Hi Paul/Lists, Thank you for your very clear explanations... In my 1st option, I think I misunderstood p427 of your book(MySQL) by granting first a SELECT privileges on the table before issuing the UPDATE on specific columns....So now I learned that It should not be the case for SELECTING specific columns. In my 2nd option, Yes, thats my expectation when issuing SELECT * command will only give the privileged columns even there are other columns in the table.
NOTE: I already tried to SELECT the specific columns (by naming it explicitly) and it worked now... Thanks Again, Richard Paul DuBois <[EMAIL PROTECTED]> 13/11/2003 11:14 AM To: BORNAY Richard/Engr/STATS/ST [EMAIL PROTECTED] Domain, [EMAIL PROTECTED] cc: Subject: RE: GRANT TO SELECTED COLUMNS At 10:55 AM +0800 11/13/03, [EMAIL PROTECTED] wrote: >Hi Chris/Lists, >In fact, I was able to login using both ways, here's what I did. >1. mysql -u testuser -ptestuser -hlocalhost DATABASE >> OK >2. In the mysql prompt, I issue the query 'SELECT * FROM CHECK_SBIN' >> >Access denied > ** This is were I'm getting the error Access denied for user >'testuser' > >Thanks, Richard That looks correct. Your requirements are unclear: In your first attempt, you grant access to the entire table with one GRANT statement, then to just a couple of columns with the second GRANT statement. This gives you access to the entire table (because of the first statement), which apparently is unsatisfactory -- you say you want access granted only for the two columns. In your second attempt, you grant access only to the two columns. This should, I think, give you what you want -- but then above you issue a SELECT * statement, which implies that you want access to the entire table. But you can't *have* access to the entire table, because you've granted access only to two columns. So I at least am unable to determine what you really want. Perhaps you are thinking that SELECT * should retrieve only those columns for which you have access. But that's not what it means. It means ALL columns in the table. To select only the columns for which you have granted access, you must name them explicitly. The exception would be if the table contains only those two columns. In that case, SELECT * should work. But my impression is that your table has more than just the two columns. > > > >"Chris" <[EMAIL PROTECTED]> 13/11/2003 10:34 AM > > >To: "Mysql List" <[EMAIL PROTECTED]> >cc: (bcc: BORNAY Richard/Engr/STATS/ST Group) >Subject: RE: GRANT TO SELECTED COLUMNS > > > > > > > >That second query, byt itself, should have done it, were you logged in as >testuser when you tried to run it? > >Chris > >-----Original Message----- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >Sent: Wednesday, November 12, 2003 5:26 PM >To: [EMAIL PROTECTED] >Subject: GRANT TO SELECTED COLUMNS > > >Hello List, >I have a table named CHECK_SBIN with fields id,jobid,filename,sbin,count, >then I would like to create an account lets say testuser with SELECT >privileges only to a specific columns. In this case I would like to open >only id and jobid to 'testuser'. >I have already created an account to testuser in two ways using the >commands below. >1. Provide SELECT privileges first on the CHECK_SBIN table > - GRANT SELECT ON DATABASE.CHECK_SBIN TO testuser IDENTIFIED BY >'password' >> OK > Then issue another GRANT statement for the specific columns > - GRANT SELECT (id, jobid) ON DATABASE.CHECK_SBIN TO testuser >> OK > >Comments: > I was able to access mysql using the account and seeing only >CHECK_SBIN but when I do 'SELECT * FROM CHECK_SBIN' it shows > me all the columns in the table. > >2. Use only the second SQL > - GRANT SELECT (id, jobid) ON DATABASE.CHECK_SBIN TO testuser >> OK > > Comments: > An error occured 'Access denied for testuser'. > >Note: The grant tables are all checked correctly. > >System: >MySQL 4.0.13 >Solaris 8 > >I checked the manual and mailing list archive and was not successful in >finding any related matter to my problem. Any help would be appreciated. > >Thanks, Richard -- Paul DuBois, Senior Technical Writer Madison, Wisconsin, USA MySQL AB, www.mysql.com Are you MySQL certified? http://www.mysql.com/certification/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]