[prev in list] [next in list] [prev in thread] [next in thread]
List: mysql-announce
Subject: Documentation mysql: Privilege system
From: Michael Widenius <monty () monty ! pp ! sci ! fi>
Date: 1998-08-27 23:32:12
[Download RAW message or body]
>>>>> "Scott" == Scott Hanson <shanson@shcon.com> writes:
Scott> A Debian user asked me a question about privleges that I didn't
Scott> immediately know the answer to... so I thought I'd forward it to the
Scott> list. Does anyone have a ready answer? Thanks!
Scott> Scott
Scott> --
Scott> Scott Hanson <shanson@shcon.com> <shanson@debian.org>
Scott> Johmsweg 9, D-21266 Jesteburg, Germany
Scott> ------- Start of forwarded message -------
Scott> Message-ID: <XFMail.980827162911.fh@dipa.de>
Scott> Date: Thu, 27 Aug 1998 16:29:11 +0200 (CEST)
Scott> From: Florian Hinzmann <fh@dipa.de>
Scott> To: shanson@debian.org
Scott> Subject: Documentation mysql: Privilege system
Scott> Hi!
Scott> I am refering to
Scott> file:/usr/doc/mysql-doc/manual.html#Privileges,
Scott> v3.21.33.
Scott> One paragraph states:
>> Everything granted in the user table is valid for
>> every database that cannot be found in the db table. (Mark A)
>> For this reason, it might be wise to grant users
>> (apart from superusers) privileges on a per-database
>> basis only.
I just changed this to:
Everything granted in the @code{user} table is valid for every database.
For this reason, it might be wise to grant privileges to users
(other from superusers) on a per-database basis only.
Scott> And later:
>> 4.If host = "" for the entry found in the db table,
>> AND Priv with the privileges for the host in the host
>> table, i.e. remove all privileges that are not "Y" in
>> both. (If host <> "", Priv is not affected. In such cases,
>> host must have matched the connecting host's name at least
>> partially. Therefore it can be assumed that the privileges
>> found in this row match the connecting host's profile.)
>>
>> 5.OR (add) Priv with the privileges for the user from the (Mark B)
>> user table, i.e. add all privileges that are "Y" in user.
Scott> I see a contradiction between (Mark A) and (Mark B).
Scott> (A) states the privileges from table user are used
Scott> if a database is not found in table db.
Scott> (B) states the privileges from table user are
Scott> always added to the privileges prior evaluated.
The meaning was that the user has at least all privileges granted from
the user table. He can get more privileges for a specific db from the
db table.
Regards,
Monty
-----------------------------------------------------------
Send a mail to mdomo@tcx.se with
unsubscribe mysql your@subscription.address
in the body of the message to unsubscribe from this list.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic