Posted by Murdoc on 10/16/06 08:37

David Quinton wrote:

> On Sat, 14 Oct 2006 04:59:21 +0100, "toffee" <toffee@toffee.com>
> wrote:
>
> > i was wondering if its possible to do something with permissions in MySQL so
> > that a user can only see a restricted set of data in all the tables?
>
> Rescheme your data so that there is a different (set of) table/s for
> each user.
>
> Add a different MySql user for each user.
> Allocate MySql table per user table permissions.
> PHP script to change user/table name/s used for each logged-in user.

In my opinion, that is a lazy (and complicated) method of doing security. There is too
much duplication, and the resulting database schema would be illogical.Not to mention
the fact that a schema change in one of these 'duplicated' tables would require applying
the schema change multiple times.

Also, your solution does not provide an elegant method of hierachical security
(operators, supervisors, managers, etc).

--

[Back to original message]