List:General Discussion« Previous MessageNext Message »
From:Thimble Smith Date:July 26 1999 5:40pm
Subject:Re: Finding privileges
View as plain text  
At 13:24, 19990726, Para-dox wrote:
>I want to be able to check because depending on the person's privileges,
>different text boxes may pop up, etc.

OK.  Well, there's nothing to keep you from SELECTing from the
mysql.db table, for example, to see what privs a certain user
has.  If you made a nice functional interface to it, it wouldn't
even be ugly.

    bool show_insert_popup;
    if (db_user->can("INSERT") || db_user->can("UPDATE")) {
        show_insert_popup = true;
    } else {
        show_insert_popup = false;
    }

This way you can test their privs when you need to, but not
have to check every INSERT, SELECT, UPDATE, DELETE, ....  And
your access info is stored all in one place - the MySQL priv
tables.

Tim


>----- Original Message -----
>From: Thimble Smith <tim@stripped>
>To: Para-dox <paradox@stripped>
>Cc: <mysql@stripped>
>Sent: Monday, July 26, 1999 1:14 PM
>Subject: Re: Finding privileges
>
>
>> At 11:41, 19990726, Para-dox wrote:
>> >(please write back directly to me)
>> >
>> >I am writing a program that is going to be used by several different
>people
>> >with different permissions...I need to check what privileges the current
>> >user has to a certain table and its columns, without testing a ton of
>> >UPDATES or INSERTS...is there a provided method? Thanks
>>
>> Do you need to "check" what privileges the current user has, or do
>> you really just want to prevent them from doing anything more than
>> they're privileged to do?
>>
>> You can give different MySQL users (has nothing to do with the Unix
>> user) different accesses - from the database level down to the column
>> level!  So you can do something like this (Perl):
>>
>>     my $user = $ENV{'REMOTE_USER'} or die "not authenticated: bye";
>>
>>     # this probably would be slurped in from a config file
>>     my $class = {
>>         'joe'     => 'super',
>>         'juan'    => 'basic',
>>         'ezra'    => 'basic',
>>         'anne'    => 'super',
>>         'sabrina' => 'basic',
>>         'wu'      => 'basic',
>>     }->{$user}
>>         or die "no class for user $user";
>>
>>     # this is also a config file candidate
>>     %pwd = (
>>         'super'         => 'p4s$w0rd',
>>         'basic'         => 'kr1pt0',
>>     );
>>
>>     my $dbh = DBI->connect("DBI:mysql:$db_name", $class, $pwd{$class});
>>
>>     # Now all accesses are controlled by the MySQL privs for user 'super'
>>     # and user 'basic', so give those users appropriate access to your
>>     # tables and everything will work as planned.  Check the errors you
>>     # get from ->execute() to see if access is denied, so you can print
>>     # an appropriate error message.
>>
>> Tim
>>
>
>
>---------------------------------------------------------------------
>Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
>posting. To request this thread, e-mail mysql-thread8401@stripped
>
>To unsubscribe, send a message to the address shown in the
>List-Unsubscribe header of this message. If you cannot see it,
>e-mail mysql-unsubscribe@stripped instead.
>
Thread
Finding privilegesPara-dox26 Jul
  • Re: Finding privilegesThimble Smith26 Jul
  • Re: Finding privilegesPara-dox26 Jul
    • Re: Finding privilegesPaul DuBois26 Jul
  • Re: Finding privilegesPara-dox26 Jul
    • Re: Finding privilegesThimble Smith26 Jul
  • Re: Finding privilegesPara-dox26 Jul
    • Re: Finding privilegesThimble Smith26 Jul
  • Re: Finding privilegesRicardo T. Saito26 Jul
  • Re: Finding privilegesPara-dox27 Jul
    • Re: Finding privilegesJani Tolonen27 Jul