Page 1 of 1
database permissions less is better?
Posted: Sun Nov 30, 2008 9:22 am
by mainegate
Anyone make any recommendations for giving user access to the database? Besides myself I obviously don't want to give anyone more than a SELECT and UPDATE. However, my question is should I have different connects for different situations that have different privelages?
For example: I'm checking user credentials. I would use the SELECT only permission and include that config file. However, If I'm updating some contact info then I would use the SELECT and UPDATE permission.
Does this sound right? Or should I give everything one config file with SELECT and UPDATE? I think I know my answer but I just want to run it by you studs first before I move on to the next stupid question.
Re: database permissions less is better?
Posted: Sun Nov 30, 2008 11:45 am
by Yossarian
Sounds pretty reasonable to me.
I think of them as readonly permissions, which is what I mostly use for public views.
But really, if you have an admin person able to set permissions for others, then they have to be able to delete them too.
Unless you hold with the philosophy that you should generally delete nothing, just have a flag like display = 0.
If youre real paranoid you can all the admin-ner to only delete on named tables, which I guess you know.
Re: database permissions less is better?
Posted: Sun Nov 30, 2008 12:24 pm
by mainegate
I have people upload files and they can delete them if they don't want them anymore. I figure don't want to give people permission to delete in db nor delete on the server. Plus, what if they delete something that is really important to them...I can restore it if they really want it. Then run a script that checks when the file was deleted by the user and then if so many days (a month or something) then it deletes it from the db and the server.
Sound right? What do you mean by display=0 ? Is this another column in the db and when querying use this in the WHERE to only display the actual things they want? Then when they say delete it changes it to 1?
Re: database permissions less is better?
Posted: Sun Nov 30, 2008 1:58 pm
by Yossarian
mainegate wrote:...I can restore it if they really want it....
snip
Sound right? What do you mean by display=0 ? Is this another column in the db and when querying use this in the WHERE to only display the actual things they want? Then when they say delete it changes it to 1?
I was thinking of the other way round actually , "select * from articles where .... blah AND display = 1 " - in which case you'd probably make display a null field.
That way you've always got an undo option available to you.