Webmin --> Servers --> MySQL --> User Permissions:
htoday localhost XXXXXencryted pswdXXXXXXXXXX None
Webmin --> Servers --> MySQL --> Database permissions
xoops_108 htoday localhost
Select | Insert | Update | Delete | Create | Drop | Grant | References | Index | Alter | Create temp | Lock | Create View | Show View | Create Routine | Alter Routine | Execute
OK now, maybe I’m getting it. Let me feed back my (mis) understanding:
MySQL allows you to set permissions for a user at a global level, this is done in
Webmin–>Servers–>MySQL–>User permissions. if you grant permissions there, then you are in effect giving that user permissions for all MySQL database on your server. Y/N?
(This would explain why, when I log into phpMySQL admin with some users, the can see and edit all the data bases… because I have added them wrongly there…
If you then go to Webmin -->Servers–>MySQL–> Database permissions and add a user to a particular database, you can also set permission for that user for specific database, even though he has already been granted permissions in the User Permissions UI.
Question: Permissions given for a particular user for a particular database does or does not over ride his permissions as set in User Permissions?
VirtualMin --> Edit Users --> Other permissions --> database access. Only allows access to the database, but does not actually offer you any option to edit his specific permissions (the field with the list of “granular” permissions, does not appear there for htoday)
ergo: goal, permit a given user to see only one database and not be able to see or edit any others. You must
- first add him as a User under User Permissions, but set those permissions to “none”,
- OR add that user in VirtualMin and give him access to databases, in which case
a) he will default to being allow to edit any databases attached to that domain
b) he will appear in the MySQL Users with permissions “None” # yes, tried it and we see him
katir.devtoday localhost PASSWD** None
c) He also appears (I thought not, but you have to leave that area and refresh the browser to see the added user) now appears in Database permissions as assigned rights to htoday’s databases with permissions “All”
so if you wanted to fine tune his permission you would need to do it there, even though you added him via VirtualMin.
So, clearly, the optimum method will be to add any new users thru the VirtualMin Interface for the particular VirtualServer you want them to collaborate on with you. Then go and turn off stuff like “super user” and “drop tables” etc in Webmin, if you want to constrain them.
If you add a user from the “back end” via Webmin–>MySQL server, then they are not associated with the virtual domain, but will have access to the databases they are assigned to (“None” in User Permissions block global acccess; then adding them in Database permissions give discreet access.)
Hmm, I think I’m close to getting the picture. If you see any flaws in the above, let me know.