I'm building two applications which will share some data in common schema. I'm using MySQL as RDBMS. Here is my first schema (test_schema_1
):
And second (test_schema_2
):
I recently learned that I can do JOINs between multiple schemas. When I'm connected with root user (unlimited access to everything), I do:
SELECT * FROM
TEST_SCHEMA_2.USERS U
JOIN TEST_SCHEMA_1.MASTER_USERS MU ON U.MASTER_ID = MU.ID
JOIN TEST_SCHEMA_2.ROLES R ON U.ROLE_ID = R.ID
WHERE MU.APP_ID = '[email protected]';
And get what I expect! This looks very cool for me, as I'm thinking of going to production with this design.
But I'm a bit afraid of performance implications of such design? Is this a good idea? What if in future I decide to shard (in MongoDB terminology) the database on different machines?
Also, I'm wondering of security problems. Currently, I have a separate user for each schema:
Host Db User Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Grant_priv References_priv Index_priv Alter_priv Create_tmp_table_priv Lock_tables_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Execute_priv Event_priv Trigger_priv
% test_schema_1 t1 Y Y Y Y N N N N N N N N N N N N N N Y
localhost test_schema_1 t1 Y Y Y Y N N N N N N N N N N N N N N Y
% test_schema_2 t2 Y Y Y Y N N N N N N N N N N N N N N Y
localhost test_schema_2 t2 Y Y Y Y N N N N N N N N N N N N N N Y
So I expect that user t1
cannot read from test_schema_2
. But the query above works. He even can insert in test_schema_2
:
SELECT USER();
INSERT INTO TEST_SCHEMA_2.ROLES(ID, NAME) VALUES(4, 'TEST');
...
USER()
t1@localhost
-------------------------------------------
Updated Rows
1
What am I missing?
MySQL maintains a single set of buffers for all databases. With regards to performances, it does not matter whether tables are in different databases.
Your use case is boderline, but seems to be a reasonnable case for aggregating data from separate databases.
I would be careful with this architecture though. If your applications start sharing more than just a few tables, ask yourself whether these applications are really distinct applications, or rather modules of the same application. In the latter case, it would make sense to me to have all tables in one sigle database.
If you are concerned about security, then please note that most access rights may be granted on a per-table (or even per-column) basis.
First of all, you should adjust security settings. Probably, your users have granted access to all schemas. To keep things simple, try to invoke the following:
REVOKE ALL PRIVILEGES, GRANT OPTION from 't1','t2';
GRANT SELECT, INSERT, UPDATE, DELETE ON `test\_schema\_1`.* TO 't1';
GRANT SELECT, INSERT, UPDATE, DELETE ON `test\_schema\_2`.* TO 't2';
FLUSH PRIVILEGES;
The second part is about your schemas. Basically, this is not a problem to query different schemas. If you are confused about security issues, I would recommend you to switch your query to a procedure. And what is up to sharding, it is even less complicated to break apart different schemas.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With