[英]Use single or mulitple mysql users for SaaS PHP/mysql application with multi-tenant architecture
We are building a multiuser app that has one database per customer. 我们正在构建一个多用户应用程序,每个客户都有一个数据库。 All customer database structures are identical. 所有客户数据库结构都相同。 Right now we are generating a new mysql user (per client) that only has privileges to work on its own database. 现在我们正在生成一个新的mysql用户(每个客户端),它只有在自己的数据库上工作的权限。
eg mysql user1 has rights on dbase1.* (database1.alltables), mysql user2 has rights on dbase2.*. 例如,mysql user1拥有dbase1。*(database1.alltables)的权限,mysql user2拥有dbase2的权限。*。
We are now noticing that this is already a pain to get dumped to another server as backup (we don't use replication but try to dump files once in a while but the information_schema dbase cannot be dropped & recreated from an sql file it seems. 我们现在注意到,作为备份转储到另一台服务器已经很痛苦了(我们不使用复制但是偶尔会尝试转储文件,但是无法从sql文件中删除和重新创建information_schema dbase。
Anyway, we are wondering if it would be better to just use 1 user that can access all client databases? 无论如何,我们想知道是否只使用一个可以访问所有客户端数据库的用户会更好吗? This is more insecure right? 这更不安全吧? Or can it be used in a rather secure way? 或者它可以以相当安全的方式使用? It would be better to manage for sure. 管理肯定会更好。
What are your thoughts? 你怎么看?
您可能想要做的是,在创建MySQL用户时,还将该用户创建的记录存储在其他位置(在DB之外),然后有一个脚本将用户及其权限还原到DB中。记录你已创建。
This somewhat depends on your requirements (especially related to restoring a client from backup), but I am using a single database/schema for all of my tenants with no potential for a tenant seeing another tenant's data. 这在某种程度上取决于您的要求(特别是与从备份恢复客户端有关),但我为所有租户使用单个数据库/架构,租户无法看到另一个租户的数据。
Since your application would be connecting to the database using a tenant-specific user that only has access to rows where tenant_id = their user, data will be segmented by tenant. 由于您的应用程序将使用特定于租户的用户连接到数据库,该用户只能访问tenant_id =其用户的行,因此数据将由租户进行分段。
I was able to use this technique to convert a large single-tenant application to multi-tenant in a weekend with very few changes. 我能够使用这种技术在周末将大型单租户应用程序转换为多租户,只需很少的更改。 I documented the full solution in my blog: https://opensource.io/it/mysql-multi-tenant/ 我在博客中记录了完整的解决方案: https : //opensource.io/it/mysql-multi-tenant/
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.