MySQL 8.0 : Roles
1 like276 views
This document discusses the introduction of roles in MySQL 8.0. Roles are containers for privileges that make administration easier by grouping privileges and allowing them to be granted to and revoked from users more easily. Roles do not allow login but are otherwise similar to users. The document outlines how roles are created, privileges are assigned to them, and roles are granted to and activated for users. It also discusses how information about roles and the role graph can be viewed.
Ad
More Related Content
What's hot (20)
Viewers also liked (19)
Ad
Similar to MySQL 8.0 : Roles (20)
Ad
Recently uploaded (20)
![Download Wondershare Filmora Crack [2025] With Latest](https://cdn.slidesharecdn.com/ss_thumbnails/neo4j-howkgsareshapingthefutureofgenerativeaiatawssummitlondonapril2024-240426125209-2d9db05d-250419-250428115407-a04afffa-thumbnail.jpg?width=560&fit=bounds)
![Get & Download Wondershare Filmora Crack Latest [2025]](https://cdn.slidesharecdn.com/ss_thumbnails/revolutionizingresidentialwi-fi-250422112639-60fb726f-250429170801-59e1b240-thumbnail.jpg?width=560&fit=bounds)
![Pixologic ZBrush Crack Plus Activation Key [Latest 2025] New Version](https://cdn.slidesharecdn.com/ss_thumbnails/fashionevolution2-250322112409-f76abaa7-250428124909-b51264ff-250504160528-fc2bb1c5-thumbnail.jpg?width=560&fit=bounds)
MySQL 8.0 : Roles
- 2. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | MySQL 8.0 : Roles Harin Vadodaria, Developer, MySQL Server General Team December 16, 2016
- 3. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 3
- 4. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Program Agenda Roles in MySQL 8 Questions & Answers 1 2 4
- 5. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles - Introduction • Containers for privileges – Can contain variety of privileges and/or other roles • Grantable – just like regular privileges • Usually – without ability to login – But pretty similar to users otherwise. Confidential – Oracle Internal/Restricted/Highly Restricted 5
- 6. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles - Introduction • Makes administration easier • Less complicated grant structure • Easy to add/remove privileges Confidential – Oracle Internal/Restricted/Highly Restricted 6
- 7. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles – In MySQL • Shares namespace with users – Logically similar to a user account : Albeit without ability to login – Information is stored in mysql.user table • Grant information • Who is granted What and How? • From mysql.roles_edges table • Role activation information • Which role is to be activated by default? • From mysql.default_roles table Confidential – Oracle Internal/Restricted/Highly Restricted 7
- 8. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles – In MySQL • Internals – AuthorizationID: <user_identifier>@<host_identifier> • Both, user and role are AuthorizationID • Identical privilege representation – Role graph is constructed using boost graph library – Breadth-first search of roles for privilege checking – New caching mechanism to boost privilege information retrieval in case of roles Confidential – Oracle Internal/Restricted/Highly Restricted 8
- 9. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles – Creating/Deleting roles • CREATE ROLE roleA; – Creates a placeholder in mysql.user as a locked account – roleA is not actually a role unless it is granted • Syntax variations – IF NOT EXISTS – Creating multiple roles • DROP ROLE roleA; – Removes roleA from database – Including roleA’s grants and default activation instructions if any • Syntax variations – IF EXISTS – Dropping multiple roles Confidential – Oracle Internal/Restricted/Highly Restricted 9
- 10. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles – Privilege Assignment • GRANT SELECT ON *.* TO roleA; – Just like grants for user • Syntax variations – Grant to multiple roles – Supports different privilege levels • Global • Schema • Object and Sub-object • REVOKE SELECT ON *.* FROM roleA; • Syntax variations – Revoke privileges from multiple roles Confidential – Oracle Internal/Restricted/Highly Restricted 10
- 11. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles – Management • GRANT roleA TO userA; – Grants roleA to userA – Makes it possible for userA to inherit roleA’s properties • Syntax variations – Grant multiple roles to multiple users/roles – WITH ADMIN OPTION • More on that later! • REVOKE roleA FROM userA; – Revokes roleA from userA • Syntax variations – Revoke multiple roles from multiple users/roles Confidential – Oracle Internal/Restricted/Highly Restricted 11
- 12. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles – Management • Roles hierarchy – Possible to grant roles to other roles – Facilitates composition Confidential – Oracle Internal/Restricted/Highly Restricted 12
- 13. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles – Management • WITH ADMIN OPTION – Delegates ability to control a role – Create lesser admins to manage subset of roles Confidential – Oracle Internal/Restricted/Highly Restricted 13 GRANT roleA TO userA WITH ADMIN OPTION GRANT roleA TO userB
- 14. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles – Activation/Deactivation • Principle of least privilege : Don’t always use the big guns! • SET ROLE roleA – Roles are not active by default • Syntax variations – SET ROLE <role_list> – SET ROLE ALL • SET ROLE NONE – Deactivate all active roles Confidential – Oracle Internal/Restricted/Highly Restricted 14
- 15. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles – Activation/Deactivation Confidential – Oracle Internal/Restricted/Highly Restricted 15
- 16. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles – Default Activation • Activate common minimum set by default – SET DEFAULT ROLE roleA TO userA | ALTER USER userA SET DEFAULT ROLE roleA – Roles are activated automatically upon successful login – Possible to activate multiple roles by default Confidential – Oracle Internal/Restricted/Highly Restricted 16
- 17. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles – Information • New extension: SHOW GRANTS FOR <user> USING <role> Confidential – Oracle Internal/Restricted/Highly Restricted 17 • SHOW GRANTS – Direct grants • SHOW GRANTS … USING … – Direct grants + grants from given role
- 18. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Roles – Information • ROLES_GRAPHML() : graphml representation of entire role graph Confidential – Oracle Internal/Restricted/Highly Restricted 18
- 19. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Questions & Answers
- 20. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 20