Data Infrastructure Management Software Discussions

Data Infrastructure Management Software Discussions

Highlighted

OCI Remote Connect To Data Warehouse MySQL Database

Don_Childers
‎2016-11-30 01:45 PM

We've had a request by our asset management department to provide remote connectivity to the OCI MySQL database with read-only rights. They want to pull some information as it relates to enterprise storage assets. They gave me a list of Windows Active Directory accounts that would need the read-only access to the MySQL database.

 

However, in searching the documentation I can only find reference to remote connections to MySQL within the Data Warehouse documentation. It states:

 

"When accessing MySQL, connect to the MySQL database on the machine where Data Warehouse is installed. The MySQL port is 3306 by default; however, you can change it during installation. The user name and password is dwhuser/netapp123."

 

Is dwhuser the only way to connect to the MySQL back end database?

Is it safe to give those credentials to another department to use?

Does dwhuser have any rights that could be potentially harmful to the database (like admin rights)?

Any way to add AD accounts for read-only access?

 

For reference, we are running OCI 7.2.2.

 

Thanks a lot for any info.

--Don Childers

Reply
1 person had this problem
View By:
9 Replies
0 Likes
9 REPLIES 9
Highlighted

Re: OCI Remote Connect To Data Warehouse MySQL Database

moechnig
NetApp
‎2016-11-30 02:31 PM

The dwhuser account is intended for situations just like yours.  It has read-only access. 

View solution in original post

Reply
9 Replies
Highlighted

Re: OCI Remote Connect To Data Warehouse MySQL Database

Don_Childers
‎2016-11-30 02:33 PM

Thank you.

Reply
9 Replies
0 Likes
Highlighted

Re: OCI Remote Connect To Data Warehouse MySQL Database

ninja
‎2016-11-30 02:44 PM

Can AD users get access or is it not supported?

Reply
9 Replies
0 Likes
Highlighted

Re: OCI Remote Connect To Data Warehouse MySQL Database

ostiguy
NetApp
‎2016-11-30 06:35 PM

Hey Ninja,

 

What is the use case for AD users having access?

 

Is the goal to avoid a shared user account, which is an admitted current limitation?

 

No, this is currently not supported.

 

I have been looking at some MySQL features to contemplate what would be within the realm of possible (which implies nothing from an OCI support perspective, rather, I am curious if I see anything that would be adaptable for future OCI versions to use).

 

https://dev.mysql.com/doc/refman/5.5/en/windows-authentication-plugin.html

 

Doesn't seem very viable, because it requires each user account to be manually created in MySQL - i.e, you are mapping a Windows account to a MySQL user account, and it doesn't seem possible to do something like

 

"When username is a member of group X, create username with mysql permissions GRANT ____ on tables _____"

 

Instead, you are mapping a group to a specific mysql user, which I would tend to think wouldn't help much, as you couldn't seemingly understand within mysql who is doing what (any slow query run by a human would appear as the same username)

 

Matt

 

 

Reply
9 Replies
Highlighted

Re: OCI Remote Connect To Data Warehouse MySQL Database

ninja
‎2016-12-01 11:03 AM

Yep. The intent is to avoid those ugly frowns from the security teams for each shared account that we have 🙂

 

Thanks for the response.

Reply
9 Replies
0 Likes
Highlighted

Re: OCI Remote Connect To Data Warehouse MySQL Database

ameegama
‎2017-03-24 10:17 AM

 Hi Don,

 

I have same situation,Capacity management team wanted to access OCI data from remote . Have you done that ?

Could you Please send more details how you setup ..

 

Thanks

Amanda Meegama

Reply
9 Replies
0 Likes
Highlighted

Re: OCI Remote Connect To Data Warehouse MySQL Database

moechnig
NetApp
‎2017-03-24 10:36 AM

The credentials you need to set this up is in the manual, here:  https://library.netapp.com/ecmdocs/ECMLP2572619/html/GUID-4AD1EDE4-A6B5-4B84-B07B-C682B79BE3AA.html

 

The MySQL TCP port is 3306. 

 

 

Reply
9 Replies
0 Likes
Highlighted

Re: OCI Remote Connect To Data Warehouse MySQL Database

ameegama
‎2017-03-24 11:13 AM

 

Thanks.

 

Is there any way to give them access only following table . ?

 

Required TABLES
======================
dwh_capacity.storage_dimension
dwh_capacity.date_dimension
dwh_capacity.storage_and_storage_pool_capacity_fact

Reply
Tags (1)
9 Replies
0 Likes
Highlighted

Re: OCI Remote Connect To Data Warehouse MySQL Database

moechnig
NetApp
‎2017-03-24 11:19 AM

You could create a new user for this particular use case and modify the schema to grant your new users access exclusively to the tables in question. 

 

You would probably need to re-implement this change after any backup/restore, including during upgrade. 

 

Unless the restriction is very important, it may not be worth the effort. 

 

Reply
9 Replies
0 Likes
Ask A Question
Try the NEW Support Site!
NetApp Support Site
Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2020 NetApp
Let us know