Opening this ticket to discuss if this is possible. If the answer is "no", we can decline it for now.
I think there would be 3 major advantages to having each user authenticate to mysql individually:
- We can audit who is accessing the data
- We can potentially have more granular authorization rules within mysql, so, e.g., if one groups needs to store something sensitive in a schema, we can restrict access to that table.
- No shared group passwords (just for hygiene-- although the security of this system won't be affected much, having a shared password here I believe encourages people to use shared passwords elsewhere, where it may affect their security directly).
Disadvantages:
- Security will depend on user-chosen passwords, most likely, and users usually chose weak passwords
- Overhead of account setup (although maybe mysql can use ldap? I've also setup password synchronization for ldap->mysql using other tools for several large organizations a while back, so something like that might be an option)