At 11:41, 19990726, Para-dox wrote:
>(please write back directly to me)
>
>I am writing a program that is going to be used by several different people
>with different permissions...I need to check what privileges the current
>user has to a certain table and its columns, without testing a ton of
>UPDATES or INSERTS...is there a provided method? Thanks
Do you need to "check" what privileges the current user has, or do
you really just want to prevent them from doing anything more than
they're privileged to do?
You can give different MySQL users (has nothing to do with the Unix
user) different accesses - from the database level down to the column
level! So you can do something like this (Perl):
my $user = $ENV{'REMOTE_USER'} or die "not authenticated: bye";
# this probably would be slurped in from a config file
my $class = {
'joe' => 'super',
'juan' => 'basic',
'ezra' => 'basic',
'anne' => 'super',
'sabrina' => 'basic',
'wu' => 'basic',
}->{$user}
or die "no class for user $user";
# this is also a config file candidate
%pwd = (
'super' => 'p4s$w0rd',
'basic' => 'kr1pt0',
);
my $dbh = DBI->connect("DBI:mysql:$db_name", $class, $pwd{$class});
# Now all accesses are controlled by the MySQL privs for user 'super'
# and user 'basic', so give those users appropriate access to your
# tables and everything will work as planned. Check the errors you
# get from ->execute() to see if access is denied, so you can print
# an appropriate error message.
Tim
