Ask Question
« General Questions on Nuxeo

Will Nuxeo work without permissions to create functions in SQL Database?

Will Nuxeo work without permissions to create functions in SQL Database?

The environment: I configured my nuxeo.conf file to use the MySQL template, but customized the settings to use a remote MySQL server. This MySQL server is shared between different tenants, and each tenant is given a MySQL user and table. For security reasons, this MySQL instance will not grant users the ability to access the mysql.proc table or create functions, so we need to accommodate this restriction.

My attempted solution: I set “nuxeo.vcs.ddlmode=compat” in nuxeo.conf to resolve the mysql.proc issue, but I am still not allowed to create functions. This results in the following error:

You do not have the SUPER privilege and binary logging is enabled (you *might* want to use the less safe log_bin_trust_function_creators variable)
at org.nuxeo.ecm.core.storage.sql.jdbc.JDBCMapper.createDatabase(JDBCMapper.java:180)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.nuxeo.ecm.core.storage.sql.jdbc.JDBCMapperConnector.doInvoke(JDBCMapperConnector.java:42)
at org.nuxeo.ecm.core.storage.sql.jdbc.JDBCMapperConnector.invoke(JDBCMapperConnector.java:85)
at com.sun.proxy.$Proxy62.createDatabase(Unknown Source)
at org.nuxeo.ecm.core.storage.sql.jdbc.JDBCBackend.newMapper(JDBCBackend.java:172)
at org.nuxeo.ecm.core.storage.sql.RepositoryImpl.newMapper(RepositoryImpl.java:269)
at org.nuxeo.ecm.core.storage.sql.RepositoryImpl.getConnection(RepositoryImpl.java:251)

It is highly unlikely I will be getting SUPER privileges, so setting “log_bin_trust_function_creators=1” is not an option. I tried setting “nuxeo.vcs.ddlmode=ignore” to resolve the issue, but there is no longer a “repositories” table for Nuxeo to work with when I do that.

Is there a way to avoid having Nuxeo create functions when integrating with a database?

Michael Soohoo
Member (120)   1   1   1 		04/20/2017 ( History)
0 votes
1 answers
1908 views
ANSWER
ANSWERS

Function creation and table creation are both covered in the same way by the ddlMode. Either you give Nuxeo the rights to do everything regarding table creation and function creation, in which case it will do everything it needs, or you don't give it these rights in which case it's your responsibility as a sysadmin to create by hand everything that Nuxeo needs. ddlMode=dump,abort will help you there. See https://doc.nuxeo.com/nxdoc/repository-configuration/#database-creation-option for more.

Florent Guillaume
Member (36K)   6   8   8 		04/24/2017 ( History)
0 votes
Follow
Tags
Linked Questions
Related Questions
Error upgrading from 5.6 to 5.8 with SQL Server
Error while Nuxeo 5.9.4 start up db schema setup
Error while updating the project from Nuxeo Studio
Nuxeo-5.9.4 and MS SQL 2005 error
Start nuxeo fails when constrained by the pool
Using OR in the query of a Page Provider
Nuxeo 5.6 to 5.8 - boolean values processing in NXQL bug or change?
Where to place a sqlInitFile
Trouble with Nuxeo 5.5 and MSSQL