Versions Compared

Old Version 1

changes.mady.by.user Fiona Sargeant

Saved on

compared with

New Version 2

changes.mady.by.user Fiona Sargeant

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This page is for administrators who need to configure direct access to the PhixFlow database.

It is possible for database users who have sufficient permission to access the PhixFlow database tables directly. This can be useful if they want to use database queries to generate reports. However this is insecure, as it allows the database user to see all PhixFlow data.

To manage this, there are several things that you must configure.

In the PhixFlow Database:

1.  Create a role in the PhixFlow database.

Code Block
languagesql
create role myrole;

2.  Grant this role to any database users that require access to the database views.

Code Block
languagesql
--MariaDB
grant 'myrole' to 'myuser'@'%';
--Oracle
grant myrole to myuser;
--SQL Server
alter role myrole add member myuser;

For a MariaDB database: set the Grant option for the PhixFlow database user. 

In the PhixFlow Application:

3.  Set up the specific streams that need to be available to generate database views.  In the stream properties → Advanced → Database View, enter a string in the formatv_xxxxWhen the stream is published to the database, PhixFlow creates a view for the stream data.

Tip

If you have already created database views, they will only become available to database users after you republish the stream data.

4.  In the System Configuration→ Advanced →  Database View Role, enter the name of this database role.

Note

This option refers to a role in the PhixFlow database not in the PhixFlow application.

5.  Republish stream data to make existing database views available. Click

Insert excerpt
_administration
_administration
nopaneltrue
 and select Other Options → Publish Streams (to be checked - we might not want to advise publishing all data).

Test the configuration:

6.  After configuring Database View Role, you must test that it is correctly configured.

  • For a stream with stream properties → Advanced → Database View set, untick the Enabled box and save the stream.
  • Tick the Enabled box again and resave the stream. This forces PhixFlow to publish the stream data and to create the database view.

If the configuration is incorrect, publishing a stream with a database view will fail. Check the console for error messages.

Managing the Database Role

When the Database View Role is set, database views are available to database users with this role. This is equivalent to running:

Code Block
languagesql
grant select on v_myview to myrole;

When new database views are created, they are automatically made available to the database users.

Once the database role is created, making changes to the System Configuration→ Advanced →  Database View Role name does not update existing views or remove them from the previous role.