Percona Live Europe Featured Talks: A Quick Tour of MySQL 8.0 Roles with Giuseppe MaxiaDave Avery
Welcome to our series of interview blogs for the upcoming Percona Live Europe 2017 in Dublin. This series highlights a number of talks that will be at the conference and gives a short preview of what attendees can expect to learn from the presenter.
This first blog post is with Giuseppe Maxia of VMware. His talk is titled A Quick Tour of MySQL 8.0 Roles. MySQL 8.0 introduced roles, which are a new security and administrative feature that allows DBAs to simplify user management and increases the security of multi-user environments. In our conversation, we discussed MySQL roles and how they can help MySQL DBAs:
Percona: Hello Giuseppe, nice to interview you again (in our last blog we discussed “MySQL Document Store: SQL and NoSQL United”)! What have you been up to since the last Percona Live?
Giuseppe: Hi Dave, glad to be sharing ideas with you again. Since the last Percona conference, I’ve been going through two separate technical paths. For my day job, I work as software explorer on a large high availability in the cloud project. Exploratory software testing is a branch of QA that can easily qualify as a “dream job” for most senior QA engineers. For me, it’s a dynamic process that allows me to combine experience, creativity and development skills. Wildly interesting as it is, this job doesn’t require any MySQL skills. Thus my second technical path goes on in private, and I keep myself up to date with the MySQL world. This year I presented at several conferences and user groups in Europe, Asia, and America. I plan to keep working on MySQL in my own time, just because I like the topic.
Percona: You’re presenting a session called “A Quick Tour of MySQL 8.0 Roles”. What are MySQL roles, and why are they important?
Guiseppe: Roles are a way of simplifying user management. In database administration, users are granted privileges to access schemas, tables or columns (depending on the business needs). When many different users require authorization for different sets of privileges, administrators have to repeat the process of granting privileges several times. This is both tedious and error-prone. Using roles, administrators can define sets of privileges for a user category, and then the user authorization becomes a single statement operation.
In a well-regulated and security-minded organization, administrators should only use roles for privilege management. This policy not only simplifies user management, but also provides meaningful data on privilege usage.
Percona: When getting into role assignment, what are some of the things that DBAs need to watch out for?
Giuseppe: Although roles make everyday tasks easier, they also present some additional challenges. In the MySQL implementation, roles are users with some small differences. While this similarity allows admins to get lazy and assign pre-existing users as roles to other users, this practice would make administration more difficult in the long run. To truly benefit from this new feature, DBAs must get organized, and spend some time planning how they want to orchestrate their roles for maximum efficiency before plunging in.
Percona: Could you share your personal experience with this feature?
Giuseppe: Roles have been on the MySQL community’s wish list for a long time. I remember several third party solutions that tried to implement roles as a hack on top of the existing privileges granting system. I created my own solution many years ago when I had to administer a large set of users with different levels of access.
Anytime a new project promised to ease the roles problem, I gave it a try. None of them truly delivered a secure solution.
When I saw the roles feature in MySQL 8, I tested it extensively, provided feedback to the MySQL team and asked for better usability. I was pleased to see that in the latest release (8.0.2) the team addressed some of my concerns, making the roles both easier to use and more powerful – although at the same time they introduced a new extension (mandatory roles) that could create more problems. All in all, I am pleased with the attitude of the MySQL team: they were willing to listen to my feedback and my proposals for improvement.
Percona: What do you want attendees to take away from your session? Why should they attend?
Giuseppe: When I first proposed this session at Percona Live in Santa Clara, my goal was to explain the various aspects of the new feature. Many users, when hearing about roles, think that it’s a straightforward extension of the existing privileges system. In practice, roles usage is a minefield. Many commands perform seemingly the same operation but often lead to unexpected results.
My session should make the basic operations clear, and teach attendees how to avoid the most common pitfalls.
Percona: What are you most looking forward to at Percona Live Europe 2017?
Giuseppe: First of all, Dublin! I have been an advocate of moving the conference to Ireland, and as soon as I saw that the venue confirmed I booked flight and hotel without waiting for the CfP. At the very minimum, I will be a happy tourist there! As for the conference, there are several topics that I want to follow. The continued improvement of MySQL 8.0 is one, which now seems poised for a GA release in the near future. The explosion of technical solutions that are conquering the community is another: ProxySQL, Orchestrator, gh-ost, MyRocks. I am also interested in the evolution of InnoDB Cluster, which one year ago was presented as the solution to every DBA need (but so far has been less than overwhelming).
There are always lots of sessions with intriguing subjects, and I know already that I won’t be able to attend them all. But I am sure I will learn some new technique or methodology that comes in handy, as happens to me at every MySQL conference.
Want to find out more about Giuseppe and MySQL roles? Register for Percona Live Europe 2017, and see his talk A Quick Tour of MySQL 8.0 Roles. Register now to get the best price! Use discount code SeeMeSpeakPLE17 to get 10% off your registration.
Percona Live Open Source Database Conference Europe 2017 in Dublin is the premier European open source event for the data performance ecosystem. It is the place to be for the open source community as well as businesses that thrive in the MySQL, MariaDB, MongoDB, time series database, cloud, big data and Internet of Things (IoT) marketplaces. Attendees include DBAs, sysadmins, developers, architects, CTOs, CEOs, and vendors from around the world.
The Percona Live Open Source Database Conference Europe will be September 25-27, 2017 at the Radisson Blu Royal Hotel, Dublin.