EssentialsA single database user can be used to grant access to the BL product databases. By default the some BL products will try to connect using the root user that always exists in the MySQL installation. Recent versions of MySQL server install without access to the root user from outside the localhost (i.e. it cannot be used from any other server except its own.) To support this Flow version 7.1.4.4 for Super Ticker and Flow for Brando version 7.5.4.2 now create 2 new users for our apps to connect with (Player and Updater) Your options then at this point include: - use the Flow installer created users - Player and Updater instead of root
- granting access to the root user from any server/host by using the wildcard syntax % as the host namesee the Remote Privileges section below...
- granting access to the root user from the specific hosts you know you will run Flow and/or other BL apps on (Eg. RSS Reader, Weather Reader, etc)
- creating a new user with the required privileges and assigning it to the apps in setup
| Code Block |
|---|
| language | sql |
|---|
| title | Create new user |
|---|
| CREATE USER 'BL' IDENTIFIED BY 'bl-password'; -- make your own password |
Remote Privileges and Granting Player Access to the DBSupporting AppsDuring the MySQL install, the user will be is no longer asked if they would like to allow remote access for the root user. It is important to allow this so that players, and other apps that are not running on the master server can access the database. If the players are having a problem accessing the database Limiting root access to the local machine only is a good security practice. To support this Flow (version 7.1.4.4 for Super Ticker and Flow for Brando version 7.5.4.2) now create 2 users for our apps to use to connect with by default - Player
- is read-only with updates only allowed for a few select reporting tables
- Updater
The simplest but least secure option used in the past was to simply provide access to the database from remote systems use the following commands to enable non-local access for the root user account. | Code Block |
|---|
| language | sql |
|---|
| theme | RDark | language | sql |
|---|
| UPDATE mysql.user SET host = '%' WHERE host = '127.0.0.1' AND user == 'root';
FLUSH PRIVILEGES; |
Required PrivilegesYou may create a single user that provides access for both Flow and any other BL apps you are using. FlowFlow requires an extensive set of privileges to allow it to update the database schema during installation and/or upgrades as well as managing the data in use. | Code Block |
|---|
| language | sql |
|---|
| title | Grant access to only superticker for user named BL |
|---|
| GRANT
ALTER,
ALTER ROUTINE,
CREATE,
CREATE ROUTINE,
CREATE TEMPORARY TABLES,
CREATE VIEW,
DELETE,
DROP,
EXECUTE,
INDEX,
INSERT,
LOCK TABLES,
SELECT,
SHOW VIEW,
SUPER,
TRIGGER,
UPDATE
ON superticker.* -- to superticker tables only
TO 'BL';
GRANT
CREATE USER,
RELOAD,
SHOW DATABASES,
SUPER
ON *.*
TO 'BL'@'%' WITH GRANT OPTION; |
BL AppsYou could use the same user for both Flow and the BL apps. If you wish to separate them note that most BL apps run with a much more limited privilege requirements. | Code Block |
|---|
| language | sql |
|---|
| title | Grant access to only superticker for user BL (apps/agents) |
|---|
| GRANT
DELETE,
EXECUTE,
INSERT,
LOCK TABLES,
SELECT,
TRIGGER,
UPDATE
ON superticker.* -- to superticker tables only
TO 'BL'; |
Suspending PrivilegesYou may want to temporarily disable the access to the database. In that case you would use a REVOKE command: | Code Block |
|---|
| language | sql |
|---|
| title | Remove Privileges from the superticker database from the BL user |
|---|
| REVOKE ALL PRIVILEGES ON superticker.* FROM 'BL'; |
Replication PrivilegesIn situations where you want to use replication to provide a ongoing backup source you need additional privileges. Replication User for copying and monitoring |