List:General Discussion« Previous MessageNext Message »
From:Gleb Paharenko Date:April 15 2005 7:33am
Subject:Re: order important in grant commands?
View as plain text  
Hello.

I think the grant statements flow order doesn't
matter, because according to:

  http://dev.mysql.com/doc/mysql/en/connection-access.html

server sorts the entries of the grant tables before reading them.
What output does the following statement produce:

  show grants for current_user();






"Mark M. Ito" <marki@stripped> wrote:
> Dear MySQL List,
> 
> Is order important when issuing grant commands?
> 
>  Linux, Fedora Core 3
>  MySQL server version: 4.1.11-standard, installed via RPM.
>  perl DBI module installed from CPAN on top of this version.
> 
> I am trying to allow all privileges to a given user to a given
> database from inside my local domain, but allow only select privileges
> to the same user on the same database from outside that domain. If I
> use the "bad" order (see below) of the grant commands, I get a
> situation where the local user does not have insert privileges. The
> user's name is user, the database name is calib and the domain is
> domain.org.
> 
> Good order:
> 
> grant select on calib.* to user@"%";
> grant all on calib.* to user@"%.domain.org";
> 
> Bad order:
> 
> grant all on calib.* to user@"%.domain.org";
> grant select on calib.* to user@"%";
> 
> With the bad order, write privilege seems turned off. I get errors like
> 
> execute failed: INSERT command denied to user 
> 'user'@'claspc2.domain.org' for table 'RunIndex'
> 
> from the perl DBI module. With the good order, the same script works!
> 
> In between invocations, I use the revoke command to wipe out this
> user/db combo completely from the db table.
> 
> With both grant orders, the mysql.db tables looks the same, with the
> Y's and N's exactly where I expect them, at least from the mysql
> command line.
> 
> Any helpful hints? Derisive comments?
> 
>  - Mark
> 
> 
> 


-- 
For technical support contracts, goto https://order.mysql.com/?ref=ensita
This email is sponsored by Ensita.NET http://www.ensita.net/
   __  ___     ___ ____  __
  /  |/  /_ __/ __/ __ \/ /    Gleb Paharenko
 / /|_/ / // /\ \/ /_/ / /__   Gleb.Paharenko@stripped
/_/  /_/\_, /___/\___\_\___/   MySQL AB / Ensita.NET
       <___/   www.mysql.com



Thread
order important in grant commands?Mark M. Ito14 Apr
  • Re: order important in grant commands?Gleb Paharenko15 Apr
    • Re: order important in grant commands?Mark M. Ito15 Apr
      • Re: order important in grant commands?Gleb Paharenko15 Apr
    • Re: order important in grant commands?Mark M. Ito15 Apr
      • Re: order important in grant commands?Gleb Paharenko18 Apr