Mysql permissions for apollo user

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Mysql permissions for apollo user

Ohm, R.A. (Robin)
Hi,

I'm planning to migrate the mysql database that is used by apollo to
another mysql server (which is maintained by the IT staff of the
university). I tried to create a user 'apollo' who only has access to
the apollo database on that mysql server, but I it turns out that I
can't simply do a 'GRANT ALL ON apollo_db.*' for that user (presumably
because I don't have all permissions myself). So my question is: what
mysql permissions does the apollo user need for webapollo to function
correctly? SELECT, UPDATE, INSERT, CREATE, anything else?

Thanks for your help. Best regards,

Robin

--
Robin A. Ohm, PhD | Assistant Professor | Microbiology | Utrecht University
Kruyt Building | Room W402 | Padualaan 8 | 3584 CH | Utrecht | The Netherlands | +31 (0) 30 2533016





This list is for the Apollo Annotation Editing Tool. Info at http://genomearchitect.org/
If you wish to unsubscribe from the Apollo List: 1. From the address with which you subscribed to the list, send a message to [hidden email] | 2. In the subject line of your email type: unsubscribe apollo | 3. Leave the message body blank.

Reply | Threaded
Open this post in threaded view
|

Re: Mysql permissions for apollo user

Colin
Hi Robin

I haven't fully evaluated the minimum privileges needed for production, but I just tested it out with a low privileged user and it looks like it also needs  "ALTER, REFERENCES, INDEX" when starting up.

You could probably remove those after booting up though too, leaving only "SELECT, UPDATE, INSERT", I doubt it would do any other dynamic things at runtime.

Then when you upgrade apollo, you can just re-enable the ALTER, CREATE, DROP, INDEX temporarily during a database migration.


-Colin

On Fri, Feb 26, 2016 at 8:20 AM, Robin A. Ohm <[hidden email]> wrote:
Hi,

I'm planning to migrate the mysql database that is used by apollo to another mysql server (which is maintained by the IT staff of the university). I tried to create a user 'apollo' who only has access to the apollo database on that mysql server, but I it turns out that I can't simply do a 'GRANT ALL ON apollo_db.*' for that user (presumably because I don't have all permissions myself). So my question is: what mysql permissions does the apollo user need for webapollo to function correctly? SELECT, UPDATE, INSERT, CREATE, anything else?

Thanks for your help. Best regards,

Robin

--
Robin A. Ohm, PhD | Assistant Professor | Microbiology | Utrecht University
Kruyt Building | Room W402 | Padualaan 8 | 3584 CH | Utrecht | The Netherlands | <a href="tel:%2B31%20%280%29%2030%202533016" value="+31302533016" target="_blank">+31 (0) 30 2533016





This list is for the Apollo Annotation Editing Tool. Info at http://genomearchitect.org/
If you wish to unsubscribe from the Apollo List: 1. From the address with which you subscribed to the list, send a message to [hidden email] | 2. In the subject line of your email type: unsubscribe apollo | 3. Leave the message body blank.







This list is for the Apollo Annotation Editing Tool. Info at http://genomearchitect.org/
If you wish to unsubscribe from the Apollo List: 1. From the address with which you subscribed to the list, send a message to [hidden email] | 2. In the subject line of your email type: unsubscribe apollo | 3. Leave the message body blank.

Reply | Threaded
Open this post in threaded view
|

Re: Mysql permissions for apollo user

nathandunn
In reply to this post by Ohm, R.A. (Robin)

It will need to create / alter tables, sequences, and indexes.  

Nathan Dunn, PhD
Berkeley Bioinformatics Open-source Projects (BBOP)
Genomics Division, Lawrence Berkeley National Laboratory
[hidden email]


> On Feb 26, 2016, at 6:20 AM, Robin A. Ohm <[hidden email]> wrote:
>
> Hi,
>
> I'm planning to migrate the mysql database that is used by apollo to another mysql server (which is maintained by the IT staff of the university). I tried to create a user 'apollo' who only has access to the apollo database on that mysql server, but I it turns out that I can't simply do a 'GRANT ALL ON apollo_db.*' for that user (presumably because I don't have all permissions myself). So my question is: what mysql permissions does the apollo user need for webapollo to function correctly? SELECT, UPDATE, INSERT, CREATE, anything else?
>
> Thanks for your help. Best regards,
>
> Robin
>
> --
> Robin A. Ohm, PhD | Assistant Professor | Microbiology | Utrecht University
> Kruyt Building | Room W402 | Padualaan 8 | 3584 CH | Utrecht | The Netherlands | +31 (0) 30 2533016
>
>
>
>
> This list is for the Apollo Annotation Editing Tool. Info at http://genomearchitect.org/
> If you wish to unsubscribe from the Apollo List: 1. From the address with which you subscribed to the list, send a message to [hidden email] | 2. In the subject line of your email type: unsubscribe apollo | 3. Leave the message body blank.
>





This list is for the Apollo Annotation Editing Tool. Info at http://genomearchitect.org/
If you wish to unsubscribe from the Apollo List: 1. From the address with which you subscribed to the list, send a message to [hidden email] | 2. In the subject line of your email type: unsubscribe apollo | 3. Leave the message body blank.

Reply | Threaded
Open this post in threaded view
|

RE: Mysql permissions for apollo user

Ohm, R.A. (Robin)
Thanks guys, this is very useful info.

Best regards, Robin

Robin A. Ohm, PhD | Assistant Professor | Microbiology | Utrecht University
Kruyt Building | Room W402 | Padualaan 8 | 3584 CH | Utrecht | The Netherlands | +31 (0) 30 2533016


From: [hidden email] [[hidden email]] on behalf of Nathan Dunn [[hidden email]]
Sent: Friday, February 26, 2016 21:17
To: [hidden email]
Subject: Re: [apollo] Mysql permissions for apollo user


It will need to create / alter tables, sequences, and indexes. 

Nathan Dunn, PhD
Berkeley Bioinformatics Open-source Projects (BBOP)
Genomics Division, Lawrence Berkeley National Laboratory
[hidden email]


> On Feb 26, 2016, at 6:20 AM, Robin A. Ohm <[hidden email]> wrote:
>
> Hi,
>
> I'm planning to migrate the mysql database that is used by apollo to another mysql server (which is maintained by the IT staff of the university). I tried to create a user 'apollo' who only has access to the apollo database on that mysql server, but I it turns out that I can't simply do a 'GRANT ALL ON apollo_db.*' for that user (presumably because I don't have all permissions myself). So my question is: what mysql permissions does the apollo user need for webapollo to function correctly? SELECT, UPDATE, INSERT, CREATE, anything else?
>
> Thanks for your help. Best regards,
>
> Robin
>
> --
> Robin A. Ohm, PhD | Assistant Professor | Microbiology | Utrecht University
> Kruyt Building | Room W402 | Padualaan 8 | 3584 CH | Utrecht | The Netherlands | +31 (0) 30 2533016
>
>
>
>
> This list is for the Apollo Annotation Editing Tool. Info at http://genomearchitect.org/
> If you wish to unsubscribe from the Apollo List: 1. From the address with which you subscribed to the list, send a message to [hidden email] | 2. In the subject line of your email type: unsubscribe apollo | 3. Leave the message body blank.
>





This list is for the Apollo Annotation Editing Tool. Info at http://genomearchitect.org/
If you wish to unsubscribe from the Apollo List: 1. From the address with which you subscribed to the list, send a message to [hidden email] | 2. In the subject line of your email type: unsubscribe apollo | 3. Leave the message body blank.





This list is for the Apollo Annotation Editing Tool. Info at http://genomearchitect.org/
If you wish to unsubscribe from the Apollo List: 1. From the address with which you subscribed to the list, send a message to [hidden email] | 2. In the subject line of your email type: unsubscribe apollo | 3. Leave the message body blank.