Jeremy Zawodny wrote:
On Wed, Apr 02, 2003 at 01:46:00PM -0800, Chris Jaeger wrote:
Hi all,
I'm wondering if there is some way to setup privileges in the grant tables such that a user can create or drop any arbitrary table in databases that user is associated with, but be unable to create or drop the databases themselves. I was hoping the tables_priv table would come to my rescue, but the MySQL documentation claims that you can't specify wildcards in the table_name column.
Give them CREATE and DROP privileges on the databases you'd like them to be able to mess with.
Thanks Jeremy, but I'm still having trouble. Perhaps I am setting this up wrong, but this doesn't seem to work. Assume that I have a user foo who wishes to use a database bar. Here is what I execute:
CREATE DATABASE bar;
GRANT SELECT, INSERT, DELETE, DROP, CREATE, UPDATE, INDEX, ALTER
ON bar.*
TO [EMAIL PROTECTED] IDENTIFIED BY 'pass';After this has gone through, I can see that the user foo has no privileges in the user table, and only the granted privileges in the db table. However, when connecting as the user foo, I can still execute the commands:
DROP DATABASE bar; CREATE DATABASE bar;
and they work. The user foo can't create/drop any other databases, but he can do this to bar, which unfortunately is not acceptable for my application (we are using symbolic links to database directories, and this sequence allows the user to remove the symlink and recreate the database under /var/lib/mysql, which is the data directory on our server).
Any advice is appreciated.
Regards, Chris
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
