Hi Paul, 2003年 6月 26日 木曜日 09:55、Paul DuBois さんは書きました: > At 9:19 +0900 6/26/03, Nils Valentin wrote: > >Hi Michael, > > > >you raised an interesting question. > > > >I created a new account (testroot) I gave him all privileges - except the > >GRANT privilege. > > > >GRANT ALL ON *.* TO 'testroot'@'%' IDENTIFIED BY 'xxx'; > > > >mysql> show grants for testroot; > >+------------------------------------------------------------------------- > >---------------------------------------------+ > > > >| Grants for > > > >[EMAIL PROTECTED] > > > >+------------------------------------------------------------------------- > >---------------------------------------------+ > > > >| GRANT ALL PRIVILEGES ON *.* TO 'testroot'@'%' IDENTIFIED BY PASSWORD > > > >'*70d5f00b26968dc1967b0679b54b2e2d0479c55c96c1' | > >+------------------------------------------------------------------------- > >---------------------------------------------+ > > > >This is what I got when trying to revoke the mysql database privileges: > > > > > >mysql> REVOKE ALL ON mysql.* FROM testroot; > >ERROR 1141: There is no such grant defined for user 'testroot' on host '%' > > > >So this means that by default those users cant access the mysql privilege > >database anyway (which makes sense to me). > > That's incorrect. The reason the REVOKE fails is because you have > privileges listed for *.*, not for mysql.*. That's why where is no match. > I believe that if you connect as testroot, you'll find that you can indeed > access the mysql database.
You are right. I missunderstood 2 things looks like. First the account handling and secondly I thought Michael is talking only about write access. But he is actually talking about read and write access. Guess I better stay in bed today (already my second mistaken post). ;-) > > >Above is just a sample. Its probably not exactly what you are after, but I > >think the point about the privilege database becomes clearer. > > > >For other databases I believe you have to define one at a time, which > > allows you to set it up exactly to your needs. > > > > > >Hope that helps. > > > >Best regards > > > >Nils Valentin > >Tokyo/Japan -- --- Valentin Nils Internet Technology E-Mail: [EMAIL PROTECTED] URL: http://www.knowd.co.jp Personal URL: http://www.knowd.co.jp/staff/nils -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
