I was wondering if someone could give me some advice for the design of a section of a website to be used with mysql privileges.

From what i've understood, to enable this, you need to use the GRANT or REVOKE commands, which inserts the user into the mysql tables.

I have understood all this, and how to add/ remove privileges, but what i am unsure about is how to integrate this with the system i am developing.

At the moment, when the user logs in, a user object is populated with the users information from a few seperate tables. For the user to be able to have specific privileges, i understand i need to use their username and password that is in the mysql user table for every connection to a database. So here are my thoughts:

Should the username and password be the same for the user to access the area of the site as they are in the mysql user table, or should i store the username and password from the mysql user table as a seperate property of the object, and pass them to the mysql_connect function when database calls are needed?

Any advice is appreciated or comments are appreciated.
;)

I'm not sure you want to create a MySQL user for every user of your website. It's not necessary, and doesn't give any advantages as far as I can see. It simply complicates the process of adding and deleting users.

Adam

sorry - i should've explained above - its not for every user of the website, but for about 7 people.

Any person can log in and are given standard mysql privileges under the generic user login. But there are about 7 people, who are going to be administrators of the area, as well as 1 super-administrator, who will manage the administrators.

So to be concise - the area i am talking about in the above post is not for any user, but for specific administrative functions for a select number of administrators.

so for example, admin1 can insert into table 1 and 2, but not table 3, and admin4 can insert into all tables but can't delete at all. The super-administrator will have all privileges, and also be able to add/delete new admin, or change the admins privileges, eg add the ability to admin1 to insert into table 3.

I hope this is clearer ;)

you can set that up in the admin panel for your hosting, presuming you have one ;)

admin panel - being phpmyadmin?

i know i can set all the users and their privileges manually, but then wouldn't the connection string for the mysql_connect function have to contain their userid and password to get their associated privileges?

also, i'm trying to design the system so that the user, who has no idea of databases or table privileges or anything like that, can easily add or modify administrator privileges.

Originally posted by moondance
admin panel - being phpmyadmin?

yes if you have it

Originally posted by moondance
i know i can set all the users and their privileges manually, but then wouldn't the connection string for the mysql_connect function have to contain their userid and password to get their associated privileges?

short answer is yes

Originally posted by moondance
also, i'm trying to design the system so that the user, who has no idea of databases or table privileges or anything like that, can easily add or modify administrator privileges.

admin priv for what, to what end?