From 44d9929f3c800e6d649fbc8a7307b09f8a9414b6 Mon Sep 17 00:00:00 2001 From: Markus Makela Date: Mon, 7 Mar 2016 20:27:56 +0200 Subject: [PATCH] Updated documentation about new grants required by MaxScale The documentation now mentions the additional SELECT privileges that are needed on the `mysql.tables_priv` table. --- Documentation/Changelog.md | 3 +++ Documentation/Getting-Started/Configuration-Guide.md | 9 ++++++--- Documentation/Tutorials/MaxScale-Tutorial.md | 6 +++++- 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/Documentation/Changelog.md b/Documentation/Changelog.md index 2a66c75fb..a77df238e 100644 --- a/Documentation/Changelog.md +++ b/Documentation/Changelog.md @@ -1,5 +1,8 @@ #Changelog +## MaxScale 1.4 +* Authentication now allows table level resolution of grants. MaxScale service users will now need SELECT privileges on `mysql.tables_priv` to be able to authenticate users at the database and table level. + ## MaxScale 1.3 * Added support for persistent backend connections * The *binlog server* is now an integral component of MaxScale. diff --git a/Documentation/Getting-Started/Configuration-Guide.md b/Documentation/Getting-Started/Configuration-Guide.md index b15a86218..04ad8ab48 100644 --- a/Documentation/Getting-Started/Configuration-Guide.md +++ b/Documentation/Getting-Started/Configuration-Guide.md @@ -370,19 +370,22 @@ In order for MaxScale to obtain all the data it must be given a username it can The account used must be able to select from the mysql.user table, the following is an example showing how to create this user. ``` -MariaDB [mysql]> create user 'maxscale'@'maxscalehost' identified by 'Mhu87p2D'; +MariaDB [mysql]> CREATE USER 'maxscale'@'maxscalehost' IDENTIFIED BY 'Mhu87p2D'; Query OK, 0 rows affected (0.01 sec) -MariaDB [mysql]> grant SELECT on mysql.user to 'maxscale'@'maxscalehost'; +MariaDB [mysql]> GRANT SELECT ON mysql.user TO 'maxscale'@'maxscalehost'; Query OK, 0 rows affected (0.00 sec) ``` -Additionally, `GRANT SELECT` on the `mysql.db` table and `SHOW DATABASES` privileges are required in order to load databases name and grants suitable for database name authorization. +Additionally, `SELECT` privileges on the `mysql.db` and `mysql.tables_priv` tables and `SHOW DATABASES` privileges are required in order to load databases name and grants suitable for database name authorization. ``` MariaDB [(none)]> GRANT SELECT ON mysql.db TO 'maxscale'@'maxscalehost'; Query OK, 0 rows affected (0.00 sec) +MariaDB [(none)]> GRANT SELECT ON mysql.tables_priv TO 'maxscale'@'maxscalehost'; +Query OK, 0 rows affected (0.00 sec) + MariaDB [(none)]> GRANT SHOW DATABASES ON *.* TO 'maxscale'@'maxscalehost'; Query OK, 0 rows affected (0.00 sec) ``` diff --git a/Documentation/Tutorials/MaxScale-Tutorial.md b/Documentation/Tutorials/MaxScale-Tutorial.md index 1e7f37590..fde494d31 100644 --- a/Documentation/Tutorials/MaxScale-Tutorial.md +++ b/Documentation/Tutorials/MaxScale-Tutorial.md @@ -42,12 +42,16 @@ MariaDB [(none)]> grant SELECT on mysql.user to '*username*'@'*maxscalehost*'; **Query OK, 0 rows affected (0.03 sec)** ``` -Additionally, GRANT SELECT on the mysql.db table and SHOW DATABASES privileges are required in order to load databases name and grants suitable for database name authorization. +Additionally, `SELECT` privileges on the `mysql.db` and `mysql.tables_priv` tables and `SHOW DATABASES` privileges are required in order to load databases name and grants suitable for database name authorization. ``` MariaDB [(none)]> GRANT SELECT ON mysql.db TO 'username'@'maxscalehost'; **Query OK, 0 rows affected (0.00 sec)** +MariaDB [(none)]> GRANT SELECT ON mysql.tables_priv TO 'username'@'maxscalehost'; + +**Query OK, 0 rows affected (0.00 sec)** + MariaDB [(none)]> GRANT SHOW DATABASES ON *.* TO 'username'@'maxscalehost'; **Query OK, 0 rows affected (0.00 sec)**