There's been some discussion the last couple of days about what a user
should be able to do if you grant privileges to that user and specify
the WITH GRANT OPTION clause on the GRANT statement.
The discussion started with the observation that such users where then
able to change the passwords for other user when they shouldn't have
been able to, and that's been acknowledged as a bug that will be fixed.
But in hopes of clearing up the way that GRANT *should* work, here
are some comments.
1) The GRANT privilege is *not* just a global privilege. It can be granted
globally if you specify ON *.* in the GRANT statement, but it need not
be. All the grant tables have a slot for recording whether or not GRANT
is enabled, except the columns_priv table.
2) The intent of non-global GRANT is that you can GRANT privileges to
a user, and then that user can then administer the privileges he himself
possesses. For instance, you can grant privileges over a database to
a user with the WITH GRANT OPTION so that that user can administrate who
can use the database.
3) Even if you have the GRANT privilege, you cannot grant privileges that
you do not have yourself.
4) If you have the GRANT privilege, you cannot set or change the
password of other users unless you have INSERT or UPDATE privileges on the
user table. (This is where the bug was - insufficient checking of this
condition.)
--
Paul DuBois, paul@stripped
