dbAddUserPriv --
grant a user access to all EELS databases
Synopsis
cc [flag ...] file ...
-kthread-leels [library] ...
#include <eelsdba.h>
int dbAddUserPriv( char *host,
char *user,
char *passwd,
unsigned int privs );
Description
dbAddUserPriv
grants a user access to all EELS databases. If a
any user has been granted privileges to a database using
dbAddDbPriv(3dba)
then privileges granted using this routine to not apply to
that database. That is, privileges granted on a per database
basis using dbAddDbPriv override privileges added
using dbAddUsePriv.
When a application connects to a database using
dbConnect(3dba)
the username is sent to the database server for authentication.
In the case of mySQL this is the login user name. If a user logs
into a machine and uses
su(1M)
to log in as another user, the username that the user used to
login will be sent to the database server. So this should be
kept in mind when diagnosing problems with database privileges.
A user can be granted a number of privileges to the
EELS databases. Privileges are passed to this
routine in the form of a bitmask. The bitmask is made up
by OR'ing together one or more of the privilege bits defined
in the table below.
User privilege bitmask values
Value
Description
DB_SELECT_PRIV
Allow records to be read from a database
DB_INSERT_PRIV
Allow records to be written to a database
DB_UPDATE_PRIV
Allow records to be modified in a database.
DB_DELETE_PRIV
Allow records to be deleted from a database
DB_CREATE_PRIV
Allow tables to be created in a database
DB_DROP_PRIV
Allow tables to be dropped from a database
If a user is going to be given privileges to add and delete
tables from a database (that is, DB_CREATE_PRIV
and DB_DROP_PRIV), then the user also needs to be
granted access to the EELS administrative database.
This can be done by using dbAddDbPriv to grant the
user access to the EELS_Admin database. For example,
to grant user ``foo'' access to the EELS_Admin
database call dbAddDbPriv as follows:
This enables user ``foo'' to select, insert, and delete
records from the EELS_Admin databases. This is
necessary because routines such as
dbCreateDatabase(3dba)
and
dbCreateTable(3dba)
modify the EELS_Admin database.
The word ``any'' is used as a wildcard, and can
be specified in the user or host
fields.
Arguments
host
(Input) IP/Hostname from which the user is
connecting to the database
user
(Input) The name of the user that is being
granted database privileges.
passwd
(Input) Not currently used, and should be NULL
privs
(Input) Bitmask defining privileges granted to
the user.
Return values
dbAddUserPriv returns 0 if successful.
Otherwise, it returns -1.