I just had Silverstripe screw up on me on a test server because I didn't give its MySQL username enough privileges on the database. This happened after I installed it. What are the minimum privileges that are required? I just enabled everything except the administration privileges, and now it works fine.
any response on this?
From a security perspective I'd like to know the minimum privilege level I can run a MySQL user as once the site has been fully developed.
Create, insert, update, delete?
No idea what the minimum privileges are, sorry. I just made sure that it didn't have admin privileges, and left it at that.
The system admin who is setting up our production website has asked me exactly the same question.
Any ideas from anyone?
On my test server, the Silverstripe database user has the following privileges:
SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER.
That works fine for me. Silverstripe should complain if it doesn't have adequate permissions for an operation.
Running the user account with all privileges during development is required as the ORM will create and alter tables as your models changes.
It *should* then be OK to drop the privilege level down to select, insert, update, delete as during production SilverStripe won't be making any structural changes to tables.
Thank you for the replies, I'll let our sysadmin know.