There are two ways for the Transactd client authentication.
There are 2 ways to set user and host or access privileges, the way with MySQL command line client and the way with Transactd. We use MySQL command line client in this page.
Authentication by host address
Authenticate IP address of client host. Username or password does not required.
The default way is the authentication by host address.
transactd_auth_type="" is set in
my.cnf, or setting is empty, this way will be used.
Setting host permission to access Transactd
Run following command from MySQL command line client to register accessible host(s):
CREATE USER firstname.lastname@example.org, email@example.com; GRANT USAGE ON *.* TO firstname.lastname@example.org, email@example.com;
In the above example, access from
192.168.0.11 is allowed.
root is proxy username.
This is used because MySQL
GRANT statement specify value with
The proxy username is
root by default.
If you want to change it, set
transactd_hostcheck_username = "username" in my.cnf.
The host name, such as
host.domain.com, is not available. It prevents delay or failure by DNS lookup.
Specify address range
You can also specify a range of addresses (one of the IP Address Class A, B and C).
CREATE USER root@'192.168.0.0/255.255.255.0'; GRANT USAGE ON *.* TO root@'192.168.0.0/255.255.255.0';
In the case of class C, add
.0/255.255.255.0 after class C IP address.
.0.0/255.255.0.0 for class B, add
.0.0.0/255.0.0.0 for class A.
The address range which is narrower than class C is not available.
192.168.0.0/255.255.240.0 is not available.
In addition, you can use wild card with
Class C is
192.168.0.%, Class B is
192.168.%, Class A is
These host formats are same as host format in MySQL.
In the host authentication, host address is checked, but privileges for each operations are not checked. The host which is allowed to access to database has the privileges for whole operations.
Authentication by combination of users and hosts
Authentication by combination of users and hosts is compatible with MySQL native_password. Username and password for MySQL clients is available in Transactd.
This authentication is used if you specify
transactd_auth_type="mysql_native" in my.cnf.
The client which is allowed to connect can do operations within its privileges.
Specify username and password at connection
can specify username and password. Specify them in URI parameter:
Access privileges are almost the same as privileges in MySQL. See MySQL documents for detail. However, the privileges for function which is not in Transactd (e.g. trigger) are ignored. In addition, the access privileges for each field is not used now.
The access privileges are stored in
mysql.tabels_priv(table). They will be calculated in OR operation.
Use wildcard with
database.table format to identify global, database or table.
database.table can be specified after
For example, if you want to restrict access to each database, disable global privileges on
set privilege to
CREATE USER username@host IDENTIFIED BY 'set_your_password'; GRANT USAGE ON *.* TO username@host; GRANT ALL PRIVILEGES ON databasename.* TO username@host;
When changes will be enabled
Access privilege information is cached in server. Changes will be enable at:
- When open
- When open
- When open
For example, if you change global access privileges, it will be enabled in the database which opened after that. It will not be enabled in the databases which has been opened before that.