Gant permission problems with domains and full hostnames for same user

[De Leuze Peter]

Hello,

 

 

I currently am struggling to get the permissions and table restrictions to work.

 

Description of the case:

----------------------------------

For a database "examp", where table "foobar" which contains colums  "A", "B" and C ,only a restricted access is allowed.

Lets say that user "peter" idendified by "kieke" may only READ attributes "A" and "B" from hosts in the domain "siemens.com", but can also do an UPDATE attribute "A" when he is connecting from host "stardust.siemens.com".  The attribute "C" cannot be read or updated.

 

 

What I tried, is to apply these rules for given case.

I used the (textbook) grant statement like:

 

grant SELECT (A,B) on examp.foobar for 'peter'@'stardust.siemens.com' identified by "kieke";

grant UPDATE (A) on examp.foobar for 'peter'@'stardust.siemens.com' identified by "kieke";

 

This does the job well. only from that host I have the correct access and restrictions.

 

BUT, when I apply the 'domain' rule, it does not work anymore. In detail, I can still SELECT the A and B, but cannot UPDATE A anymore from the specific host.

 

grant SELECT (A,B) on examp.foobar for 'peter'@'%.siemens.com' identified by "kieke";

 

I tried by adding an entry to the host and db table of mysql-db, but there either then R/W  is allowed on all attributes or on none. (all 'Y' or all 'N')

 

Am I forgetting something ?

 

I also tried to delete all created entries in the user table, and replaced them with one entry, namely by

grant USAGE on *.* for 'peter'@'%' identified by "kieke";

 

So that default permissions are set to 'N'.

 

 

Basic idea: restrict access to only READ for specific domains (using the % ) and allow WRITE to some specic hosts of the same domain

 

 

Hope someone can hint me a solution.

 

 

With regards,

 

Peter De Leuze SIEMENS Atea [EMAIL PROTECTED] phone:   +32 14 253493 Fax:       +32 14 22 29 94	Mobile Solutions  and Enabling Services http://www.ic.siemens.be
Customer driven solution providers

 

-- 
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]