Thanks, Claudio, but that's not quite it. I'm not writing any procedure. I'm inserting code into procedures other people write. I am taking each procedure out of the mysql.proc table, inserting a few lines of code right at the start of the body, and saving back into the proc table. These lines of code insert a line into my audit table. I don't have any control over what other people write, I just want to record when their procedures get called.
The genral log logs original calls to procedures, but I don't see that it records calls made to one procedure from within another. On Wed, Mar 18, 2009 at 6:42 AM, Claudio Nanni <claudio.na...@gmail.com>wrote: > Hello Jim, > > If I unserstand well your needs the steps you need to do are: > > Create one user X with insert privileges on the mydb.audit_table > > Create the stored procedure specifying the user X both in the DEFINER > section and in the SQL_SECURITY section > > of the create procedure statement ( > http://dev.mysql.com/doc/refman/5.0/en/create-procedure.html) > > In this way who calls the stored procedure will have the table written with > the grants of the original definer X. > > Is it what you are looking for? > > Claudio > > > 2009/3/17 Jim Lyons <jlyons4...@gmail.com> > >> I am writing a tracking procedure that will be inserted into every >> procedure >> (regardless of who writes the procedure) that will insert a record into an >> audit table. This means the procedure, regardless of who writes it, must >> have the permission to insert into the table. I am going to modify the >> code >> of the procedures once they're stored in the database and the authors of >> the >> procedures will probably not know that I will be doing it (although it's >> not >> really a secret) and the way they code will not be altered in any way. >> >> I would like to write a grant command like: >> >> grant insert on mydb.audit_table to public >> >> but I don't see anything in the manual Is there any way that I can do >> this. >> I know I can grant ALL privileges to a user, but I want to grant one >> privilege to all users, without having to loop through the mysql.user >> table >> and explicitly granting the insert privilege. >> >> I guess I could put it in test, but then everyone could do anything with >> it, >> which would not be particularly desirable. The table should be "insert >> only", not readable or updateable by anyone but the owner of "mydb". >> >> Is there any way I can do this? >> >> Thanks, >> Jim >> >> -- >> Jim Lyons >> Web developer / Database administrator >> http://www.weblyons.com >> > > -- Jim Lyons Web developer / Database administrator http://www.weblyons.com
