Re: Quering user privileges
Yes, a cron job will make the solution more robust. I'm new to *classic* client-server DB apps and I'm still amazed for a so standard issue I have to find tricks. Particularly I wonder at this: standard SQL commands exist to assign (GRANT) and remove (REVOKE) privileges, but there is not a SQL command to query current privileges. On Wed, 24 Dec 2003 14:17:45 -0500 Michael Stassen [EMAIL PROTECTED] wrote: Plinio Conti wrote: Yes, I think I will do it with an additional table on the db server, for the moment (I have no time to implement parsing etc...) The problem is, like you stated, to mantain that table up to date with changes in system tables. The best solution would be a trigger for this, but we haven't them at the moment in MySQL. Since any other solution will expose the client app to the possibility it has invalid information, I will have to handle access denied etc... but this is the less. I will have to pray system administrators to do user management exclusivly through a special application provided by me, which will keep the *table* updated. If administrators will use MySQL to store other databases than mine, my solution will be quite poor. There's a middle road. Since you're writing a program to maintain your additional table anyway, you could (should?) write a cron job to make sure it stays in sync. That way, instead of relying on humans (the system administrators) to do the right thing, you automatically fix it for them when they don't. Have it run once a day, every hour, every 10 minutes, ... whatever frequency seems the best balance for your app. In fact, if you're willing to live with the lag, and don't trust your SAs, you could skip the user management app and stick with just the cron job. Michael -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
On Sat, Dec 27, 2003 at 05:40:46PM +0100, Plinio Conti wrote: Yes, a cron job will make the solution more robust. I'm new to *classic* client-server DB apps and I'm still amazed for a so standard issue I have to find tricks. Particularly I wonder at this: standard SQL commands exist to assign (GRANT) and remove (REVOKE) privileges, but there is not a SQL command to query current privileges. At least on MySQL 4.0.16, SHOW GRANTS FOR [EMAIL PROTECTED]; shows me the relevent info. I don't know if that's MySQL specific, or not present in 3.x or something. -- Jim Richardson http://www.eskimo.com/~warlock A conclusion is simply the place where someone got tired of thinking. signature.asc Description: Digital signature
Re: Quering user privileges
On Tue, 23 Dec 2003 18:20:53 -0600 Paul DuBois [EMAIL PROTECTED] wrote: I confirm: SHOW GRANTS FOR CURRENT_USER(); does not work, while that query is exaclty what you expect to do reading mysql manual. I agree, one might easily come to that conclusion based on the wording. The manual was imprecise/wrong. I've changed it to point out that you must first select the value of CURRENT_USER(), then use the value it returns in the SHOW GRANTS statement. good idea, thank you. On Tue, 23 Dec 2003 12:47:11 +0200 Egor Egorov [EMAIL PROTECTED] wrote: Plinio Conti [EMAIL PROTECTED] wrote: The manual page at http://www.mysql.com/doc/en/SHOW_GRANTS.html says: To list grants for the current session one may use CURRENT_USER() function But if I run SELECT SHOW GRANTS FOR CURRENT_USER(); I get syntax error (Error 1064). While if I run directly SELECT SHOW GRANTS FOR [EMAIL PROTECTED]; It works. Did you guess why? Look at the example of usage SHOW GRANTS in the manual: mysql SHOW GRANTS FOR [EMAIL PROTECTED]; There is no SELECT word in the query. On Mon, 22 Dec 2003 15:37:43 +0200 Egor Egorov [EMAIL PROTECTED] wrote: Plinio Conti [EMAIL PROTECTED] wrote: Is there a way to query the privileges of current user if he hasn't the rights to read the mysql system tables (user, db, hosts, etc..) I mean, I CAN'T give a standard user the chance of read system tables! But my client app wants to know if the current user has (for example) the rights to write on table xxx, because if not, I don't want to let him try and fail, I want to disable the updates in advance. Take a look at SHOW GRANTS command: http://www.mysql.com/doc/en/SHOW_GRANTS.html -- Paul DuBois, Senior Technical Writer Madison, Wisconsin, USA MySQL AB, www.mysql.com Are you MySQL certified? http://www.mysql.com/certification/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
Yes, I think I will do it with an additional table on the db server, for the moment (I have no time to implement parsing etc...) The problem is, like you stated, to mantain that table up to date with changes in system tables. The best solution would be a trigger for this, but we haven't them at the moment in MySQL. Since any other solution will expose the client app to the possibility it has invalid information, I will have to handle access denied etc... but this is the less. I will have to pray system administrators to do user management exclusivly through a special application provided by me, which will keep the *table* updated. If administrators will use MySQL to store other databases than mine, my solution will be quite poor. On Tue, 23 Dec 2003 16:02:19 -0330 jamie murray [EMAIL PROTECTED] wrote: Plinio, Hence my suggestion for use of a flat file. The file can be located on the db server middle tier wherever it doesnt matter. The important part is that you control what goes in the file and its done ahead of time not when an enduser presses a button. What about creating tables the users can view loaded with the system table information your users need to see(same as flat file just do it with table in the database). It would be much better if you could get the information together and then let endusers view it as opposed to firing two statements and going through a bunch of parsing etc ... like you stated below everytime they press a button. The route your taking will be slower,more resource intensive and more complicated. - Original Message - From: Plinio Conti [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 11:58 AM Subject: Re: Quering user privileges To be honest, the fact I can't get it with only one query but I have to do: 1) SELECT CURRENT_USER(); 2) SHOW GRANTS FOR valueExtractedByPreviousQuery; is a little thing compared with work remaing to get usefull information: I have to parse the strings returned by query 2, handle the wildcards, handle ALL PRIVILEGES, comparing db-level privileges with table-level ones and with column-level ones, etc... I probably will do all that, only I wonder there is not a more simple solution. I mean, it looks a so common issue that I imagine there is better solution but I can't figure which. User authenticates, and client app wants to know what that user is allowed to do, so the app can show to its user the correct user interface (for example editing disabled if user can't write, etc..) -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
Plinio Conti wrote: Yes, I think I will do it with an additional table on the db server, for the moment (I have no time to implement parsing etc...) The problem is, like you stated, to mantain that table up to date with changes in system tables. The best solution would be a trigger for this, but we haven't them at the moment in MySQL. Since any other solution will expose the client app to the possibility it has invalid information, I will have to handle access denied etc... but this is the less. I will have to pray system administrators to do user management exclusivly through a special application provided by me, which will keep the *table* updated. If administrators will use MySQL to store other databases than mine, my solution will be quite poor. There's a middle road. Since you're writing a program to maintain your additional table anyway, you could (should?) write a cron job to make sure it stays in sync. That way, instead of relying on humans (the system administrators) to do the right thing, you automatically fix it for them when they don't. Have it run once a day, every hour, every 10 minutes, ... whatever frequency seems the best balance for your app. In fact, if you're willing to live with the lag, and don't trust your SAs, you could skip the user management app and stick with just the cron job. Michael -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
Plinio Conti [EMAIL PROTECTED] wrote: The manual page at http://www.mysql.com/doc/en/SHOW_GRANTS.html says: To list grants for the current session one may use CURRENT_USER() function But if I run SELECT SHOW GRANTS FOR CURRENT_USER(); I get syntax error (Error 1064). While if I run directly SELECT SHOW GRANTS FOR [EMAIL PROTECTED]; It works. Did you guess why? Look at the example of usage SHOW GRANTS in the manual: mysql SHOW GRANTS FOR [EMAIL PROTECTED]; There is no SELECT word in the query. On Mon, 22 Dec 2003 15:37:43 +0200 Egor Egorov [EMAIL PROTECTED] wrote: Plinio Conti [EMAIL PROTECTED] wrote: Is there a way to query the privileges of current user if he hasn't the rights to read the mysql system tables (user, db, hosts, etc..) I mean, I CAN'T give a standard user the chance of read system tables! But my client app wants to know if the current user has (for example) the rights to write on table xxx, because if not, I don't want to let him try and fail, I want to disable the updates in advance. Take a look at SHOW GRANTS command: http://www.mysql.com/doc/en/SHOW_GRANTS.html -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Egor Egorov / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
Yes, I can do it with a middle tier, but currently my app is a simple 2-tier and introducing a middle-tier just to do that looks excessive... On Sun, 21 Dec 2003 18:40:40 -0330 jamie murray [EMAIL PROTECTED] wrote: What about creating a flat file on the middle tier from the database system tables that the clients can view with your gui or web page. Only things is keeping the file in sync with the system tables. But access will be faster to the flat file and no security risks because there won't even be a connection to the database from the client when viewing the file. - Original Message - From: Plinio Conti [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 21, 2003 5:55 PM Subject: Quering user privileges Is there a way to query the privileges of current user if he hasn't the rights to read the mysql system tables (user, db, hosts, etc..) I mean, I CAN'T give a standard user the chance of read system tables! But my client app wants to know if the current user has (for example) the rights to write on table xxx, because if not, I don't want to let him try and fail, I want to disable the updates in advance. Tahnk you, Plinio -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
Sorry, I was not using any SELCT in my queries, it's just an error typing the email I confirm: SHOW GRANTS FOR CURRENT_USER(); does not work, while that query is exaclty what you expect to do reading mysql manual. On Tue, 23 Dec 2003 12:47:11 +0200 Egor Egorov [EMAIL PROTECTED] wrote: Plinio Conti [EMAIL PROTECTED] wrote: The manual page at http://www.mysql.com/doc/en/SHOW_GRANTS.html says: To list grants for the current session one may use CURRENT_USER() function But if I run SELECT SHOW GRANTS FOR CURRENT_USER(); I get syntax error (Error 1064). While if I run directly SELECT SHOW GRANTS FOR [EMAIL PROTECTED]; It works. Did you guess why? Look at the example of usage SHOW GRANTS in the manual: mysql SHOW GRANTS FOR [EMAIL PROTECTED]; There is no SELECT word in the query. On Mon, 22 Dec 2003 15:37:43 +0200 Egor Egorov [EMAIL PROTECTED] wrote: Plinio Conti [EMAIL PROTECTED] wrote: Is there a way to query the privileges of current user if he hasn't the rights to read the mysql system tables (user, db, hosts, etc..) I mean, I CAN'T give a standard user the chance of read system tables! But my client app wants to know if the current user has (for example) the rights to write on table xxx, because if not, I don't want to let him try and fail, I want to disable the updates in advance. Take a look at SHOW GRANTS command: http://www.mysql.com/doc/en/SHOW_GRANTS.html -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Egor Egorov / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
Plinio Conti [EMAIL PROTECTED] wrote: Sorry, I was not using any SELCT in my queries, it's just an error typing the email I confirm: SHOW GRANTS FOR CURRENT_USER(); does not work, while that query is exaclty what you expect to do reading mysql manual. It means that you can use CURRENT_USER() function to know username and hostname that the current session was authenticated as. And then you can use this info in the SHOW GRANTS statement. For example: mysql SELECT CURRENT_USER(); ++ | CURRENT_USER() | ++ | [EMAIL PROTECTED] | ++ 1 row in set (0.00 sec) mysql SHOW GRANTS FOR [EMAIL PROTECTED]; ++ | Grants for [EMAIL PROTECTED] | ++ | GRANT USAGE ON *.* TO 'egor'@'localhost' IDENTIFIED BY PASSWORD '332ab33958e81d12' | | GRANT ALL PRIVILEGES ON `egor`.* TO 'egor'@'localhost' | ++ 2 rows in set (0.00 sec) On Tue, 23 Dec 2003 12:47:11 +0200 Egor Egorov [EMAIL PROTECTED] wrote: Plinio Conti [EMAIL PROTECTED] wrote: The manual page at http://www.mysql.com/doc/en/SHOW_GRANTS.html says: To list grants for the current session one may use CURRENT_USER() function But if I run SELECT SHOW GRANTS FOR CURRENT_USER(); I get syntax error (Error 1064). While if I run directly SELECT SHOW GRANTS FOR [EMAIL PROTECTED]; It works. Did you guess why? Look at the example of usage SHOW GRANTS in the manual: mysql SHOW GRANTS FOR [EMAIL PROTECTED]; There is no SELECT word in the query. -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Egor Egorov / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
To be honest, the fact I can't get it with only one query but I have to do: 1) SELECT CURRENT_USER(); 2) SHOW GRANTS FOR valueExtractedByPreviousQuery; is a little thing compared with work remaing to get usefull information: I have to parse the strings returned by query 2, handle the wildcards, handle ALL PRIVILEGES, comparing db-level privileges with table-level ones and with column-level ones, etc... I probably will do all that, only I wonder there is not a more simple solution. I mean, it looks a so common issue that I imagine there is better solution but I can't figure which. User authenticates, and client app wants to know what that user is allowed to do, so the app can show to its user the correct user interface (for example editing disabled if user can't write, etc..) -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
Plinio, Hence my suggestion for use of a flat file. The file can be located on the db server middle tier wherever it doesnt matter. The important part is that you control what goes in the file and its done ahead of time not when an enduser presses a button. What about creating tables the users can view loaded with the system table information your users need to see(same as flat file just do it with table in the database). It would be much better if you could get the information together and then let endusers view it as opposed to firing two statements and going through a bunch of parsing etc ... like you stated below everytime they press a button. The route your taking will be slower,more resource intensive and more complicated. - Original Message - From: Plinio Conti [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, December 23, 2003 11:58 AM Subject: Re: Quering user privileges To be honest, the fact I can't get it with only one query but I have to do: 1) SELECT CURRENT_USER(); 2) SHOW GRANTS FOR valueExtractedByPreviousQuery; is a little thing compared with work remaing to get usefull information: I have to parse the strings returned by query 2, handle the wildcards, handle ALL PRIVILEGES, comparing db-level privileges with table-level ones and with column-level ones, etc... I probably will do all that, only I wonder there is not a more simple solution. I mean, it looks a so common issue that I imagine there is better solution but I can't figure which. User authenticates, and client app wants to know what that user is allowed to do, so the app can show to its user the correct user interface (for example editing disabled if user can't write, etc..) -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
At 15:46 +0100 12/23/03, Plinio Conti wrote: Sorry, I was not using any SELCT in my queries, it's just an error typing the email I confirm: SHOW GRANTS FOR CURRENT_USER(); does not work, while that query is exaclty what you expect to do reading mysql manual. I agree, one might easily come to that conclusion based on the wording. The manual was imprecise/wrong. I've changed it to point out that you must first select the value of CURRENT_USER(), then use the value it returns in the SHOW GRANTS statement. On Tue, 23 Dec 2003 12:47:11 +0200 Egor Egorov [EMAIL PROTECTED] wrote: Plinio Conti [EMAIL PROTECTED] wrote: The manual page at http://www.mysql.com/doc/en/SHOW_GRANTS.html says: To list grants for the current session one may use CURRENT_USER() function But if I run SELECT SHOW GRANTS FOR CURRENT_USER(); I get syntax error (Error 1064). While if I run directly SELECT SHOW GRANTS FOR [EMAIL PROTECTED]; It works. Did you guess why? Look at the example of usage SHOW GRANTS in the manual: mysql SHOW GRANTS FOR [EMAIL PROTECTED]; There is no SELECT word in the query. On Mon, 22 Dec 2003 15:37:43 +0200 Egor Egorov [EMAIL PROTECTED] wrote: Plinio Conti [EMAIL PROTECTED] wrote: Is there a way to query the privileges of current user if he hasn't the rights to read the mysql system tables (user, db, hosts, etc..) I mean, I CAN'T give a standard user the chance of read system tables! But my client app wants to know if the current user has (for example) the rights to write on table xxx, because if not, I don't want to let him try and fail, I want to disable the updates in advance. Take a look at SHOW GRANTS command: http://www.mysql.com/doc/en/SHOW_GRANTS.html -- Paul DuBois, Senior Technical Writer Madison, Wisconsin, USA MySQL AB, www.mysql.com Are you MySQL certified? http://www.mysql.com/certification/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
Paul DuBois wrote: At 15:46 +0100 12/23/03, Plinio Conti wrote: Sorry, I was not using any SELECT in my queries, it's just an error typing the email I confirm: SHOW GRANTS FOR CURRENT_USER(); does not work, while that query is exactly what you expect to do reading mysql manual. I agree, one might easily come to that conclusion based on the wording. The manual was imprecise/wrong. I've changed it to point out that you must first select the value of CURRENT_USER(), then use the value it returns in the SHOW GRANTS statement. From the manual, To list grants for the current session, you can find out what user the session was authenticated as by selecting the value of the CURRENT_USER() function (new in version 4.0.6). Then use that value in the SHOW GRANTS statement. I assume that's the reworked version. I don't think that's sufficient. Though it does not suggest SHOW GRANTS FOR CURRENT_USER(), it doesn't say it won't work. Even then, if you are familiar with mysql user variables, surely get a value in one statement then use it in the next implies a user variable, but SET @u = CURRENT_USER(); SHOW GRANTS FOR @u; doesn't work, either. As I see it, use that value here really means copy/paste, or assign it to a variable in your external client program. There does not appear to be any way *within mysql* to pass the result of CURRENT_USER() to SHOW GRANTS. I assume this is because the processing of SHOW GRANTS FOR simply does not consider the possibility that what comes next might be a variable or function, as SELECT does, for example. Now that we've determined that's the way it works, isn't Should it work that way? the next logical question? After all, CURRENT_USER() returns [EMAIL PROTECTED], while SHOW GRANTS FOR expects [EMAIL PROTECTED] Intuitively, SHOW GRANTS FOR CURRENT_USER() should work. But it doesn't. Shouldn't that be considered a bug, or at least a missing feature? Admittedly, I haven't yet looked at that portion of the code, so I don't know how easy or difficult this would be to change. Michael -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
Plinio Conti [EMAIL PROTECTED] wrote: Is there a way to query the privileges of current user if he hasn't the rights to read the mysql system tables (user, db, hosts, etc..) I mean, I CAN'T give a standard user the chance of read system tables! But my client app wants to know if the current user has (for example) the rights to write on table xxx, because if not, I don't want to let him try and fail, I want to disable the updates in advance. Take a look at SHOW GRANTS command: http://www.mysql.com/doc/en/SHOW_GRANTS.html -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Egor Egorov / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
Thank you! That is what I was looking for! Unfortunatly that command is not SQL 92 or SQL 99 standard, isn't it? (at least I guess, after I quick search in my ANSI files, BTW I think if they had put in MySQL documentation a note for each SQL command where is specified standard compliance that would be greatly appreciated!) Since for the rest my application was standard SQL92... it's a pity bye Plinio On Mon, 22 Dec 2003 15:37:43 +0200 Egor Egorov [EMAIL PROTECTED] wrote: Plinio Conti [EMAIL PROTECTED] wrote: Is there a way to query the privileges of current user if he hasn't the rights to read the mysql system tables (user, db, hosts, etc..) I mean, I CAN'T give a standard user the chance of read system tables! But my client app wants to know if the current user has (for example) the rights to write on table xxx, because if not, I don't want to let him try and fail, I want to disable the updates in advance. Take a look at SHOW GRANTS command: http://www.mysql.com/doc/en/SHOW_GRANTS.html -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Egor Egorov / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
The manual page at http://www.mysql.com/doc/en/SHOW_GRANTS.html says: To list grants for the current session one may use CURRENT_USER() function But if I run SELECT SHOW GRANTS FOR CURRENT_USER(); I get syntax error (Error 1064). While if I run directly SELECT SHOW GRANTS FOR [EMAIL PROTECTED]; It works. Did you guess why? On Mon, 22 Dec 2003 15:37:43 +0200 Egor Egorov [EMAIL PROTECTED] wrote: Plinio Conti [EMAIL PROTECTED] wrote: Is there a way to query the privileges of current user if he hasn't the rights to read the mysql system tables (user, db, hosts, etc..) I mean, I CAN'T give a standard user the chance of read system tables! But my client app wants to know if the current user has (for example) the rights to write on table xxx, because if not, I don't want to let him try and fail, I want to disable the updates in advance. Take a look at SHOW GRANTS command: http://www.mysql.com/doc/en/SHOW_GRANTS.html -- For technical support contracts, goto https://order.mysql.com/?ref=ensita This email is sponsored by Ensita.net http://www.ensita.net/ __ ___ ___ __ / |/ /_ __/ __/ __ \/ /Egor Egorov / /|_/ / // /\ \/ /_/ / /__ [EMAIL PROTECTED] /_/ /_/\_, /___/\___\_\___/ MySQL AB / Ensita.net ___/ www.mysql.com -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Quering user privileges
Is there a way to query the privileges of current user if he hasn't the rights to read the mysql system tables (user, db, hosts, etc..) I mean, I CAN'T give a standard user the chance of read system tables! But my client app wants to know if the current user has (for example) the rights to write on table xxx, because if not, I don't want to let him try and fail, I want to disable the updates in advance. Tahnk you, Plinio -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: Quering user privileges
What about creating a flat file on the middle tier from the database system tables that the clients can view with your gui or web page. Only things is keeping the file in sync with the system tables. But access will be faster to the flat file and no security risks because there won't even be a connection to the database from the client when viewing the file. - Original Message - From: Plinio Conti [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 21, 2003 5:55 PM Subject: Quering user privileges Is there a way to query the privileges of current user if he hasn't the rights to read the mysql system tables (user, db, hosts, etc..) I mean, I CAN'T give a standard user the chance of read system tables! But my client app wants to know if the current user has (for example) the rights to write on table xxx, because if not, I don't want to let him try and fail, I want to disable the updates in advance. Tahnk you, Plinio -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED] -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
