phpMyAdmin – Default User Group Configuration

phpmyadminusers

I am setting up a multi user environment for shared hosting. Since phpMyAdmin 4.1.0 it's possible to create user groups, add users to them and define which functions they may use.

Now this is a great feature, but it would be better if new MySQL users get a default user group when they login to phpMyAdmin for the first time. I haven't seen this setting in phpma (so far), so I wanted to ask you if you know whether this is possible in phpma or that I maybe can set a default user group in the php files of phpma?

Thanks in advance!

Best Answer

I came up with my own solution (but if you think this can be done better, please post your option):

In the file /libraries/Menu.class.php I changed ...

        if (isset($cfgRelation['menuswork']) && $cfgRelation['menuswork']) {

... with

        $groupTable = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb']) . "." . PMA_Util::backquote($GLOBALS['cfg']['Server']['usergroups']);
        $userTable = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb']) . "." . PMA_Util::backquote($GLOBALS['cfg']['Server']['users']);

        if (!empty($GLOBALS['cfg']['Server']['users']) && !empty($GLOBALS['cfg']['Server']['usergroups'])) {
            $defaultUserGroup = 'User';
            $all_mysql_users = PMA_queryAsControlUser("SELECT User FROM mysql.user GROUP BY User", false);
            $all_phpma_users = PMA_queryAsControlUser("SELECT username FROM " . $userTable . " WHERE `usergroup` != ''", false);

            if ($all_mysql_users) {
                $default_user_group = PMA_queryAsControlUser("SELECT `usergroup` FROM " . $groupTable . " WHERE `usergroup` LIKE '" . $defaultUserGroup . "' LIMIT 1", false);

                if ($default_user_group) {
                    $default_user_group = $GLOBALS['dbi']->fetchAssoc($default_user_group);
                    $allPhpmaUsers = array();

                    while ($phpma_user = $GLOBALS['dbi']->fetchAssoc($all_phpma_users))
                        $allPhpmaUsers[] = $phpma_user['username'];

                    while ($mysql_user = $GLOBALS['dbi']->fetchAssoc($all_mysql_users)) {
                        if (!in_array($mysql_user['User'], $allPhpmaUsers))
                            PMA_setUserGroup($mysql_user['User'], $default_user_group['usergroup']);
                    }
                }
            }
        }

        if (isset($cfgRelation['menuswork']) && $cfgRelation['menuswork']) {

And then I replaced ...

        if (isset($cfgRelation['menuswork']) && $cfgRelation['menuswork']) {
            $groupTable = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb'])
                . "."
                . PMA_Util::backquote($GLOBALS['cfg']['Server']['usergroups']);
            $userTable = PMA_Util::backquote($GLOBALS['cfg']['Server']['pmadb'])
                . "." . PMA_Util::backquote($GLOBALS['cfg']['Server']['users']);

            $sql_query = "SELECT `tab` FROM " . $groupTable

... with

        if (isset($cfgRelation['menuswork']) && $cfgRelation['menuswork']) {
            $sql_query = "SELECT `tab` FROM " . $groupTable

Then I created an user group "Admin" with all rights, put the root user into this Admin group. At last I created an user group "User" with less rights, refreshed the page and all other users had this group. It is important to do this in this order, because otherwise the root user will also get the "User" rights. When this group can't edit user settings, you can't change it back from within phpMyAdmin.

Related Question