Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

mysql user row level access

Tags:

mysql

Have a database with the following

id | userid | name
1  |    1   | John
2  |    1   | John
3  |    2   | Joe
4  |    2   | Joe
5  |    2   | Joe
6  |    3   | Sue
7  |    3   | Sue

I need to get a way that I can create a database, then create users. Each user that I create in mysql limit them to access of data for their userid. Every database table in the database has the userid value.

So whether they are reading ,updating, insert or delete. If it is going through a specific mysql user that I attached to that database, I want that user to only read, update, insert or delete where their userid is.

I have read some things on mysql triggers but have not found anything that will work for me.

We have a backend that has data in it and restricted by userid.

The website pulls data from that table based in userid so select * from articles where userid=1. Right now, that code is modifiable by the user. I would like a way to go select * from articles and mysql only results rows that have userid=1 for that mysql user. The goal would be for every user to have their own mysql user login to the mysql database that would restrict to that specific value of userid that is theirs.

Any thoughts? Thanks so much!

like image 326
John Avatar asked Feb 27 '13 05:02

John

2 Answers

GoogleResult[0] has this:

http://www.sqlmaestro.com/resources/all/row_level_security_mysql/

Abstract

The article contains a step-by-step guide to implementation of row level security in MySQL 5.0 and higher using such MySQL features as views and triggers.

like image 70
gahooa Avatar answered Nov 15 '22 07:11

gahooa

Well! i will suggest to make a table for that. For the whole application

user_rights

id  |   user_id |   insert  |   update | delete | read
1   |   2       |   0       |   0      |    0   |   1

Note : 1 for allowed and 0 for disallowed.

Now before you do anything first check the rights then perform other actions.

Detailed method including parts of application :

screens

id  |   title
1   |   articles
2   |   blog

user_rights

id  |   user_id |   insert  |   update | delete | read  |   screen_id
1   |   2       |   1       |   0      |    0   |   1   |       1
2   |   2       |   0       |   0      |    0   |   1   |       2

In this method you can allow screen level access. User id 2 can add and view articles and he can aslo view blog but. I may be using inappropriate terms here but i hope you get the idea.

like image 42
Muhammad Raheel Avatar answered Nov 15 '22 07:11

Muhammad Raheel
Sign in to Comment

Related questions

MySQL / PHP storing a formula
How to do pivot table without knowledge of columns
MySQL - for every ID in the list select 2 last element
Superscript character in PHP causing a MySQLi select query to find 0 rows
mysqli::mysqli(): php_network_getaddresses: getaddrinfo failed: Name or service not known [duplicate]
SHOW TABLES or INFORMATION_SCHEMA
MySQL connection lost: system error: 110
Persisted date in database not equal to retrieved date
Mysql joins and concatenate
Database query to fetch last message from every user (like facebook messages)
Error: ER_BAD_FIELD_ERROR: Unknown column 'asd123' in 'field list' in node js
Why won't my query use the index on my datetime field?
How do I retrieve a list of created IDs for bulk insert in Active Record?
Prefix and suffix wildcards in mysql full text search
MySQL but don't know the column names before hand
SQL Get common values by grouping rows
MySQL Select : where time is greater then and less than time
MYSQL Select One Random record from each Category
NameError: global name 'create_engine' is not defined [when trying to create a SQLAlchemyJobStore]
Create a unique and seemingly random 5 character string

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!