Reputation: 653
How to give somebody access to only some MySQL tables when I cannot create a new MySQL user?
I am searching for the best solution of the following:
I need to give somebody access to one (out of many) specific database on my MySQL server through PhpMyAdmin or a similar tool.
I am not allowed to create a new MySQL user account.
Therefore I am thinking of creating a cover-up username and password (the credentials might be stored in some table or even directly in PHP somewhere around PMA), with which my somebody would log in to PMA.
PMA would use a securely stored real username and password to connect to my MySQL server. But my somebody would never see the actual database username and password. He would only see and be able to edit tables within the one specified database on my server.
Is this somehow achievable? Thank you!
Upvotes: 0
Views: 384
Answers (2)
Reputation: 12422
phpMyAdmin is not designed to work like this; it uses the MySQL authentication structure without imposing any additional login restrictions.
One part of your requirements (not sharing the actual username and password) might be solved by using the config or signon authentication method, but that still doesn't impose any additional restrictions on the user once they log in so they'd have the same access that your user account has.
Unfortunately for you, if you aren't able to create another user account it's going to be difficult to share the account without giving them the same level of access.
Upvotes: 0
Reputation: 562348
PMA has a configuration for this.
$cfg['Servers'][$i]['only_db']
Read about it in the documentation: https://docs.phpmyadmin.net/en/latest/config.html
But this does not restrict the privileges of the user. It only makes the user interface show a limited subset of databases to the user. If they know the name of some other databases (or can query them from INFORMATION_SCHEMA.SCHEMATA), they can still access those databases.
If you want to enforce privileges to only a few databases, you'll have to create a distinct MySQL user and limit their privileges with GRANT.
Re your comments:
It sounds like you need to store the MySQL credentials in your PMA config file (and set $cfg['Servers'][$i]['auth_type'] to 'config'). Then you can use Apache HTTP authentication to restrict access to your PMA site (or directory), and you can create multiple user credentials at the Apache level.
Upvotes: 1
Related Questions
- How can I restrict a MySQL user to a particular tables
- MySQL User Privileges - Restrict Users to some tables
- Grant user access to limited number of tables in MySQL
- Allow MySQL user with limited database access to create more users with similar access
- create phpmyadmin user for selected database access only
- Create new user in mysql with access to only certain databases
- create new user for mysql database and grant only certain priveledges
- How to create MySQL user with limited privileges?
- Grant [almost] all mySQL privileges for all but one/a few tables
- MySQL Granting privileges to a user