Cross join between multiple schemas in MySQL. Privileges and performance

问题:

I'm building two applications which will share some data in common schema. I'm using MySQL as RDBMS. Here is my first schema (test_schema_1):

And second (test_schema_2):

I recently learned that I can do JOINs between multiple schemas. When I'm connected with root user (unlimited access to everything), I do:

SELECT * FROM TEST_SCHEMA_2.USERS U JOIN TEST_SCHEMA_1.MASTER_USERS MU ON U.MASTER_ID = MU.ID JOIN TEST_SCHEMA_2.ROLES R ON U.ROLE_ID = R.ID WHERE MU.APP_ID = 'darth_vader@death.star'; 

And get what I expect! This looks very cool for me, as I'm thinking of going to production with this design.

But I'm a bit afraid of performance implications of such design? Is this a good idea? What if in future I decide to shard (in MongoDB terminology) the database on different machines?

Also, I'm wondering of security problems. Currently, I have a separate user for each schema:

Host        Db              User    Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv   Grant_priv  References_priv Index_priv  Alter_priv  Create_tmp_table_priv   Lock_tables_priv    Create_view_priv    Show_view_priv  Create_routine_priv Alter_routine_priv  Execute_priv    Event_priv  Trigger_priv %           test_schema_1   t1      Y           Y           Y           Y           N           N           N           N               N           N           N                       N                   N                   N               N                   N                   N               N           Y localhost   test_schema_1   t1      Y           Y           Y           Y           N           N           N           N               N           N           N                       N                   N                   N               N                   N                   N               N           Y %           test_schema_2   t2      Y           Y           Y           Y           N           N           N           N               N           N           N                       N                   N                   N               N                   N                   N               N           Y localhost   test_schema_2   t2      Y           Y           Y           Y           N           N           N           N               N           N           N                       N                   N                   N               N                   N                   N               N           Y 

So I expect that user t1 cannot read from test_schema_2. But the query above works. He even can insert in test_schema_2:

SELECT USER(); INSERT INTO TEST_SCHEMA_2.ROLES(ID, NAME) VALUES(4, 'TEST'); ... USER() t1@localhost ------------------------------------------- Updated Rows 1 

What am I missing?

回答1:

MySQL maintains a single set of buffers for all databases. With regards to performances, it does not matter whether tables are in different databases.

Your use case is boderline, but seems to be a reasonnable case for aggregating data from separate databases.

I would be careful with this architecture though. If your applications start sharing more than just a few tables, ask yourself whether these applications are really distinct applications, or rather modules of the same application. In the latter case, it would make sense to me to have all tables in one sigle database.

If you are concerned about security, then please note that most access rights may be granted on a per-table (or even per-column) basis.

回答2:

First of all, you should adjust security settings. Probably, your users have granted access to all schemas. To keep things simple, try to invoke the following:

REVOKE ALL PRIVILEGES, GRANT OPTION from 't1','t2';  GRANT SELECT, INSERT, UPDATE, DELETE ON `test\_schema\_1`.* TO 't1'; GRANT SELECT, INSERT, UPDATE, DELETE ON `test\_schema\_2`.* TO 't2'; FLUSH PRIVILEGES; 

The second part is about your schemas. Basically, this is not a problem to query different schemas. If you are confused about security issues, I would recommend you to switch your query to a procedure. And what is up to sharding, it is even less complicated to break apart different schemas.

文章来源: Cross join between multiple schemas in MySQL. Privileges and performance