List:General Discussion« Previous MessageNext Message »
From:Mark M. Ito Date:April 15 2005 3:12pm
Subject:Re: order important in grant commands?
View as plain text  
Gleb et al.,

Gleb Paharenko wrote:

>I think the grant statements flow order doesn't
>matter, because according to:
>
>  http://dev.mysql.com/doc/mysql/en/connection-access.html
>
>server sorts the entries of the grant tables before reading them.
>  
>
That is what I thought. Because of the sorting I should not have to 
worry about the order of issuing the grant commands. That's why I posted.

>What output does the following statement produce:
>
>  show grants for current_user();
>
>  
>
Now there's an excellent idea! Here is what I get in the "bad" 
configuration:

  ==begin quote==

 > mysql -hclaspc2.jlab.org -uprimex_user -A primex_calib ;
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 136 to server version: 4.1.11-standard

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show grants for current_user();
+---------------------------------------------------------------------------------+
| Grants for 
primex_user@%.jlab.org                                               |
+---------------------------------------------------------------------------------+
| GRANT CREATE TEMPORARY TABLES, LOCK TABLES ON *.* TO 
'primex_user'@'%.jlab.org' |
| GRANT ALL PRIVILEGES ON `primex_calib`.* TO 
'primex_user'@'%.jlab.org'          |
+---------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> insert into testSystem_testAttribute set comment='junk entry';
ERROR 1142 (42000): INSERT command denied to user 
'primex_user'@'claspc2.jlab.org' for table 'testSystem_testAttribute'

  ==end quote==

where I have dispensed with the coy generic names of users, servers and 
domains.

If I do the grants in the "good" order I get:

  ==begin quote==

 > mysql -hclaspc2.jlab.org -uprimex_user -A primex_calib
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 140 to server version: 4.1.11-standard

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> show grants for current_user();
+---------------------------------------------------------------------------------+
| Grants for 
primex_user@%.jlab.org                                               |
+---------------------------------------------------------------------------------+
| GRANT CREATE TEMPORARY TABLES, LOCK TABLES ON *.* TO 
'primex_user'@'%.jlab.org' |
| GRANT ALL PRIVILEGES ON `primex_calib`.* TO 
'primex_user'@'%.jlab.org'          |
+---------------------------------------------------------------------------------+
2 rows in set (0.06 sec)

mysql> insert into testSystem_testAttribute set comment='junk entry';
Query OK, 1 row affected (0.00 sec)

  ==end quote==

which looks like the same privileges to me, but with much better results.

What is going on?

  - Mark

Thread
order important in grant commands?Mark M. Ito14 Apr
  • Re: order important in grant commands?Gleb Paharenko15 Apr
    • Re: order important in grant commands?Mark M. Ito15 Apr
      • Re: order important in grant commands?Gleb Paharenko15 Apr
    • Re: order important in grant commands?Mark M. Ito15 Apr
      • Re: order important in grant commands?Gleb Paharenko18 Apr