List:General Discussion« Previous MessageNext Message »
From:Thimble Smith Date:July 26 1999 6:07pm
Subject:Re: Finding privileges
View as plain text  
At 13:55, 19990726, Para-dox wrote:
>uhh there is something to prevent it, like an ACCESS DENIED message.

Make sure whatever user you are connected with has SELECT privs on
the mysql.* tables.  

If you don't want to give them SELECT privs (I don't see why that
would be a problem, but ...) you could have a separate script
that runs as a user who can SELECT from mysql.*, which will take
out just the information your program needs and puts it into a
data file that your program can slurp in.  Then any time you
change the MySQL privs database you would have to re-run that
script in order to update the data file.

Tim


>----- Original Message -----
>From: Thimble Smith <tim@stripped>
>To: Para-dox <paradox@stripped>
>Cc: <mysql@stripped>
>Sent: Monday, July 26, 1999 1:40 PM
>Subject: Re: Finding privileges
>
>
>> At 13:24, 19990726, Para-dox wrote:
>> >I want to be able to check because depending on the person's privileges,
>> >different text boxes may pop up, etc.
>>
>> OK.  Well, there's nothing to keep you from SELECTing from the
>> mysql.db table, for example, to see what privs a certain user
>> has.  If you made a nice functional interface to it, it wouldn't
>> even be ugly.
>>
>>     bool show_insert_popup;
>>     if (db_user->can("INSERT") || db_user->can("UPDATE")) {
>>         show_insert_popup = true;
>>     } else {
>>         show_insert_popup = false;
>>     }
>>
>> This way you can test their privs when you need to, but not
>> have to check every INSERT, SELECT, UPDATE, DELETE, ....  And
>> your access info is stored all in one place - the MySQL priv
>> tables.
>>
>> Tim
>>
>>
>> >----- Original Message -----
>> >From: Thimble Smith <tim@stripped>
>> >To: Para-dox <paradox@stripped>
>> >Cc: <mysql@stripped>
>> >Sent: Monday, July 26, 1999 1:14 PM
>> >Subject: Re: Finding privileges
>> >
>> >
>> >> At 11:41, 19990726, Para-dox wrote:
>> >> >(please write back directly to me)
>> >> >
>> >> >I am writing a program that is going to be used by several
> different
>> >people
>> >> >with different permissions...I need to check what privileges the
>current
>> >> >user has to a certain table and its columns, without testing a ton
> of
>> >> >UPDATES or INSERTS...is there a provided method? Thanks
>> >>
>> >> Do you need to "check" what privileges the current user has, or do
>> >> you really just want to prevent them from doing anything more than
>> >> they're privileged to do?
>> >>
>> >> You can give different MySQL users (has nothing to do with the Unix
>> >> user) different accesses - from the database level down to the column
>> >> level!  So you can do something like this (Perl):
>> >>
>> >>     my $user = $ENV{'REMOTE_USER'} or die "not authenticated: bye";
>> >>
>> >>     # this probably would be slurped in from a config file
>> >>     my $class = {
>> >>         'joe'     => 'super',
>> >>         'juan'    => 'basic',
>> >>         'ezra'    => 'basic',
>> >>         'anne'    => 'super',
>> >>         'sabrina' => 'basic',
>> >>         'wu'      => 'basic',
>> >>     }->{$user}
>> >>         or die "no class for user $user";
>> >>
>> >>     # this is also a config file candidate
>> >>     %pwd = (
>> >>         'super'         => 'p4s$w0rd',
>> >>         'basic'         => 'kr1pt0',
>> >>     );
>> >>
>> >>     my $dbh = DBI->connect("DBI:mysql:$db_name", $class,
> $pwd{$class});
>> >>
>> >>     # Now all accesses are controlled by the MySQL privs for user
>'super'
>> >>     # and user 'basic', so give those users appropriate access to your
>> >>     # tables and everything will work as planned.  Check the errors you
>> >>     # get from ->execute() to see if access is denied, so you can
> print
>> >>     # an appropriate error message.
>> >>
>> >> Tim
>> >>
>> >
>> >
>> >---------------------------------------------------------------------
>> >Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
>> >posting. To request this thread, e-mail mysql-thread8401@stripped
>> >
>> >To unsubscribe, send a message to the address shown in the
>> >List-Unsubscribe header of this message. If you cannot see it,
>> >e-mail mysql-unsubscribe@stripped instead.
>> >
>>
>
>
>---------------------------------------------------------------------
>Please check "http://www.mysql.com/Manual_chapter/manual_toc.html" before
>posting. To request this thread, e-mail mysql-thread8410@stripped
>
>To unsubscribe, send a message to the address shown in the
>List-Unsubscribe header of this message. If you cannot see it,
>e-mail mysql-unsubscribe@stripped instead.
>
Thread
Finding privilegesPara-dox26 Jul
  • Re: Finding privilegesThimble Smith26 Jul
  • Re: Finding privilegesPara-dox26 Jul
    • Re: Finding privilegesPaul DuBois26 Jul
  • Re: Finding privilegesPara-dox26 Jul
    • Re: Finding privilegesThimble Smith26 Jul
  • Re: Finding privilegesPara-dox26 Jul
    • Re: Finding privilegesThimble Smith26 Jul
  • Re: Finding privilegesRicardo T. Saito26 Jul
  • Re: Finding privilegesPara-dox27 Jul
    • Re: Finding privilegesJani Tolonen27 Jul