[BlueOnyx:15346] Re: phpMyAdmin for Server Administrators

Michael Stauber mstauber at blueonyx.it
Mon May 5 12:14:56 -05 2014 

Hi Maurice,

> When logged in as admin in the gui, one can browse to Server
> Management/Security/phpMyAdmin and automagically get logged in as root to 
> mysql.
> 
> Is it possible to give a server administrator (other than admin) this same 
> option? Currently, I can't see how to give a server administrator access 
> to the 'Security' menu on the left in the gui.

It's possible in the new GUI. The old GUI can only have one "admin" with
all powers. The new GUI already has the capability to create additional
"adminUser" accounts that have *all* rights, including identical rights
to user "admin". That includes full access to phpMyAdmin as well and can
be achieved by assigning them the capability "System-Administrator".

I also reworked the "reseller" management and "adminUsers" with the
ability to create virtual sites can have their access to features
limited. So you can deny a user with the capability "Virtual Site
Management" usage of things like:

- php
- suPHP
- JSP
- MySQL
- SSL
- SSI
- CGI
- FTP
- AnonFTP
- Shell access

You can pick which features you grant access to and which features you
rather would not give them rights for.

The BlueOnyx demo at http://demo.blueonyx.it already has that.

Now there is a problem with "adminUsers" who are NOT
"System-Administrator" (like "admin"): phpMyAdmin.

You do not want to give a "reseller" full access to all MySQL databases.
At the best he should be able to see/modify JUST the databases of the
Vsites that he owns. But not those of other clients.

At this time the only "adminUser" who has full access to phpMyAdmin is
an "adminUser" with the capability "System-Administrator" (rights equal
to "admin"). Any other "adminUser" gets prompted for the MySQL username
and password at this time. In the long term they will get phpMyAdmin
access to the MySQL databases of the Vsites they own. However, this
involves creating additional MySQL users for them and granting privileges.

Maybe I do it the lazy way: They get to see the list of Vsites they own
and that have MySQL enabled AND have MySQL databases. When they then
click on the button next to a site, they get logged in to phpMyAdmin
with the MySQL credentials of the selected Vsite. That would be a whole
less complex and a lot easier to code.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list