List:General Discussion« Previous MessageNext Message »
From:Yves Goergen Date:January 2 2006 3:52pm
Subject:Re: REVOKE GRANT OPTION - is that possible?
View as plain text  
On 02.01.2006 13:41 (+0100), Imran Chaudhry wrote:
> GRANT and REVOKE are essential to your database security, I would
> think twice before adding a "layer" on top of them. There is potential
> for error and you dont want that where security is related. It is
> probably worth the "pain" of learning the ins and outs of
> GRANT/REVOKE.

I wanted to create a tool that manages these privileges with a simple
interface. To me, GRANT is a privilege like others are. I know that
GRANT is a very powerful privilege but it's still a privilege and I
don't want to handle same things differently, that's just stupid as for
the application design. Not sure what the SQL inventors thought about it
some decades ago, where computers didn't have to be easy to handle.

I won't make much usage of that special privilege anyway, I'll mostly
allow single users read/write/definition access to single databases. But
when I want to revoke all privileges from a user, I also want the GRANT
privilege to be revoked, and for this I currently need a second command.
Well, doesn't matter, SQL is complicated and that's what my tool works
around:

    # mysqlmgr add database www1
    # mysqlmgr add user www1 password xxx
    # mysqlmgr allow user www1 database www1 read write define

;)

-- 
Yves Goergen "LonelyPixel" <nospam.list@stripped>
"Does the movement of the trees make the wind blow?"
http://newsboard.unclassified.de - Unclassified NewsBoard Forum
Thread
REVOKE GRANT OPTION - is that possible?Yves Goergen1 Jan
  • Re: REVOKE GRANT OPTION - is that possible?Dan Fulbright2 Jan
Re: REVOKE GRANT OPTION - is that possible?Imran Chaudhry2 Jan
  • Re: REVOKE GRANT OPTION - is that possible?Yves Goergen2 Jan
    • Re: REVOKE GRANT OPTION - is that possible?Imran Chaudhry3 Jan