You can perform the following user management operations for Cloud Databases:
You can create a user in the Cloud Databases section of the Cloud Control Panel by clicking on an existing instance name and then clicking Create User in the Users section of the Instance Details page.
When you create a new user, consider the following requirements and limitations.
The following characters are valid for user names and passwords:
The following characters are not allowed when you create user names or passwords:
The host parameter should be a numeric IPv4 address that describes the host from which the user must connect (such as 192.168.1.12) or the symbol %. The symbol % serves as a wildcard to MySQL, and means "from anywhere". Users created without a host parameter are given the default value of %, which allows them to connect to the database from any host.
You can perform the following operations to modify a user by clicking the cog icon next to the user name:
Clicking the Manage Database Access command in the actions menu will let you control user access to each database. To revoke a user's access to a database, click the "-" button next to the database name in the list.
To grant a user access to a database, click the Add Access button. In the list of databases for which the user does not already have access, select the check boxes next to the appropriate database names and then submit the changes to put them into effect.
Note: Through the Control Panel, users can only be granted or revoked full permissions on a database. To add more specific permissions, you must enable the root user as described in the following section.
Currently the Control Panel allows you to grant or revoke user access for a given database, but all users are granted universal privileges on the database by default. Because of security concerns or other application needs, you may need to set specific privileges for a user such as granting some users read-only access to a specific database for reporting purposes. To completely control permissions for a user, you must enable the root user for your database instance. After the root user is enabled, you can log in to MySQL and manage the access privileges for individual users.
There are two ways to enable root user on Cloud Databases. One way is by using the Trove Command Line Tool, generally referred to as the CLI. Instructions for using this tool follow. Another way to enable the root user is through the API. Support for access-level control on Cloud Databases through our Control Panel will be provided in the future.
In order to use the CLI, first you must install the trove client. After installing the trove client, you can enable the root user for the database instance by using the following command, where <instance> is the ID of the instance:
$ trove root-enable <instance>
This command generates a password for the root user. Store this password because it is required to log in as a root user for the database instance. After the root user is enabled, you have full control for creating and managing user privileges.
Example – Database instance MySQLDBInstance01 has a database DBStaging1 and a user DevUser1. You would like to set up read-only permissions for DevUser1.
Step 1: List database instances to get the instance ID:
$ trove list
Step 2: Enable the root user on MySQLDBInstance01, with instance ID 23a6481f-f98a-4fcd-b4a9-54d06f6f6e88:
$ trove root-enable 23a6481f-f98a-4fcd-b4a9-54d06f6f6e88
A password is generated and returned for the root user.
Step 3: Log in to MySQL as a root user with the password generated in the preceding step:
$ mysql – u <root> –h <hostname> -p <password>
Step 4: In MySQL, set up read permissions for DevUser1 by using the GRANT statement:
$ GRANT SELECT on DBStaging1 to ‘DevUser1’@’hostname’;
Note: You can reset the root user password by making subsequent calls to enable the root user.
If you want to enable the root user via the API, you can follow the examples located in our API documentation.
© 2011-2013 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License