Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Essentials

A single database user can be used to grant access to the BL product databases. By default the BL products will try to connect using the root user that always exists in the MySQL installation. Recent versions of MySQL server install without access to the root user from outside the localhost (i.e. it cannot be used from any other server except its own.) Your options then at this point include:

  • granting access to the root user from any server/host by using the wildcard syntax % as the host name
  • granting access to the root user from the specific hosts you know you will run Flow and/or other BL apps on (Eg. RSS Reader, Weather Reader, etc)
  • creating a new user with the required privileges

 

Create new user
CREATE USER 'BL' IDENTIFIED BY 'bl-password';  -- make your own password 

 

Required Privileges

You may create a single user that provides access for both Flow and any other BL apps you are using.

Flow

Flow requires an extensive set of privileges to allow it to update the database schema during installation and/or upgrades as well as managing the data in use.

Grant access to only superticker for user named BL
GRANT 
	ALTER,
	ALTER ROUTINE,
	CREATE,
	CREATE ROUTINE,
	CREATE TEMPORARY TABLES,
	CREATE VIEW,
	DELETE,
	DROP,
	EXECUTE,
	INDEX,
	INSERT,
	LOCK TABLES,
	SELECT,
	SHOW VIEW,
	TRIGGER,
	UPDATE
ON superticker.* -- to superticker tables only
TO 'BL';

BL Apps

You could use the same user for both Flow and the BL apps. If you wish to separate them note that most BL apps run with a much more limited privilege requirements.

Grant access to only superticker for user BL (apps/agents)
GRANT 
	DELETE,
	EXECUTE,
	INSERT,
	LOCK TABLES,
	SELECT,
	TRIGGER,
	UPDATE
ON superticker.* -- to superticker tables only
TO 'BL';

Suspending Privileges

You may want to temporarily disable the access to the database. In that case you would use a REVOKE command:

Remove Privileges from the superticker database from the BL user
REVOKE ALL PRIVILEGES ON superticker.* FROM 'BL';

 

Replication Privileges

In situations where you want to use replication to provide a ongoing backup source you need additional privileges.

Replication User

You may choose to grant the privileges to an existing user or create a specific user for replication on the master/primary server. That account will need only the global REPLICATION SLAVE privilege.

Privileges required by a replication user
GRANT REPLICATION SLAVE 
	ON *.* 
TO 'BLreplicator';

 

Replication Monitoring

The DMan app can be used in scenarios with replication to provide status monitoring. To do so it will require the additional privilege

  • REPLICATION CLIENT

Having this privilege will allow it to report the status of the replication server.
NOTE that this privilege can only be granted at the global level and not specific database on the server:

Replication Client set at global level - not database specific
GRANT REPLICATION CLIENT
	ON *.* 
TO 'BL';

This privilege must be granted to the user on the server where the status is being monitored.

In this section:

Unable to render {include} The included page could not be found.

 

Unable to render {include} The included page could not be found.

  • No labels