> -----Original Message----- > From: Paul DuBois [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 26, 2003 1:26 AM > To: michael young; [EMAIL PROTECTED] > Subject: Re: user privileges question > > > At 18:02 -0400 6/25/03, michael young wrote: > >Hi, > > I am creating a small web based program for users to access > >the data in the datbases. New databases will be added in later. I > >want to create a user to access these databases with certain rights, > >not all rights. Will I have to grant this user right to each > >database as I add them in or is there a way to give this user rights > >to all databases (EXCEPT for mysql DB) including DB's I'll add > >later. Other than the mysql database there is no database on this > >server that this user should be elcluded from. What is the best way > >to handle this? > > Grant the user privileges for each database. There is no syntax for > "all except". > > > > >Thanks, > > Michael > > > -- > Paul DuBois, Senior Technical Writer > Madison, Wisconsin, USA > MySQL AB, www.mysql.com > > Are you MySQL certified? http://www.mysql.com/certification/ > > > -- > MySQL General Mailing List > For list archives: http://lists.mysql.com/mysql > To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] >
Victoria Reznichenko said few days ago, MySQL reads the privileges table sequentially and bails out as soon as it finds a match. (http://www.mysql.com/doc/en/Connection_access.html, and for our case: http://www.mysql.com/doc/en/Request_access.html) Therefore, I reckon the logical thing would be first to deny that user's access to the "mysql" db, then to allow access for the same user, to everything else. So my soultion would be: In the user table give TheUser "N" on every field. In the db table you should have 2 rules similar to: Host | Db | User | Select_priv | Insert_priv |... ------------------------------------------------------ % | mysql | TheUser |N|N|.... % | % | TheUser |Y|N|.... localhost | mysql | TheUser |N|N|.... localhost | % | TheUser |Y|N|.... ... The point is to have 2 records for each host (be it % or a specific one), for the same user. According to the sorting rules defined in docs, this should work. Any validation/comments of this logic are highly welcomed ;-) Bests, Lian Sebe Freelance Analyst-Programmer www.programEz.net -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
