Hi Michael,
you raised an interesting question.
I created a new account (testroot) I gave him all privileges - except the
GRANT privilege.
GRANT ALL ON *.* TO 'testroot'@'%' IDENTIFIED BY 'xxx';
mysql> show grants for testroot;
+----------------------------------------------------------------------------------------------------------------------+
| Grants for [EMAIL PROTECTED]
|
+----------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'testroot'@'%' IDENTIFIED BY PASSWORD
'*70d5f00b26968dc1967b0679b54b2e2d0479c55c96c1' |
+----------------------------------------------------------------------------------------------------------------------+
This is what I got when trying to revoke the mysql database privileges:
mysql> REVOKE ALL ON mysql.* FROM testroot;
ERROR 1141: There is no such grant defined for user 'testroot' on host '%'
So this means that by default those users cant access the mysql privilege
database anyway (which makes sense to me).
Above is just a sample. Its probably not exactly what you are after, but I
think the point about the privilege database becomes clearer.
For other databases I believe you have to define one at a time, which allows
you to set it up exactly to your needs.
Hope that helps.
Best regards
Nils Valentin
Tokyo/Japan
2003年 6月 26日 木曜日 07:25、Paul DuBois さんは書きました:
> At 18:02 -0400 6/25/03, michael young wrote:
> >Hi,
> > I am creating a small web based program for users to access
> >the data in the datbases. New databases will be added in later. I
> >want to create a user to access these databases with certain rights,
> >not all rights. Will I have to grant this user right to each
> >database as I add them in or is there a way to give this user rights
> >to all databases (EXCEPT for mysql DB) including DB's I'll add
> >later. Other than the mysql database there is no database on this
> >server that this user should be elcluded from. What is the best way
> >to handle this?
>
> Grant the user privileges for each database. There is no syntax for
> "all except".
>
> >Thanks,
> > Michael
>
> --
> Paul DuBois, Senior Technical Writer
> Madison, Wisconsin, USA
> MySQL AB, www.mysql.com
>
> Are you MySQL certified? http://www.mysql.com/certification/
--
---
Valentin Nils
Internet Technology
E-Mail: [EMAIL PROTECTED]
URL: http://www.knowd.co.jp
Personal URL: http://www.knowd.co.jp/staff/nils
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
