Change Details

Opening this ticket to discuss if this is possible. If the answer is "no", we can decline it for now. I think there would be 3 major advantages to having each user authenticate to mysql individually: * We can audit who is accessing the data * We can potentially have more granular authorization rules within mysql, so, e.g., if one groups needs to store something sensitive in a schema, we can restrict access to that table. * No shared group passwords (just for hygine-- although the security of this system won't be affected much, having a shared password here I believe encourages people to use shared passwords elsewhere, where it may affect their security directly). Disadvantages: * Security will depend on user-chosen passwords, most likely, and users usually chose weak passwords * Overhead of account setup (although maybe mysql can use ldap? I've also setup password synchronization for ldap->mysql using other tools for several large organizations a while back, so something like that might be an option)

Opening this ticket to discuss if this is possible. If the answer is "no", we can decline it for now. I think there would be 3 major advantages to having each user authenticate to mysql individually: * We can audit who is accessing the data * We can potentially have more granular authorization rules within mysql, so, e.g., if one groups needs to store something sensitive in a schema, we can restrict access to that table. * No shared group passwords (just for hygiene-- although the security of this system won't be affected much, having a shared password here I believe encourages people to use shared passwords elsewhere, where it may affect their security directly). Disadvantages: * Security will depend on user-chosen passwords, most likely, and users usually chose weak passwords * Overhead of account setup (although maybe mysql can use ldap? I've also setup password synchronization for ldap->mysql using other tools for several large organizations a while back, so something like that might be an option)

Opening this ticket to discuss if this is possible. If the answer is "no", we can decline it for now. I think there would be 3 major advantages to having each user authenticate to mysql individually: * We can audit who is accessing the data * We can potentially have more granular authorization rules within mysql, so, e.g., if one groups needs to store something sensitive in a schema, we can restrict access to that table. * No shared group passwords (just for hygiene-- although the security of this system won't be affected much, having a shared password here I believe encourages people to use shared passwords elsewhere, where it may affect their security directly). Disadvantages: * Security will depend on user-chosen passwords, most likely, and users usually chose weak passwords * Overhead of account setup (although maybe mysql can use ldap? I've also setup password synchronization for ldap->mysql using other tools for several large organizations a while back, so something like that might be an option)