2010/7/21 Marc Delisle marc@infomarc.info:
Hi Piotr, is there a way for a sysadmin (of a shared phpMyAdmin installation) to indicate which setting is available or not for "normal" users?
Yes, config file has a key 'UserprefsDisallow', which contains names of values that users cannot override. Also, setup script has checkboxes (next to each option) which allow to modify this. Settings in 'UserprefsDisallow' are marked as DISABLED in user preferences (and are listed in Blacklist section of my debug message).
I'm asking because I know, for example, that some sysadmins want to disable the "Show detailed MySQL server info" for all their users.
I'm not saying that we need such mechanism, but we'll have to be careful in the choices we give to users if they are perceived by sysadmins as related to security.
In addition to disabling options, some are only partially editable by users. Namely: * MaxDbList, MaxTableList, QueryHistoryMax - users can set values which are equal to or lower than the one hardcoded in config.*.php * AllowUserDropDatabase, UseDbSearch, QueryHistoryDB, ShowPhpInfo, ShowChgPassword - these can be only disabled (changed from true to false), enabling them is impossible for users
Both cases above are marked by an icon with comment in setup script.