Re: order important in grant commands?

[Mark M. Ito]

Gleb et al.,
Gleb Paharenko wrote:
I think the grant statements flow order doesn't
matter, because according to:
 http://dev.mysql.com/doc/mysql/en/connection-access.html
server sorts the entries of the grant tables before reading them.
 

That is what I thought. Because of the sorting I should not have to 
worry about the order of issuing the grant commands. That's why I posted.

What output does the following statement produce:
 show grants for current_user();
 

Now there's an excellent idea! Here is what I get in the "bad" 
configuration:

 ==begin quote==
> mysql -hclaspc2.jlab.org -uprimex_user -A primex_calib ;
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 136 to server version: 4.1.11-standard
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show grants for current_user();
+---------------------------------------------------------------------------------+
| Grants for 
[EMAIL PROTECTED]                                               |
+---------------------------------------------------------------------------------+
| GRANT CREATE TEMPORARY TABLES, LOCK TABLES ON *.* TO 
'primex_user'@'%.jlab.org' |
| GRANT ALL PRIVILEGES ON `primex_calib`.* TO 
'primex_user'@'%.jlab.org'          |
+---------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> insert into testSystem_testAttribute set comment='junk entry';
ERROR 1142 (42000): INSERT command denied to user 
'primex_user'@'claspc2.jlab.org' for table 'testSystem_testAttribute'

 ==end quote==
where I have dispensed with the coy generic names of users, servers and 
domains.

If I do the grants in the "good" order I get:
 ==begin quote==
> mysql -hclaspc2.jlab.org -uprimex_user -A primex_calib
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 140 to server version: 4.1.11-standard
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show grants for current_user();
+---------------------------------------------------------------------------------+
| Grants for 
[EMAIL PROTECTED]                                               |
+---------------------------------------------------------------------------------+
| GRANT CREATE TEMPORARY TABLES, LOCK TABLES ON *.* TO 
'primex_user'@'%.jlab.org' |
| GRANT ALL PRIVILEGES ON `primex_calib`.* TO 
'primex_user'@'%.jlab.org'          |
+---------------------------------------------------------------------------------+
2 rows in set (0.06 sec)

mysql> insert into testSystem_testAttribute set comment='junk entry';
Query OK, 1 row affected (0.00 sec)
 ==end quote==
which looks like the same privileges to me, but with much better results.
What is going on?
 - Mark
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]