mysql: add user permission notice mysql config view, closes #8359

a64c06d0 · Torkel Ödegaard · 966cefc8 · a64c06d0
Commit a64c06d0 authored May 22, 2017 by Torkel Ödegaard
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 1 deletions

public/app/plugins/datasource/mysql/partials/config.html
+14 -1

No files found.
--- a/public/app/plugins/datasource/mysql/partials/config.html
+++ b/public/app/plugins/datasource/mysql/partials/config.html
@@ -2,7 +2,6 @@
 <h3 class="page-heading">MySQL Connection</h3>
 <div class="gf-form-group">
 	<div class="gf-form max-width-30">
 		<span class="gf-form-label width-7">Host</span>
 		<input type="text" class="gf-form-input" ng-model='ctrl.current.url' placeholder="" required></input>
@@ -25,3 +24,17 @@
 	</div>
 </div>
+<div class="gf-form-group">
+	<div class="grafana-info-box">
+		<h5>User Permission</h5>
+		<p>
+			The database user should only be granted SELECT permissions on the specified database & tables you want to query.
+			Grafana does not validate that queries are safe so queries can contain any SQL statement. For example, statements
+			like <code>USE otherdb;</code> and <code>DROP TABLE user;</code> would be executed. To protect against this we
+			<strong>Highly</strong> recommmend you create a specific MySQL user with restricted permissions.
+			Checkout the <a class="external-link" target="_blank" href="http://docs.grafana.org/features/datasources/mysql/">MySQL Data Source Docs</a> for more information.
+		</p>
+	</div>
+</div>