'Documentation mysql: Privilege system'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mysql-announce
Subject:    Documentation mysql: Privilege system
From:       Michael Widenius <monty () monty ! pp ! sci ! fi>
Date:       1998-08-27 23:32:12
[Download RAW message or body]

>>>>> "Scott" == Scott Hanson <shanson@shcon.com> writes:

Scott> A Debian user asked me a question about privleges that I didn't
Scott> immediately know the answer to... so I thought I'd forward it to the
Scott> list. Does anyone have a ready answer? Thanks!

Scott> Scott
Scott> -- 
Scott> Scott Hanson <shanson@shcon.com>  <shanson@debian.org>
Scott> Johmsweg 9, D-21266 Jesteburg, Germany

Scott> ------- Start of forwarded message -------
Scott> Message-ID: <XFMail.980827162911.fh@dipa.de>
Scott> Date: Thu, 27 Aug 1998 16:29:11 +0200 (CEST)
Scott> From: Florian Hinzmann <fh@dipa.de>
Scott> To: shanson@debian.org
Scott> Subject: Documentation mysql: Privilege system

Scott> Hi!

Scott> I am refering to 
Scott> file:/usr/doc/mysql-doc/manual.html#Privileges,
Scott> v3.21.33.

Scott> One paragraph states:

>> Everything granted in the user table is valid for 
>> every database that cannot be found in the db table.   (Mark A)
>> For this reason, it might be wise to grant users
>> (apart from superusers) privileges on a per-database 
>> basis only. 

I just changed this to:

Everything granted in the @code{user} table is valid for every database.
For this reason, it might be wise to grant privileges to users
(other from superusers) on a per-database basis only.


Scott> And later:

>> 4.If host = "" for the entry found in the db table, 
>> AND Priv with the privileges for the host in the host 
>> table, i.e. remove all privileges that are not "Y" in 
>> both. (If host <> "", Priv is not affected. In such cases,
>> host must have matched the connecting host's name at least
>> partially. Therefore it can be assumed that the privileges 
>> found in this row match the connecting host's profile.) 
>> 
>> 5.OR (add) Priv with the privileges for the user from the    (Mark B)
>> user table, i.e. add all privileges that are "Y" in user. 

Scott> I see a contradiction between (Mark A) and (Mark B). 

Scott> (A) states the privileges from table user are used
Scott> if a database is not found in table db.

Scott> (B) states the privileges from table user are 
Scott> always added to the privileges prior evaluated.

The meaning was that the user has at least all privileges granted from
the user table.  He can get more privileges for a specific db from the 
db table.

Regards,
Monty

-----------------------------------------------------------
Send a mail to mdomo@tcx.se with
unsubscribe mysql your@subscription.address
in the body of the message to unsubscribe from this list.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic