Bug #621 Groups of users
Submitted: 8 Jun 2003 23:10 Modified: 9 Aug 2003 6:41
Reporter: Alexandr Staroverov Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server Severity:S4 (Feature request)
Version:4.0.13 OS:Linux (RedHat Linux)
Assigned to: Sergei Golubchik CPU Architecture:Any
Triage: D5 (Feature request)

[8 Jun 2003 23:10] Alexandr Staroverov
Description:
In my opinion much easier to administrate group of users, then single user.
Some of databases (f..e. Sybase) have group support. Why MySQL haven’t?
I found simple solution.
We have to add column User_group to table mysql.user.
mysql> alter table mysql.user add column User_group char(16) binary after max_connections;
and make some small changes in sql_acl.cc

How to repeat:
Example of groups usage: 

insert into mysql.user(User) values ('teacher');
insert into mysql.user(User) values ('student');

grant all on marks to teacher;
grant select on marks to student;

insert into mysql.user(User, User_Group) values ('smith', 'teacher');
insert into mysql.user(User, User_Group) values ('john',  'student');
insert into mysql.user(User, User_Group) values ('peter', 'student');
flush privileges;

Suggested fix:
68c68
<   char *user,*password;
---
>   char *user,*password,*group;
229a230
>     user.group= table->fields >= 32 ? get_field(&mem, table,31) : NULL;
819a821,822
>   ACL_USER *acl_user;
>   const char* group;
839a843,844
>   group=(acl_user=find_acl_user(host, user)) && acl_user->group 
>          ? acl_user->group : user;
843c848
<     if (!acl_db->user || !strcmp(user,acl_db->user))
---
>     if (!acl_db->user || !strcmp(user,acl_db->user) || !strcmp(group, acl_db->user))
2443,2444c2448,2449
< bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
< 		 uint show_table, bool no_errors)
---
> bool _check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
> 		 uint show_table, bool no_errors, char *user)
2447d2451
<   char *user = thd->priv_user;
2521a2526,2532
> bool check_grant(THD *thd, ulong want_access, TABLE_LIST *tables,
> 		 uint show_table, bool no_errors)
> {
>    ACL_USER *acl_user = find_acl_user(thd->host, thd->priv_user);
>    return acl_user && acl_user->group && !_check_grant(thd, want_access, tables, show_table, 0, acl_user->group) ?
>            _check_grant(thd, want_access, tables, show_table, no_errors, thd->priv_user) : 0;
> }
[8 Aug 2003 2:53] Lenz Grimmer
Serg, can you comment on that?
[8 Aug 2003 21:37] Alexandr Staroverov
It's obsolete now
I made SQL-99 roles implementation.
I'm waiting for specification of roles.