRIVILEGES ON `<toolname>_%" (I know it's horrid ;-) )
Created attachment 11995 [details] MySQL/MariaDB-procedure to create tools dbs The attachment creates two procedures for creating tools db: "sys.create_tools_db" and "sys.create_tools_db_no_output". The procedures run with the rights of the definer (SQL SECURITY DEFINER), so the users do not need a global CREATE DATABASE right. They test the dbname that should be created if it has a syntax like <toolname>_<dbname>. When the name pass this test, the database will be created and the tooluser gets all rights with grant option for the new database. sys.create_tools_db outputs the result of the process (this should be used by users on the MySQL-Shell), sys.create_tools_db_no_output generates no output (for use in programs) The attachment is made for copy-and-paste on the MySQL-Shell. The users need only the execute right for sys.* (GRANT EXECUTE ON sys.* TO <user>) to call this the procedure. See also the other attachment.
Sounds like a good way forward. Will audit and test the code shortly with an eye towards deployment.
Created attachment 11996 [details] Procedure to grant all existing users the execute-right This attachment creates and calls a procedure to grant all existing users (select from mysql.user) the execute right for the table sys.*
I see a number of security issues with the procedure, I'll do a bit of tightening up and post an updated version soon.
No problem. I already thoght that there could be some thing which can be made better.
Created attachment 12053 [details] MySQL/MariaDB-procedure to create tools dbs New version of sys.create_tools_db
Tools can now create databases on tools-db and the replicated database servers (cf. https://wikitech.wikimedia.org/wiki/Nova_Resource:Tools/Help#Creating_databases).