Author: paul
Date: 2008-03-17 17:12:57 +0100 (Mon, 17 Mar 2008)
New Revision: 10274
Log:
r30059@frost: paul | 2008-03-17 11:06:34 -0500
Better uniformity of the discussion of the DEFINER and SQL SECURITY
clauses across the statements that use them: CREATE {VIEW, FUNCTION,
PROCEDURE, TRIGGER, EVENT}.
Modified:
trunk/it/refman-5.1/stored-procedures.xml
trunk/it/refman-5.1/triggers.xml
trunk/it/refman-5.1/views.xml
trunk/pt/refman-5.1/stored-procedures.xml
trunk/pt/refman-5.1/triggers.xml
trunk/pt/refman-5.1/views.xml
trunk/refman-5.0/stored-procedures.xml
trunk/refman-5.0/triggers.xml
trunk/refman-5.0/views.xml
trunk/refman-5.1/events.xml
trunk/refman-5.1/stored-procedures.xml
trunk/refman-5.1/triggers.xml
trunk/refman-5.1/views.xml
trunk/refman-6.0/stored-procedures.xml
trunk/refman-6.0/triggers.xml
trunk/refman-6.0/views.xml
Property changes on: trunk
___________________________________________________________________
Name: svk:merge
- 4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:35828
7d8d2c4e-af1d-0410-ab9f-b038ce55645b:/mysqldoc-local/mysqldoc:30057
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:14218
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:30059
+ 4767c598-dc10-0410-bea0-d01b485662eb:/mysqldoc-local/mysqldoc/trunk:35828
7d8d2c4e-af1d-0410-ab9f-b038ce55645b:/mysqldoc-local/mysqldoc:30059
b5ec3a16-e900-0410-9ad2-d183a3acac99:/mysqldoc-local/mysqldoc/trunk:14218
bf112a9c-6c03-0410-a055-ad865cd57414:/mysqldoc-local/mysqldoc/trunk:30059
Modified: trunk/it/refman-5.1/stored-procedures.xml
===================================================================
--- trunk/it/refman-5.1/stored-procedures.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/it/refman-5.1/stored-procedures.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 4, Lines Added: 27, Lines Deleted: 21; 4101 bytes
@@ -341,21 +341,26 @@
<remark role="help-description-begin"/>
<para>
- These statements create stored routines. To execute these
- statements, it is necessary to have the <literal>CREATE
- ROUTINE</literal> privilege. If binary logging is enabled, the
- <literal>CREATE FUNCTION</literal> statement might also require
- the <literal>SUPER</literal> privilege, as described in
- <xref linkend="stored-procedure-logging"/>. MySQL automatically
- grants the <literal>ALTER ROUTINE</literal> and
+ These statements create stored routines. By default, the routine
+ is associated with the default database. To associate the
+ routine explicitly with a given database, specify the name as
+ <replaceable>db_name.sp_name</replaceable> when you create it.
+ </para>
+
+ <para>
+ To execute these statements, it is necessary to have the
+ <literal>CREATE ROUTINE</literal> privilege. If binary logging
+ is enabled, the <literal>CREATE FUNCTION</literal> statement
+ might also require the <literal>SUPER</literal> privilege, as
+ described in <xref linkend="stored-procedure-logging"/>. MySQL
+ automatically grants the <literal>ALTER ROUTINE</literal> and
<literal>EXECUTE</literal> privileges to the routine creator.
</para>
<para>
- By default, the routine is associated with the default database.
- To associate the routine explicitly with a given database,
- specify the name as <replaceable>db_name.sp_name</replaceable>
- when you create it.
+ <literal>DEFINER</literal> and <literal>SQL SECURITY</literal>
+ clauses specify the security context to be used when checking
+ access privileges at view invocation time, as described later.
</para>
<para>
@@ -454,8 +459,11 @@
control structure statements. The syntax for these statements is
described later in this chapter. See, for example,
<xref linkend="declare"/>, and
- <xref linkend="flow-control-constructs"/>. Some statements are
- not allowed in stored routines; see
+ <xref linkend="flow-control-constructs"/>.
+ </para>
+
+ <para>
+ Some statements are not allowed in stored routines; see
<xref linkend="routine-restrictions"/>.
</para>
@@ -594,14 +602,16 @@
</para>
<para>
- If a <replaceable>user</replaceable> value is given, it should
- be a MySQL account in
+ If a <replaceable>user</replaceable> value is given for the
+ <literal>DEFINER</literal> clause, it should be a MySQL account
+ in
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
<replaceable>host_name</replaceable> values both are required.
- <function role="sql">CURRENT_USER</function> also can be given
- as <function role="sql">CURRENT_USER()</function>. The default
+ The definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
+ <function role="sql">CURRENT_USER()</function>. The default
<literal>DEFINER</literal> value is the user who executes the
<literal>CREATE PROCEDURE</literal> or <literal>CREATE
FUNCTION</literal> or statement. (This is the same as
@@ -714,10 +724,6 @@
</para>
<para>
- Stored routines cannot use <literal>LOAD DATA INFILE</literal>.
- </para>
-
- <para>
Statements that return a result set cannot be used within a
stored function. This includes <literal>SELECT</literal>
statements that do not use <literal>INTO</literal> to fetch
Modified: trunk/it/refman-5.1/triggers.xml
===================================================================
--- trunk/it/refman-5.1/triggers.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/it/refman-5.1/triggers.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 3, Lines Added: 16, Lines Deleted: 15; 3032 bytes
@@ -90,11 +90,11 @@
<para>
This statement creates a new trigger. A trigger is a named
database object that is associated with a table, and that
- activates when a particular event occurs for the table. Currently,
- <literal>CREATE TRIGGER</literal> requires the
- <literal>TRIGGER</literal> privilege for the table associated with
- the trigger. (This statement requires the <literal>SUPER</literal>
- privilege prior to MySQL 5.1.6.)
+ activates when a particular event occurs for the table. The
+ trigger becomes associated with the table named
+ <replaceable>tbl_name</replaceable>, which must refer to a
+ permanent table. You cannot associate a trigger with a
+ <literal>TEMPORARY</literal> table or a view.
</para>
<formalpara role="mnmas">
@@ -110,23 +110,23 @@
</formalpara>
<para>
- The trigger becomes associated with the table named
- <replaceable>tbl_name</replaceable>, which must refer to a
- permanent table. You cannot associate a trigger with a
- <literal>TEMPORARY</literal> table or a view.
+ <literal>CREATE TRIGGER</literal> requires the
+ <literal>TRIGGER</literal> privilege for the table associated with
+ the trigger. (Before MySQL 5.1.6, this statement requires the
+ <literal>SUPER</literal> privilege.)
</para>
<para>
- When the trigger is activated, the <literal>DEFINER</literal>
- clause determines the privileges that apply, as described later in
- this section.
+ The <literal>DEFINER</literal> clause determines the security
+ context to be used when checking access privileges at trigger
+ activation time.
</para>
<para>
<replaceable>trigger_time</replaceable> is the trigger action
time. It can be <literal>BEFORE</literal> or
<literal>AFTER</literal> to indicate that the trigger activates
- before or after the statement that activated it.
+ before or after each row to be modified.
</para>
<para>
@@ -358,8 +358,9 @@
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
- <replaceable>host_name</replaceable> values both are required.
- <function role="sql">CURRENT_USER</function> also can be given as
+ <replaceable>host_name</replaceable> values both are required. The
+ definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
<function role="sql">CURRENT_USER()</function>. The default
<literal>DEFINER</literal> value is the user who executes the
<literal>CREATE TRIGGER</literal> statement. (This is the same as
Modified: trunk/it/refman-5.1/views.xml
===================================================================
--- trunk/it/refman-5.1/views.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/it/refman-5.1/views.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 6, Lines Added: 66, Lines Deleted: 26; 6380 bytes
@@ -101,8 +101,8 @@
<literal>DROP</literal> privileges for the view, and some
privilege for each column referred to in the
<literal>SELECT</literal> statement. As of MySQL 5.1.23,
- <literal>ALTER VIEW</literal> is allowed only to the original
- definer or users with the <literal>SUPER</literal> privilege.
+ <literal>ALTER VIEW</literal> is allowed only to the definer or
+ users with the <literal>SUPER</literal> privilege.
</para>
<remark role="help-description-end"/>
@@ -166,6 +166,14 @@
</para>
<para>
+ The view definition is <quote>frozen</quote> at creation time, so
+ changes to the underlying tables afterward do not affect the view
+ definition. For example, if a view is defined as <literal>SELECT
+ *</literal> on a table, new columns added to the table later do
+ not become part of the view.
+ </para>
+
+ <para>
The <literal>ALGORITHM</literal> clause affects how MySQL
processes the view. The <literal>DEFINER</literal> and
<literal>SQL SECURITY</literal> clauses specify the security
@@ -217,6 +225,38 @@
</para>
<para>
+ When you modify an existing view, the current view definition is
+ backed up and saved. It is stored in that table's database
+ directory, in a sub-folder named <filename>arc</filename>. The
+ backup file will be named
+ <filename>view_name.frm-00001</filename>. If you alter the view
+ again, the next backup will be named
+ <filename>view_name.frm-00002</filename>. The three latest view
+ backup definitions will be stored.
+ </para>
+
+ <note>
+ <para>
+ Backed up view definitions will not be preserved by
+ <command>mysqldump</command>, or any other such programs, but
+ you could retain it from a file copy. However, they are not
+ needed for anything, but to provide you with a backup of your
+ previous view definition.
+ </para>
+ </note>
+
+ <para>
+ Also note that while it is safe to remove these, it is not safe to
+ do so while mysqld is running. If you delete this folder (or
+ sub-files) while mysqld is running, you will receive an error the
+ next time you try to alter that view:
+ </para>
+
+<programlisting>mysql> ALTER VIEW v AS SELECT * FROM t;
+ERROR 6 (HY000): Error on delete of '.\test\arc/v.frm-0004' (Errcode:
+2)</programlisting>
+
+ <para>
Columns retrieved by the <literal>SELECT</literal> statement can
be simple references to table columns. They can also be
expressions that use functions, constant values, operators, and so
@@ -380,23 +420,30 @@
<para>
The <literal>DEFINER</literal> and <literal>SQL SECURITY</literal>
- clauses specify the security context to be used when checking
- access privileges at view invocation time. They were addded in
- MySQL 5.1.2.
+ clauses determine which MySQL account to use when checking access
+ privileges for the view when a statement is executed that
+ references the view. They were addded in MySQL 5.1.2. The legal
+ <literal>SQL SECURITY</literal> characteristic values are
+ <literal>DEFINER</literal> and <literal>INVOKER</literal>. These
+ indicate that the required privileges must be held by the user who
+ defined or invoked the view, respectively. The default
+ <literal>SQL SECURITY</literal> value is
+ <literal>DEFINER</literal>.
</para>
<para>
- The default <literal>DEFINER</literal> value is the user who
- executes the <literal>CREATE VIEW</literal> statement. This is the
- same as specifying <literal>DEFINER = CURRENT_USER</literal>
- explicitly. <function role="sql">CURRENT_USER</function> also can
- be given as <function role="sql">CURRENT_USER()</function>. If a
- <replaceable>user</replaceable> value is given, it should be a
- MySQL account in
+ If a <replaceable>user</replaceable> value is given for the
+ <literal>DEFINER</literal> clause, it should be a MySQL account in
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
- <replaceable>host_name</replaceable> values both are required.
+ <replaceable>host_name</replaceable> values both are required. The
+ definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
+ <function role="sql">CURRENT_USER()</function>. The default
+ <literal>DEFINER</literal> value is the user who executes the
+ <literal>CREATE VIEW</literal> statement. This is the same as
+ specifying <literal>DEFINER = CURRENT_USER</literal> explicitly.
</para>
<para>
@@ -422,6 +469,12 @@
specify any syntactically legal account name. If the account
does not actually exist, a warning is generated.
</para>
+
+ <para>
+ If the <literal>SQL SECURITY</literal> value is
+ <literal>DEFINER</literal> but the definer account does not
+ exist when the view is referenced, an error occurs.
+ </para>
</listitem>
</itemizedlist>
@@ -436,19 +489,6 @@
</para>
<para>
- The <literal>SQL SECURITY</literal> characteristic determines
- which MySQL account to use when checking access privileges for the
- view when a statement is executed that references the view. The
- legal characteristic values are <literal>DEFINER</literal> and
- <literal>INVOKER</literal>. These indicate that the required
- privileges must be held by the user who defined or invoked the
- view, respectively. The default <literal>SQL SECURITY</literal>
- value is <literal>DEFINER</literal>. If the value is
- <literal>DEFINER</literal> but the definer account does not exist
- when the view is referenced, an error occurs.
- </para>
-
- <para>
As of MySQL 5.1.2 (when the <literal>DEFINER</literal> and
<literal>SQL SECURITY</literal> clauses were implemented), view
privileges are checked like this:
Modified: trunk/pt/refman-5.1/stored-procedures.xml
===================================================================
--- trunk/pt/refman-5.1/stored-procedures.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/pt/refman-5.1/stored-procedures.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 4, Lines Added: 27, Lines Deleted: 21; 4101 bytes
@@ -341,21 +341,26 @@
<remark role="help-description-begin"/>
<para>
- These statements create stored routines. To execute these
- statements, it is necessary to have the <literal>CREATE
- ROUTINE</literal> privilege. If binary logging is enabled, the
- <literal>CREATE FUNCTION</literal> statement might also require
- the <literal>SUPER</literal> privilege, as described in
- <xref linkend="stored-procedure-logging"/>. MySQL automatically
- grants the <literal>ALTER ROUTINE</literal> and
+ These statements create stored routines. By default, the routine
+ is associated with the default database. To associate the
+ routine explicitly with a given database, specify the name as
+ <replaceable>db_name.sp_name</replaceable> when you create it.
+ </para>
+
+ <para>
+ To execute these statements, it is necessary to have the
+ <literal>CREATE ROUTINE</literal> privilege. If binary logging
+ is enabled, the <literal>CREATE FUNCTION</literal> statement
+ might also require the <literal>SUPER</literal> privilege, as
+ described in <xref linkend="stored-procedure-logging"/>. MySQL
+ automatically grants the <literal>ALTER ROUTINE</literal> and
<literal>EXECUTE</literal> privileges to the routine creator.
</para>
<para>
- By default, the routine is associated with the default database.
- To associate the routine explicitly with a given database,
- specify the name as <replaceable>db_name.sp_name</replaceable>
- when you create it.
+ <literal>DEFINER</literal> and <literal>SQL SECURITY</literal>
+ clauses specify the security context to be used when checking
+ access privileges at view invocation time, as described later.
</para>
<para>
@@ -454,8 +459,11 @@
control structure statements. The syntax for these statements is
described later in this chapter. See, for example,
<xref linkend="declare"/>, and
- <xref linkend="flow-control-constructs"/>. Some statements are
- not allowed in stored routines; see
+ <xref linkend="flow-control-constructs"/>.
+ </para>
+
+ <para>
+ Some statements are not allowed in stored routines; see
<xref linkend="routine-restrictions"/>.
</para>
@@ -594,14 +602,16 @@
</para>
<para>
- If a <replaceable>user</replaceable> value is given, it should
- be a MySQL account in
+ If a <replaceable>user</replaceable> value is given for the
+ <literal>DEFINER</literal> clause, it should be a MySQL account
+ in
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
<replaceable>host_name</replaceable> values both are required.
- <function role="sql">CURRENT_USER</function> also can be given
- as <function role="sql">CURRENT_USER()</function>. The default
+ The definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
+ <function role="sql">CURRENT_USER()</function>. The default
<literal>DEFINER</literal> value is the user who executes the
<literal>CREATE PROCEDURE</literal> or <literal>CREATE
FUNCTION</literal> or statement. (This is the same as
@@ -714,10 +724,6 @@
</para>
<para>
- Stored routines cannot use <literal>LOAD DATA INFILE</literal>.
- </para>
-
- <para>
Statements that return a result set cannot be used within a
stored function. This includes <literal>SELECT</literal>
statements that do not use <literal>INTO</literal> to fetch
Modified: trunk/pt/refman-5.1/triggers.xml
===================================================================
--- trunk/pt/refman-5.1/triggers.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/pt/refman-5.1/triggers.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 3, Lines Added: 16, Lines Deleted: 15; 3032 bytes
@@ -90,11 +90,11 @@
<para>
This statement creates a new trigger. A trigger is a named
database object that is associated with a table, and that
- activates when a particular event occurs for the table. Currently,
- <literal>CREATE TRIGGER</literal> requires the
- <literal>TRIGGER</literal> privilege for the table associated with
- the trigger. (This statement requires the <literal>SUPER</literal>
- privilege prior to MySQL 5.1.6.)
+ activates when a particular event occurs for the table. The
+ trigger becomes associated with the table named
+ <replaceable>tbl_name</replaceable>, which must refer to a
+ permanent table. You cannot associate a trigger with a
+ <literal>TEMPORARY</literal> table or a view.
</para>
<formalpara role="mnmas">
@@ -110,23 +110,23 @@
</formalpara>
<para>
- The trigger becomes associated with the table named
- <replaceable>tbl_name</replaceable>, which must refer to a
- permanent table. You cannot associate a trigger with a
- <literal>TEMPORARY</literal> table or a view.
+ <literal>CREATE TRIGGER</literal> requires the
+ <literal>TRIGGER</literal> privilege for the table associated with
+ the trigger. (Before MySQL 5.1.6, this statement requires the
+ <literal>SUPER</literal> privilege.)
</para>
<para>
- When the trigger is activated, the <literal>DEFINER</literal>
- clause determines the privileges that apply, as described later in
- this section.
+ The <literal>DEFINER</literal> clause determines the security
+ context to be used when checking access privileges at trigger
+ activation time.
</para>
<para>
<replaceable>trigger_time</replaceable> is the trigger action
time. It can be <literal>BEFORE</literal> or
<literal>AFTER</literal> to indicate that the trigger activates
- before or after the statement that activated it.
+ before or after each row to be modified.
</para>
<para>
@@ -358,8 +358,9 @@
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
- <replaceable>host_name</replaceable> values both are required.
- <function role="sql">CURRENT_USER</function> also can be given as
+ <replaceable>host_name</replaceable> values both are required. The
+ definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
<function role="sql">CURRENT_USER()</function>. The default
<literal>DEFINER</literal> value is the user who executes the
<literal>CREATE TRIGGER</literal> statement. (This is the same as
Modified: trunk/pt/refman-5.1/views.xml
===================================================================
--- trunk/pt/refman-5.1/views.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/pt/refman-5.1/views.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 6, Lines Added: 66, Lines Deleted: 26; 6380 bytes
@@ -101,8 +101,8 @@
<literal>DROP</literal> privileges for the view, and some
privilege for each column referred to in the
<literal>SELECT</literal> statement. As of MySQL 5.1.23,
- <literal>ALTER VIEW</literal> is allowed only to the original
- definer or users with the <literal>SUPER</literal> privilege.
+ <literal>ALTER VIEW</literal> is allowed only to the definer or
+ users with the <literal>SUPER</literal> privilege.
</para>
<remark role="help-description-end"/>
@@ -166,6 +166,14 @@
</para>
<para>
+ The view definition is <quote>frozen</quote> at creation time, so
+ changes to the underlying tables afterward do not affect the view
+ definition. For example, if a view is defined as <literal>SELECT
+ *</literal> on a table, new columns added to the table later do
+ not become part of the view.
+ </para>
+
+ <para>
The <literal>ALGORITHM</literal> clause affects how MySQL
processes the view. The <literal>DEFINER</literal> and
<literal>SQL SECURITY</literal> clauses specify the security
@@ -217,6 +225,38 @@
</para>
<para>
+ When you modify an existing view, the current view definition is
+ backed up and saved. It is stored in that table's database
+ directory, in a sub-folder named <filename>arc</filename>. The
+ backup file will be named
+ <filename>view_name.frm-00001</filename>. If you alter the view
+ again, the next backup will be named
+ <filename>view_name.frm-00002</filename>. The three latest view
+ backup definitions will be stored.
+ </para>
+
+ <note>
+ <para>
+ Backed up view definitions will not be preserved by
+ <command>mysqldump</command>, or any other such programs, but
+ you could retain it from a file copy. However, they are not
+ needed for anything, but to provide you with a backup of your
+ previous view definition.
+ </para>
+ </note>
+
+ <para>
+ Also note that while it is safe to remove these, it is not safe to
+ do so while mysqld is running. If you delete this folder (or
+ sub-files) while mysqld is running, you will receive an error the
+ next time you try to alter that view:
+ </para>
+
+<programlisting>mysql> ALTER VIEW v AS SELECT * FROM t;
+ERROR 6 (HY000): Error on delete of '.\test\arc/v.frm-0004' (Errcode:
+2)</programlisting>
+
+ <para>
Columns retrieved by the <literal>SELECT</literal> statement can
be simple references to table columns. They can also be
expressions that use functions, constant values, operators, and so
@@ -380,23 +420,30 @@
<para>
The <literal>DEFINER</literal> and <literal>SQL SECURITY</literal>
- clauses specify the security context to be used when checking
- access privileges at view invocation time. They were addded in
- MySQL 5.1.2.
+ clauses determine which MySQL account to use when checking access
+ privileges for the view when a statement is executed that
+ references the view. They were addded in MySQL 5.1.2. The legal
+ <literal>SQL SECURITY</literal> characteristic values are
+ <literal>DEFINER</literal> and <literal>INVOKER</literal>. These
+ indicate that the required privileges must be held by the user who
+ defined or invoked the view, respectively. The default
+ <literal>SQL SECURITY</literal> value is
+ <literal>DEFINER</literal>.
</para>
<para>
- The default <literal>DEFINER</literal> value is the user who
- executes the <literal>CREATE VIEW</literal> statement. This is the
- same as specifying <literal>DEFINER = CURRENT_USER</literal>
- explicitly. <function role="sql">CURRENT_USER</function> also can
- be given as <function role="sql">CURRENT_USER()</function>. If a
- <replaceable>user</replaceable> value is given, it should be a
- MySQL account in
+ If a <replaceable>user</replaceable> value is given for the
+ <literal>DEFINER</literal> clause, it should be a MySQL account in
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
- <replaceable>host_name</replaceable> values both are required.
+ <replaceable>host_name</replaceable> values both are required. The
+ definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
+ <function role="sql">CURRENT_USER()</function>. The default
+ <literal>DEFINER</literal> value is the user who executes the
+ <literal>CREATE VIEW</literal> statement. This is the same as
+ specifying <literal>DEFINER = CURRENT_USER</literal> explicitly.
</para>
<para>
@@ -422,6 +469,12 @@
specify any syntactically legal account name. If the account
does not actually exist, a warning is generated.
</para>
+
+ <para>
+ If the <literal>SQL SECURITY</literal> value is
+ <literal>DEFINER</literal> but the definer account does not
+ exist when the view is referenced, an error occurs.
+ </para>
</listitem>
</itemizedlist>
@@ -436,19 +489,6 @@
</para>
<para>
- The <literal>SQL SECURITY</literal> characteristic determines
- which MySQL account to use when checking access privileges for the
- view when a statement is executed that references the view. The
- legal characteristic values are <literal>DEFINER</literal> and
- <literal>INVOKER</literal>. These indicate that the required
- privileges must be held by the user who defined or invoked the
- view, respectively. The default <literal>SQL SECURITY</literal>
- value is <literal>DEFINER</literal>. If the value is
- <literal>DEFINER</literal> but the definer account does not exist
- when the view is referenced, an error occurs.
- </para>
-
- <para>
As of MySQL 5.1.2 (when the <literal>DEFINER</literal> and
<literal>SQL SECURITY</literal> clauses were implemented), view
privileges are checked like this:
Modified: trunk/refman-5.0/stored-procedures.xml
===================================================================
--- trunk/refman-5.0/stored-procedures.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/refman-5.0/stored-procedures.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 4, Lines Added: 25, Lines Deleted: 19; 3938 bytes
@@ -350,21 +350,26 @@
<remark role="help-description-begin"/>
<para>
- These statements create stored routines. As of MySQL 5.0.3, to
- execute these statements, it is necessary to have the
- <literal>CREATE ROUTINE</literal> privilege. If binary logging
- is enabled, these statements might also require the
- <literal>SUPER</literal> privilege, as described in
+ These statements create stored routines. By default, the routine
+ is associated with the default database. To associate the
+ routine explicitly with a given database, specify the name as
+ <replaceable>db_name.sp_name</replaceable> when you create it.
+ </para>
+
+ <para>
+ As of MySQL 5.0.3, to execute these statements, it is necessary
+ to have the <literal>CREATE ROUTINE</literal> privilege. If
+ binary logging is enabled, these statements might also require
+ the <literal>SUPER</literal> privilege, as described in
<xref linkend="stored-procedure-logging"/>. MySQL automatically
grants the <literal>ALTER ROUTINE</literal> and
<literal>EXECUTE</literal> privileges to the routine creator.
</para>
<para>
- By default, the routine is associated with the default database.
- To associate the routine explicitly with a given database,
- specify the name as <replaceable>db_name.sp_name</replaceable>
- when you create it.
+ <literal>DEFINER</literal> and <literal>SQL SECURITY</literal>
+ clauses specify the security context to be used when checking
+ access privileges at view invocation time, as described later.
</para>
<para>
@@ -463,8 +468,11 @@
control structure statements. The syntax for these statements is
described later in this chapter. See, for example,
<xref linkend="declare"/>, and
- <xref linkend="flow-control-constructs"/>. Some statements are
- not allowed in stored routines; see
+ <xref linkend="flow-control-constructs"/>.
+ </para>
+
+ <para>
+ Some statements are not allowed in stored routines; see
<xref linkend="routine-restrictions"/>.
</para>
@@ -603,14 +611,16 @@
</para>
<para>
- If a <replaceable>user</replaceable> value is given, it should
- be a MySQL account in
+ If a <replaceable>user</replaceable> value is given for the
+ <literal>DEFINER</literal> clause, it should be a MySQL account
+ in
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
<replaceable>host_name</replaceable> values both are required.
- <function role="sql">CURRENT_USER</function> also can be given
- as <function role="sql">CURRENT_USER()</function>. The default
+ The definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
+ <function role="sql">CURRENT_USER()</function>. The default
<literal>DEFINER</literal> value is the user who executes the
<literal>CREATE PROCEDURE</literal> or <literal>CREATE
FUNCTION</literal> or statement. (This is the same as
@@ -743,10 +753,6 @@
</para>
<para>
- Stored routines cannot use <literal>LOAD DATA INFILE</literal>.
- </para>
-
- <para>
Statements that return a result set cannot be used within a
stored function. This includes <literal>SELECT</literal>
statements that do not use <literal>INTO</literal> to fetch
Modified: trunk/refman-5.0/triggers.xml
===================================================================
--- trunk/refman-5.0/triggers.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/refman-5.0/triggers.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 3, Lines Added: 15, Lines Deleted: 14; 2870 bytes
@@ -91,10 +91,12 @@
<para>
This statement creates a new trigger. A trigger is a named
database object that is associated with a table, and that
- activates when a particular event occurs for the table.
- <literal>CREATE TRIGGER</literal> was added in MySQL 5.0.2.
- Currently, its use requires the <literal>SUPER</literal>
- privilege.
+ activates when a particular event occurs for the table. The
+ trigger becomes associated with the table named
+ <replaceable>tbl_name</replaceable>, which must refer to a
+ permanent table. You cannot associate a trigger with a
+ <literal>TEMPORARY</literal> table or a view. <literal>CREATE
+ TRIGGER</literal> was added in MySQL 5.0.2.
</para>
<formalpara role="mnmas">
@@ -110,23 +112,21 @@
</formalpara>
<para>
- The trigger becomes associated with the table named
- <replaceable>tbl_name</replaceable>, which must refer to a
- permanent table. You cannot associate a trigger with a
- <literal>TEMPORARY</literal> table or a view.
+ In MySQL ¤t-series; <literal>CREATE TRIGGER</literal>
+ requires the <literal>SUPER</literal> privilege.
</para>
<para>
- When the trigger is activated, the <literal>DEFINER</literal>
- clause determines the privileges that apply, as described later in
- this section.
+ The <literal>DEFINER</literal> clause determines the security
+ context to be used when checking access privileges at trigger
+ activation time.
</para>
<para>
<replaceable>trigger_time</replaceable> is the trigger action
time. It can be <literal>BEFORE</literal> or
<literal>AFTER</literal> to indicate that the trigger activates
- before or after the statement that activated it.
+ before or after each row to be modified.
</para>
<para>
@@ -361,8 +361,9 @@
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
- <replaceable>host_name</replaceable> values both are required.
- <function role="sql">CURRENT_USER</function> also can be given as
+ <replaceable>host_name</replaceable> values both are required. The
+ definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
<function role="sql">CURRENT_USER()</function>. The default
<literal>DEFINER</literal> value is the user who executes the
<literal>CREATE TRIGGER</literal> statement. (This is the same as
Modified: trunk/refman-5.0/views.xml
===================================================================
--- trunk/refman-5.0/views.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/refman-5.0/views.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 3, Lines Added: 25, Lines Deleted: 24; 3845 bytes
@@ -429,23 +429,31 @@
<para>
The <literal>DEFINER</literal> and <literal>SQL SECURITY</literal>
- clauses specify the security context to be used when checking
- access privileges at view invocation time. They were addded in
- MySQL 5.0.13, but have no effect until MySQL 5.0.16.
+ clauses determine which MySQL account to use when checking access
+ privileges for the view when a statement is executed that
+ references the view. They were addded in MySQL 5.0.13, but have no
+ effect until MySQL 5.0.16. The legal <literal>SQL
+ SECURITY</literal> characteristic values are
+ <literal>DEFINER</literal> and <literal>INVOKER</literal>. These
+ indicate that the required privileges must be held by the user who
+ defined or invoked the view, respectively. The default
+ <literal>SQL SECURITY</literal> value is
+ <literal>DEFINER</literal>.
</para>
<para>
- The default <literal>DEFINER</literal> value is the user who
- executes the <literal>CREATE VIEW</literal> statement. This is the
- same as specifying <literal>DEFINER = CURRENT_USER</literal>
- explicitly. <function role="sql">CURRENT_USER</function> also can
- be given as <function role="sql">CURRENT_USER()</function>. If a
- <replaceable>user</replaceable> value is given, it should be a
- MySQL account in
+ If a <replaceable>user</replaceable> value is given for the
+ <literal>DEFINER</literal> clause, it should be a MySQL account in
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
- <replaceable>host_name</replaceable> values both are required.
+ <replaceable>host_name</replaceable> values both are required. The
+ definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
+ <function role="sql">CURRENT_USER()</function>. The default
+ <literal>DEFINER</literal> value is the user who executes the
+ <literal>CREATE VIEW</literal> statement. This is the same as
+ specifying <literal>DEFINER = CURRENT_USER</literal> explicitly.
</para>
<para>
@@ -471,6 +479,12 @@
specify any syntactically legal account name. If the account
does not actually exist, a warning is generated.
</para>
+
+ <para>
+ If the <literal>SQL SECURITY</literal> value is
+ <literal>DEFINER</literal> but the definer account does not
+ exist when the view is referenced, an error occurs.
+ </para>
</listitem>
</itemizedlist>
@@ -485,19 +499,6 @@
</para>
<para>
- The <literal>SQL SECURITY</literal> characteristic determines
- which MySQL account to use when checking access privileges for the
- view when a statement is executed that references the view. The
- legal characteristic values are <literal>DEFINER</literal> and
- <literal>INVOKER</literal>. These indicate that the required
- privileges must be held by the user who defined or invoked the
- view, respectively. The default <literal>SQL SECURITY</literal>
- value is <literal>DEFINER</literal>. If the value is
- <literal>DEFINER</literal> but the definer account does not exist
- when the view is referenced, an error occurs.
- </para>
-
- <para>
As of MySQL 5.0.16 (when the <literal>DEFINER</literal> and
<literal>SQL SECURITY</literal> clauses were implemented), view
privileges are checked like this:
Modified: trunk/refman-5.1/events.xml
===================================================================
--- trunk/refman-5.1/events.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/refman-5.1/events.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 2, Lines Added: 5, Lines Deleted: 8; 1539 bytes
@@ -862,12 +862,8 @@
<para>
The keywords <literal>CREATE EVENT</literal> plus an event
name, which uniquely identifies the event in the current
- schema.
- </para>
-
- <para>
- (Prior to MySQL 5.1.12, the event name needed to be unique
- only among events created by the same user on a given
+ schema. (Prior to MySQL 5.1.12, the event name needed to be
+ unique only among events created by the same user on a given
database.)
</para>
</listitem>
@@ -946,8 +942,9 @@
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
<replaceable>host_name</replaceable> values both are required.
- <function role="sql">CURRENT_USER</function> also can be given
- as <function role="sql">CURRENT_USER()</function>. The default
+ The definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
+ <function role="sql">CURRENT_USER()</function>. The default
<literal>DEFINER</literal> value is the user who executes the
<literal>CREATE EVENT</literal> statement. (This is the same as
<literal>DEFINER = CURRENT_USER</literal>.)
Modified: trunk/refman-5.1/stored-procedures.xml
===================================================================
--- trunk/refman-5.1/stored-procedures.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/refman-5.1/stored-procedures.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 4, Lines Added: 27, Lines Deleted: 21; 4092 bytes
@@ -341,21 +341,26 @@
<remark role="help-description-begin"/>
<para>
- These statements create stored routines. To execute these
- statements, it is necessary to have the <literal>CREATE
- ROUTINE</literal> privilege. If binary logging is enabled, the
- <literal>CREATE FUNCTION</literal> statement might also require
- the <literal>SUPER</literal> privilege, as described in
- <xref linkend="stored-procedure-logging"/>. MySQL automatically
- grants the <literal>ALTER ROUTINE</literal> and
+ These statements create stored routines. By default, the routine
+ is associated with the default database. To associate the
+ routine explicitly with a given database, specify the name as
+ <replaceable>db_name.sp_name</replaceable> when you create it.
+ </para>
+
+ <para>
+ To execute these statements, it is necessary to have the
+ <literal>CREATE ROUTINE</literal> privilege. If binary logging
+ is enabled, the <literal>CREATE FUNCTION</literal> statement
+ might also require the <literal>SUPER</literal> privilege, as
+ described in <xref linkend="stored-procedure-logging"/>. MySQL
+ automatically grants the <literal>ALTER ROUTINE</literal> and
<literal>EXECUTE</literal> privileges to the routine creator.
</para>
<para>
- By default, the routine is associated with the default database.
- To associate the routine explicitly with a given database,
- specify the name as <replaceable>db_name.sp_name</replaceable>
- when you create it.
+ <literal>DEFINER</literal> and <literal>SQL SECURITY</literal>
+ clauses specify the security context to be used when checking
+ access privileges at view invocation time, as described later.
</para>
<para>
@@ -454,8 +459,11 @@
control structure statements. The syntax for these statements is
described later in this chapter. See, for example,
<xref linkend="declare"/>, and
- <xref linkend="flow-control-constructs"/>. Some statements are
- not allowed in stored routines; see
+ <xref linkend="flow-control-constructs"/>.
+ </para>
+
+ <para>
+ Some statements are not allowed in stored routines; see
<xref linkend="routine-restrictions"/>.
</para>
@@ -594,14 +602,16 @@
</para>
<para>
- If a <replaceable>user</replaceable> value is given, it should
- be a MySQL account in
+ If a <replaceable>user</replaceable> value is given for the
+ <literal>DEFINER</literal> clause, it should be a MySQL account
+ in
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
<replaceable>host_name</replaceable> values both are required.
- <function role="sql">CURRENT_USER</function> also can be given
- as <function role="sql">CURRENT_USER()</function>. The default
+ The definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
+ <function role="sql">CURRENT_USER()</function>. The default
<literal>DEFINER</literal> value is the user who executes the
<literal>CREATE PROCEDURE</literal> or <literal>CREATE
FUNCTION</literal> or statement. (This is the same as
@@ -714,10 +724,6 @@
</para>
<para>
- Stored routines cannot use <literal>LOAD DATA INFILE</literal>.
- </para>
-
- <para>
Statements that return a result set cannot be used within a
stored function. This includes <literal>SELECT</literal>
statements that do not use <literal>INTO</literal> to fetch
Modified: trunk/refman-5.1/triggers.xml
===================================================================
--- trunk/refman-5.1/triggers.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/refman-5.1/triggers.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 3, Lines Added: 16, Lines Deleted: 15; 3023 bytes
@@ -90,11 +90,11 @@
<para>
This statement creates a new trigger. A trigger is a named
database object that is associated with a table, and that
- activates when a particular event occurs for the table. Currently,
- <literal>CREATE TRIGGER</literal> requires the
- <literal>TRIGGER</literal> privilege for the table associated with
- the trigger. (This statement requires the <literal>SUPER</literal>
- privilege prior to MySQL 5.1.6.)
+ activates when a particular event occurs for the table. The
+ trigger becomes associated with the table named
+ <replaceable>tbl_name</replaceable>, which must refer to a
+ permanent table. You cannot associate a trigger with a
+ <literal>TEMPORARY</literal> table or a view.
</para>
<formalpara role="mnmas">
@@ -110,23 +110,23 @@
</formalpara>
<para>
- The trigger becomes associated with the table named
- <replaceable>tbl_name</replaceable>, which must refer to a
- permanent table. You cannot associate a trigger with a
- <literal>TEMPORARY</literal> table or a view.
+ <literal>CREATE TRIGGER</literal> requires the
+ <literal>TRIGGER</literal> privilege for the table associated with
+ the trigger. (Before MySQL 5.1.6, this statement requires the
+ <literal>SUPER</literal> privilege.)
</para>
<para>
- When the trigger is activated, the <literal>DEFINER</literal>
- clause determines the privileges that apply, as described later in
- this section.
+ The <literal>DEFINER</literal> clause determines the security
+ context to be used when checking access privileges at trigger
+ activation time.
</para>
<para>
<replaceable>trigger_time</replaceable> is the trigger action
time. It can be <literal>BEFORE</literal> or
<literal>AFTER</literal> to indicate that the trigger activates
- before or after the statement that activated it.
+ before or after each row to be modified.
</para>
<para>
@@ -358,8 +358,9 @@
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
- <replaceable>host_name</replaceable> values both are required.
- <function role="sql">CURRENT_USER</function> also can be given as
+ <replaceable>host_name</replaceable> values both are required. The
+ definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
<function role="sql">CURRENT_USER()</function>. The default
<literal>DEFINER</literal> value is the user who executes the
<literal>CREATE TRIGGER</literal> statement. (This is the same as
Modified: trunk/refman-5.1/views.xml
===================================================================
--- trunk/refman-5.1/views.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/refman-5.1/views.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 3, Lines Added: 24, Lines Deleted: 24; 3758 bytes
@@ -420,23 +420,30 @@
<para>
The <literal>DEFINER</literal> and <literal>SQL SECURITY</literal>
- clauses specify the security context to be used when checking
- access privileges at view invocation time. They were addded in
- MySQL 5.1.2.
+ clauses determine which MySQL account to use when checking access
+ privileges for the view when a statement is executed that
+ references the view. They were addded in MySQL 5.1.2. The legal
+ <literal>SQL SECURITY</literal> characteristic values are
+ <literal>DEFINER</literal> and <literal>INVOKER</literal>. These
+ indicate that the required privileges must be held by the user who
+ defined or invoked the view, respectively. The default
+ <literal>SQL SECURITY</literal> value is
+ <literal>DEFINER</literal>.
</para>
<para>
- The default <literal>DEFINER</literal> value is the user who
- executes the <literal>CREATE VIEW</literal> statement. This is the
- same as specifying <literal>DEFINER = CURRENT_USER</literal>
- explicitly. <function role="sql">CURRENT_USER</function> also can
- be given as <function role="sql">CURRENT_USER()</function>. If a
- <replaceable>user</replaceable> value is given, it should be a
- MySQL account in
+ If a <replaceable>user</replaceable> value is given for the
+ <literal>DEFINER</literal> clause, it should be a MySQL account in
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
- <replaceable>host_name</replaceable> values both are required.
+ <replaceable>host_name</replaceable> values both are required. The
+ definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
+ <function role="sql">CURRENT_USER()</function>. The default
+ <literal>DEFINER</literal> value is the user who executes the
+ <literal>CREATE VIEW</literal> statement. This is the same as
+ specifying <literal>DEFINER = CURRENT_USER</literal> explicitly.
</para>
<para>
@@ -462,6 +469,12 @@
specify any syntactically legal account name. If the account
does not actually exist, a warning is generated.
</para>
+
+ <para>
+ If the <literal>SQL SECURITY</literal> value is
+ <literal>DEFINER</literal> but the definer account does not
+ exist when the view is referenced, an error occurs.
+ </para>
</listitem>
</itemizedlist>
@@ -476,19 +489,6 @@
</para>
<para>
- The <literal>SQL SECURITY</literal> characteristic determines
- which MySQL account to use when checking access privileges for the
- view when a statement is executed that references the view. The
- legal characteristic values are <literal>DEFINER</literal> and
- <literal>INVOKER</literal>. These indicate that the required
- privileges must be held by the user who defined or invoked the
- view, respectively. The default <literal>SQL SECURITY</literal>
- value is <literal>DEFINER</literal>. If the value is
- <literal>DEFINER</literal> but the definer account does not exist
- when the view is referenced, an error occurs.
- </para>
-
- <para>
As of MySQL 5.1.2 (when the <literal>DEFINER</literal> and
<literal>SQL SECURITY</literal> clauses were implemented), view
privileges are checked like this:
Modified: trunk/refman-6.0/stored-procedures.xml
===================================================================
--- trunk/refman-6.0/stored-procedures.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/refman-6.0/stored-procedures.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 4, Lines Added: 27, Lines Deleted: 21; 4092 bytes
@@ -341,21 +341,26 @@
<remark role="help-description-begin"/>
<para>
- These statements create stored routines. To execute these
- statements, it is necessary to have the <literal>CREATE
- ROUTINE</literal> privilege. If binary logging is enabled, the
- <literal>CREATE FUNCTION</literal> statement might also require
- the <literal>SUPER</literal> privilege, as described in
- <xref linkend="stored-procedure-logging"/>. MySQL automatically
- grants the <literal>ALTER ROUTINE</literal> and
+ These statements create stored routines. By default, the routine
+ is associated with the default database. To associate the
+ routine explicitly with a given database, specify the name as
+ <replaceable>db_name.sp_name</replaceable> when you create it.
+ </para>
+
+ <para>
+ To execute these statements, it is necessary to have the
+ <literal>CREATE ROUTINE</literal> privilege. If binary logging
+ is enabled, the <literal>CREATE FUNCTION</literal> statement
+ might also require the <literal>SUPER</literal> privilege, as
+ described in <xref linkend="stored-procedure-logging"/>. MySQL
+ automatically grants the <literal>ALTER ROUTINE</literal> and
<literal>EXECUTE</literal> privileges to the routine creator.
</para>
<para>
- By default, the routine is associated with the default database.
- To associate the routine explicitly with a given database,
- specify the name as <replaceable>db_name.sp_name</replaceable>
- when you create it.
+ <literal>DEFINER</literal> and <literal>SQL SECURITY</literal>
+ clauses specify the security context to be used when checking
+ access privileges at view invocation time, as described later.
</para>
<para>
@@ -454,8 +459,11 @@
control structure statements. The syntax for these statements is
described later in this chapter. See, for example,
<xref linkend="declare"/>, and
- <xref linkend="flow-control-constructs"/>. Some statements are
- not allowed in stored routines; see
+ <xref linkend="flow-control-constructs"/>.
+ </para>
+
+ <para>
+ Some statements are not allowed in stored routines; see
<xref linkend="routine-restrictions"/>.
</para>
@@ -592,14 +600,16 @@
</para>
<para>
- If a <replaceable>user</replaceable> value is given, it should
- be a MySQL account in
+ If a <replaceable>user</replaceable> value is given for the
+ <literal>DEFINER</literal> clause, it should be a MySQL account
+ in
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
<replaceable>host_name</replaceable> values both are required.
- <function role="sql">CURRENT_USER</function> also can be given
- as <function role="sql">CURRENT_USER()</function>. The default
+ The definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
+ <function role="sql">CURRENT_USER()</function>. The default
<literal>DEFINER</literal> value is the user who executes the
<literal>CREATE PROCEDURE</literal> or <literal>CREATE
FUNCTION</literal> or statement. (This is the same as
@@ -712,10 +722,6 @@
</para>
<para>
- Stored routines cannot use <literal>LOAD DATA INFILE</literal>.
- </para>
-
- <para>
Statements that return a result set cannot be used within a
stored function. This includes <literal>SELECT</literal>
statements that do not use <literal>INTO</literal> to fetch
Modified: trunk/refman-6.0/triggers.xml
===================================================================
--- trunk/refman-6.0/triggers.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/refman-6.0/triggers.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 3, Lines Added: 15, Lines Deleted: 14; 2838 bytes
@@ -90,10 +90,11 @@
<para>
This statement creates a new trigger. A trigger is a named
database object that is associated with a table, and that
- activates when a particular event occurs for the table. Currently,
- <literal>CREATE TRIGGER</literal> requires the
- <literal>TRIGGER</literal> privilege for the table associated with
- the trigger.
+ activates when a particular event occurs for the table. The
+ trigger becomes associated with the table named
+ <replaceable>tbl_name</replaceable>, which must refer to a
+ permanent table. You cannot associate a trigger with a
+ <literal>TEMPORARY</literal> table or a view.
</para>
<formalpara role="mnmas">
@@ -109,23 +110,22 @@
</formalpara>
<para>
- The trigger becomes associated with the table named
- <replaceable>tbl_name</replaceable>, which must refer to a
- permanent table. You cannot associate a trigger with a
- <literal>TEMPORARY</literal> table or a view.
+ <literal>CREATE TRIGGER</literal> requires the
+ <literal>TRIGGER</literal> privilege for the table associated with
+ the trigger.
</para>
<para>
- When the trigger is activated, the <literal>DEFINER</literal>
- clause determines the privileges that apply, as described later in
- this section.
+ The <literal>DEFINER</literal> clause determines the security
+ context to be used when checking access privileges at trigger
+ activation time.
</para>
<para>
<replaceable>trigger_time</replaceable> is the trigger action
time. It can be <literal>BEFORE</literal> or
<literal>AFTER</literal> to indicate that the trigger activates
- before or after the statement that activated it.
+ before or after each row to be modified.
</para>
<para>
@@ -357,8 +357,9 @@
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
- <replaceable>host_name</replaceable> values both are required.
- <function role="sql">CURRENT_USER</function> also can be given as
+ <replaceable>host_name</replaceable> values both are required. The
+ definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
<function role="sql">CURRENT_USER()</function>. The default
<literal>DEFINER</literal> value is the user who executes the
<literal>CREATE TRIGGER</literal> statement. (This is the same as
Modified: trunk/refman-6.0/views.xml
===================================================================
--- trunk/refman-6.0/views.xml 2008-03-17 16:12:41 UTC (rev 10273)
+++ trunk/refman-6.0/views.xml 2008-03-17 16:12:57 UTC (rev 10274)
Changed blocks: 3, Lines Added: 23, Lines Deleted: 23; 3563 bytes
@@ -420,22 +420,29 @@
<para>
The <literal>DEFINER</literal> and <literal>SQL SECURITY</literal>
- clauses specify the security context to be used when checking
- access privileges at view invocation time.
+ clauses determine which MySQL account to use when checking access
+ privileges for the view when a statement is executed that
+ references the view. The legal <literal>SQL SECURITY</literal>
+ characteristic values are <literal>DEFINER</literal> and
+ <literal>INVOKER</literal>. These indicate that the required
+ privileges must be held by the user who defined or invoked the
+ view, respectively. The default <literal>SQL SECURITY</literal>
+ value is <literal>DEFINER</literal>.
</para>
<para>
- The default <literal>DEFINER</literal> value is the user who
- executes the <literal>CREATE VIEW</literal> statement. This is the
- same as specifying <literal>DEFINER = CURRENT_USER</literal>
- explicitly. <function role="sql">CURRENT_USER</function> also can
- be given as <function role="sql">CURRENT_USER()</function>. If a
- <replaceable>user</replaceable> value is given, it should be a
- MySQL account in
+ If a <replaceable>user</replaceable> value is given for the
+ <literal>DEFINER</literal> clause, it should be a MySQL account in
<literal>'<replaceable>user_name</replaceable>'@'<replaceable>host_name</replaceable>'</literal>
format (the same format used in the <literal>GRANT</literal>
statement). The <replaceable>user_name</replaceable> and
- <replaceable>host_name</replaceable> values both are required.
+ <replaceable>host_name</replaceable> values both are required. The
+ definer can also be given as
+ <function role="sql">CURRENT_USER</function> or
+ <function role="sql">CURRENT_USER()</function>. The default
+ <literal>DEFINER</literal> value is the user who executes the
+ <literal>CREATE VIEW</literal> statement. This is the same as
+ specifying <literal>DEFINER = CURRENT_USER</literal> explicitly.
</para>
<para>
@@ -461,6 +468,12 @@
specify any syntactically legal account name. If the account
does not actually exist, a warning is generated.
</para>
+
+ <para>
+ If the <literal>SQL SECURITY</literal> value is
+ <literal>DEFINER</literal> but the definer account does not
+ exist when the view is referenced, an error occurs.
+ </para>
</listitem>
</itemizedlist>
@@ -475,19 +488,6 @@
</para>
<para>
- The <literal>SQL SECURITY</literal> characteristic determines
- which MySQL account to use when checking access privileges for the
- view when a statement is executed that references the view. The
- legal characteristic values are <literal>DEFINER</literal> and
- <literal>INVOKER</literal>. These indicate that the required
- privileges must be held by the user who defined or invoked the
- view, respectively. The default <literal>SQL SECURITY</literal>
- value is <literal>DEFINER</literal>. If the value is
- <literal>DEFINER</literal> but the definer account does not exist
- when the view is referenced, an error occurs.
- </para>
-
- <para>
View privileges are checked like this:
</para>
| Thread |
|---|
| • svn commit - mysqldoc@docsrva: r10274 - in trunk: . it/refman-5.1 pt/refman-5.1 refman-5.0 refman-5.1 refman-6.0 | paul | 17 Mar |
