Hi Sergei, thanks for your answer!
On Fri, Nov 02, 2007 at 18:34:02 +0100, Sergei Golubchik wrote:
[...]
> On Nov 02, Vasil Dimov wrote:
[...]
> > Is it possible for an INFORMATION_SCHEMA plugin to restrict the access to
> > the table that it provides? For example allow only the superuser to
> > SELECT from the table?
>
> No. And it will never be :)
> We''re trying to follow the spirit of the standard here - all standard
> I_S tables are readable by anybody, the standart says
>
> GRANT SELECT ON TABLE xxxxx TO PUBLIC WITH GRANT OPTION;
>
> If one doesn't have enough privileges to see the content, he won't see
> it - a particular value will be NULL or a row will be skipped.
>
> For example, in INFORMATION_SCHEMA.TABLES one won't see rows for tables
> that he has no privileges on. In INFORMATION_SCHEMA.ROUTINES one can see
> routines he can execute, but routine body still may be NULL, if he
> doesn't have additional privileges, besides EXECUTE (*)
>
> We're trying to follow these guideliines in the non-standard I_S tables.
> So, everybody will be able to select from your I_S table, but you can
> return an empty set to anybody but a superuser.
Yes, I see your point. Showing empty tables to non-superusers is what I
am going to do.
> You'll need to check privileges, which we don't have a good API for, at
> the moment. Will be fixed when WL#3859 is implemented.
[...]
Wow, 6.1! Can you give me some hint how to check for superuser in 5.1?
(I haven't yet looked into the code...).
Thanks!
--
Vasil Dimov
moc.elcaro@stripped Software Developer @ Oracle/Innobase Oy
gro.DSBeerF@dv Committer @ FreeBSD.org
gro.d5v@dv Home @ Sofia, Bulgaria
Attachment: [application/pgp-signature]
