On Mon, Jan 14, 2002 at 03:35:00PM -0600, Paul DuBois wrote: > > > >Hopefully I'm just missing something really obvious... > > I suspect it's just a hard thing to implement: > > If someone creates a new database after you revoke the UPDATE privilege, > should the user be able to update that database? > > - You can say "yes", on the basis that you initially specified global > privileges and haven't revoked them except for a single database. > - You can say "no", on the basis that in order to implement the REVOKE > you'd have to convert the global privileges into specific privileges > on all the databases that happen to exist at the time of the revoke.
I had a rather poor mental substitute for what is really happening. I always think of how Unix handles file/directory permissions as the basis for any new system I encounter. You know, a database is a directory and a table is a file. It's not necessarily a good thing, but that's what I do. :-( Looking at it from a different point of view, I can understand why people complain about the MySQL privilege system. It can be a real pain sometimes. I feel the need for a tool which will do what I tell it (if need be, it'll make run a bunch of GRANT/REVOKE commands to Make It So). Thanks for the slap in the head, Paul. :-) Jeremy -- Jeremy D. Zawodny, <[EMAIL PROTECTED]> Technical Yahoo - Yahoo Finance Desk: (408) 349-7878 Fax: (408) 349-5454 Cell: (408) 685-5936 MySQL 3.23.41-max: up 11 days, processed 273,822,593 queries (265/sec. avg) --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php