Server Installation : Saada can be used with a remote MySQL server, but the server must have a read access to the repository directory.
Administrator Account : This account is named saadmin in this tutorial, but any other name can be chosen.
This account must have MySL superuser privileges (ALL PRIVILEGES granted).
The role can be created by the command below. Connection options are required if the Mysql server runs on a remote machine. We stronly advice to setup a password for this account.
mysql -u root [connection options] -p
Enter password:******
mysql>CREATE USER saadmin@localhost IDENTIFIED BY 'password';
mysql>GRANT ALL PRIVILEGES ON *.* TO 'saadmin'@localhost ;
mysql>GRANT GRANT OPTION ON *.* TO 'saadmin'@localhost ;
|
On MySQL, the user privileges can be restricted to connections initiated from one specified host. This feature can be very helpful to secure an installation.
The saadmin password is not stored within Saada. It is prompted at each connection.
Client Account : This account is named reader in this tutorial, but any other name can be chosen.
This account is used by the web server or by the API to access the SaadaDB. It just requires the login privilege. SQL tables created by Saada can not be altered by this user.
The role can be created by the command below. Connection options are required if the MYSQL server runs on a remote machine.
mysql -u root [connection options] -p
Enter password:******
mysql> CREATE USER reader@localhost [IDENTIFIED BY 'password'];
mysql> GRANT SELECT,EXECUTE ON *.* TO reader@localhost ;
|
The account setup is validated at SaadaDB creation time.
2 Mysql databases are created by Saada when Mysql is used. The first has the same name as the SaadaDB. All data and meta-data are stored there. The second, named SAADA_DB_NAME_tempo, is used to store temporary tables. This distinction has been made necessary for security reasons. That was the only way to avoid reader to write into the database. last update 2009-06-25
|