Turning Good Theory into Practice
Permissions are based on a hash table (generated per user) that contains a table name, and a comma separated list of MySQL privileges. As a result, a user can only have one privilege set per table. With this restriction, and the possibility to configure conflicting permission sets, Database Permissioner has two behaviors to be aware of.
Thus, if a user class is assigned SELECT permissions to a table, and subsequently an individual user in that class is assigned ALL permissions, the user will have ALL permissions. Please be mindful of the ordering of permissions to ensure no unwanted access is allowed.
To add a custom permission:
To remove a custom permission:
Note: The delete operation is row based. Right-clicking in a single cell will not trigger the delete process.
To assist in the debugging of permission assignment the plugin logs the assigned permissions to it’s log file each time it runs. For on-premise servers the log file can be found in the following location:
Also, any privileged MySQL account can view the user-level permissions on a table. The query is as follows:
select group_concat(user,": ",table_priv, '\r\n') FROM mysql.tables_priv WHERE DB LIKE 'labtech' AND Table_name LIKE '<custom_table_name>';
For any partners without direct access to the database these commands are able to be run from a script (included in the plugin download):