Updated documentation about new grants required by MaxScale

The documentation now mentions the additional SELECT privileges that are needed
on the `mysql.tables_priv` table.
This commit is contained in:
Markus Makela
2016-03-07 20:27:56 +02:00
parent fd34cd4014
commit 44d9929f3c
3 changed files with 14 additions and 4 deletions

View File

@ -1,5 +1,8 @@
#Changelog #Changelog
## MaxScale 1.4
* Authentication now allows table level resolution of grants. MaxScale service users will now need SELECT privileges on `mysql.tables_priv` to be able to authenticate users at the database and table level.
## MaxScale 1.3 ## MaxScale 1.3
* Added support for persistent backend connections * Added support for persistent backend connections
* The *binlog server* is now an integral component of MaxScale. * The *binlog server* is now an integral component of MaxScale.

View File

@ -370,19 +370,22 @@ In order for MaxScale to obtain all the data it must be given a username it can
The account used must be able to select from the mysql.user table, the following is an example showing how to create this user. The account used must be able to select from the mysql.user table, the following is an example showing how to create this user.
``` ```
MariaDB [mysql]> create user 'maxscale'@'maxscalehost' identified by 'Mhu87p2D'; MariaDB [mysql]> CREATE USER 'maxscale'@'maxscalehost' IDENTIFIED BY 'Mhu87p2D';
Query OK, 0 rows affected (0.01 sec) Query OK, 0 rows affected (0.01 sec)
MariaDB [mysql]> grant SELECT on mysql.user to 'maxscale'@'maxscalehost'; MariaDB [mysql]> GRANT SELECT ON mysql.user TO 'maxscale'@'maxscalehost';
Query OK, 0 rows affected (0.00 sec) Query OK, 0 rows affected (0.00 sec)
``` ```
Additionally, `GRANT SELECT` on the `mysql.db` table and `SHOW DATABASES` privileges are required in order to load databases name and grants suitable for database name authorization. Additionally, `SELECT` privileges on the `mysql.db` and `mysql.tables_priv` tables and `SHOW DATABASES` privileges are required in order to load databases name and grants suitable for database name authorization.
``` ```
MariaDB [(none)]> GRANT SELECT ON mysql.db TO 'maxscale'@'maxscalehost'; MariaDB [(none)]> GRANT SELECT ON mysql.db TO 'maxscale'@'maxscalehost';
Query OK, 0 rows affected (0.00 sec) Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT SELECT ON mysql.tables_priv TO 'maxscale'@'maxscalehost';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT SHOW DATABASES ON *.* TO 'maxscale'@'maxscalehost'; MariaDB [(none)]> GRANT SHOW DATABASES ON *.* TO 'maxscale'@'maxscalehost';
Query OK, 0 rows affected (0.00 sec) Query OK, 0 rows affected (0.00 sec)
``` ```

View File

@ -42,12 +42,16 @@ MariaDB [(none)]> grant SELECT on mysql.user to '*username*'@'*maxscalehost*';
**Query OK, 0 rows affected (0.03 sec)** **Query OK, 0 rows affected (0.03 sec)**
``` ```
Additionally, GRANT SELECT on the mysql.db table and SHOW DATABASES privileges are required in order to load databases name and grants suitable for database name authorization. Additionally, `SELECT` privileges on the `mysql.db` and `mysql.tables_priv` tables and `SHOW DATABASES` privileges are required in order to load databases name and grants suitable for database name authorization.
``` ```
MariaDB [(none)]> GRANT SELECT ON mysql.db TO 'username'@'maxscalehost'; MariaDB [(none)]> GRANT SELECT ON mysql.db TO 'username'@'maxscalehost';
**Query OK, 0 rows affected (0.00 sec)** **Query OK, 0 rows affected (0.00 sec)**
MariaDB [(none)]> GRANT SELECT ON mysql.tables_priv TO 'username'@'maxscalehost';
**Query OK, 0 rows affected (0.00 sec)**
MariaDB [(none)]> GRANT SHOW DATABASES ON *.* TO 'username'@'maxscalehost'; MariaDB [(none)]> GRANT SHOW DATABASES ON *.* TO 'username'@'maxscalehost';
**Query OK, 0 rows affected (0.00 sec)** **Query OK, 0 rows affected (0.00 sec)**