http://dev.mysql.com/doc/mysql/en/grant.html

Sorry for previous post - my mistake: I added record as admin and continued using that user ;-)
now logged as ordinary user another problem(s) arise:
MySQL Server 4.0.24, trying varoius clients (dlls) 3.23, 4.0.x, 5.x? comes with MySQL Query Browser 1.1.6 to no avail


Manual still states privileges are evaluated this way:

"global privileges
 OR (database privileges AND host privileges)
 OR table privileges
 OR column privileges "

i.e. my [EMAIL PROTECTED] has NO global priv, has DB_SELECT only, host = %, has TABLE_SELECT only and has NO column privileges on all columns except UPDATE, INSERT, SELECT on last_col
so.. by manual it is possible to INSERT a COLUMN/ROW and/or UPDATE last_col ["OR column privileges" IN effect]
SHOW GRANTS FOR user - shows privs only downto TABLE level only :( yet they really ARE in mysql.columns_priv?


" In MySQL, if you have the INSERT privilege on only some of the columns in a table, you can execute INSERT statements on the table; the columns for which you don't have the INSERT privilege are set to their default values. Standard SQL requires you to have the INSERT privilege on all columns."

alas :-(
UPDATE tbl set last_col=25;
!UPDATE command denued to [EMAIL PROTECTED] for table tbl
and for INSERT
!INSERT command denied to [EMAIL PROTECTED] for table tbl


Why SHOW GRANTS FOR user doesn't show Column_priv since they are in mysql.columns_priv? Is this server version issue mysql 4.0.24 accepts column_priv w/o error(s) justs doesn't enforce them?
--
Remo Tex wrote:
I want to allow some users to SELECT, INSERT, UPDATE all columns in a table EXCEPT 1 (last one). Is it possile in MYSQL and how?

So my question is :

What COLUMN_INSERT privilege does? How can I INSERT_COLUMN without having to insert whole row? Does COLUMN_INSERT = TABLE_INSERT?
I've found some answers in Manual but:
" In MySQL, if you have the INSERT privilege on only some of the columns in a table, you can execute INSERT statements on the table; the columns for which you don't have the INSERT privilege are set to their default values. Standard SQL requires you to have the INSERT privilege on all columns."
1. What about UPDATE privilege:
2. "the columns for which you don't have the INSERT privilege are set to their default values." seems incorrect:
When i try to INSERT or UPDATE last column for which I have only TABLE_SELECT privilege using MySQL Front 2.5 on Mysql 4.0.24 server it's OK ?!?! Value changed and visible from everywhere! NO error(s)... Mysql Front uses older client dll (3.23 I think) but shouldn't this rule be enforced from server (side) not client (side)? MySQL Front 3.0+ behaves corectly : SQL Error 1142 UPDATE COMMAND denied to user ... for table tbl_name.


yet again if I try the same with latest MySQl Query Browser 1.1.6:
! UPDATE command denied to user: '[EMAIL PROTECTED]' for table 'tbl_name'
Nothing changes

P.S. How older client cheats newest server is still mistery to me...


--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]



Reply via email to