Support for user permissions

[h-bragg]

Supporting permissions would be very useful!

you can get permissions with something like:

SELECT user, host FROM user
foreach {
    SHOW GRANTS FOR '$user'@$host
}

I guess, ignore certain users (mysql.sqs, rdsadmin, root, the user used by morphism?), etc.

Then add GRANT/REVOKE as necessary.

You can add passwords as you can use the hashed version.

[john-n-smith]

Cool idea. Users to ignore could be a new section in the config file.

[biggianteye]

Good idea.

Given this is content rather than structure it couldn't use the existing mechanisms in place and so some new work would need to be done. It's not even regular DML, so that makes it even more of a special case.

In my previous workplace, we had users.sql and grants.sql in version control with fully executable statements. For the dump command, some variation of the above set of commands could be used to generate these files. The diff command gets a little trickier.

[h-bragg]

I remember having a discussion about this a while ago. I think the main downside I see is that you need to be able to support environment specific users/permissions somehow. As long as its obvious how to do it through configuration it should be fine. But the implication is that it can't be part of the same configuration as the schema (so no single command); unless you don't care about different permissions...