Roles¶
Note
The following roles are available starting on revision 412
There are several definitions of roles in Charmed MySQL:
Predefined instance-level roles
Predefined database-level roles
See also
MySQL roles¶
MySQL does not provide any built-in roles for users to get permissions from.
Charmed MySQL instance-level roles¶
Charmed MySQL introduces the following instance-level predefined roles:
charmed_backup: used for thebackupsuser.charmed_stats: used for themonitoringuser.charmed_read: used to provide data read permissions to all databases.charmed_dml: used to provide data read / write permissions to all databases.charmed_ddl: used to provide schema modification permissions to all databases.charmed_dba: used to provide data, schema, and system configuration permissions to all databases.
Currently, charmed_backup cannot be requested through the relation as extra user roles.
mysql> SELECT host, user FROM mysql.user;
+-----------+------------------+
| host | user |
+-----------+------------------+
| ... | ... |
| % | charmed_backup |
| % | charmed_dba |
| % | charmed_ddl |
| % | charmed_dml |
| % | charmed_read |
| % | charmed_stats |
| ... | ... |
+-----------+------------------+
Additionally, the role charmed_router is available to ease the integration with Charmed MySQL Router.
This role contains all the necessary permissions for a MySQL Router relation user to operate.
Charmed MySQL database-level roles¶
Charmed MySQL also introduces database level roles, with permissions tied to each database that’s created.
Example for a database named test:
mysql> SELECT host, user FROM mysql.user WHERE user LIKE '%_test';
+-----------+------------------+
| host | user |
+-----------+------------------+
| % | charmed_dba_test |
+-----------+------------------+
The charmed_dba_<database> role contains every data and schema related permission, scoped to the database it references.