Hello,
I currently am
struggling to get the permissions and table restrictions to
work.
Description of the
case:
----------------------------------
For a database
"examp", where table "foobar" which contains colums "A", "B" and C ,only a
restricted access is allowed.
Lets say that user
"peter" idendified by "kieke" may only READ attributes "A" and
"B" from hosts in the domain "siemens.com", but can also do an UPDATE
attribute "A" when he is connecting from host "stardust.siemens.com". The
attribute "C" cannot be read or updated.
What I tried, is to
apply these rules for given case.
I used the
(textbook) grant statement like:
grant SELECT (A,B)
on examp.foobar for 'peter'@'stardust.siemens.com'
identified by "kieke";
grant UPDATE
(A) on examp.foobar for 'peter'@'stardust.siemens.com'
identified by "kieke";
This does the job well. only from that host
I have the correct access and restrictions.
BUT, when I apply the 'domain' rule, it does
not work anymore. In detail, I can still SELECT the A and B, but
cannot UPDATE A anymore from the specific host.
grant SELECT (A,B) on examp.foobar for 'peter'@'%.siemens.com' identified by
"kieke";
I tried by
adding an entry to the host and db table of mysql-db, but there either then
R/W is allowed on all attributes or on none. (all 'Y' or all
'N')
Am I
forgetting something ?
I also tried
to delete all created entries in the user table, and replaced them with one
entry, namely by
grant USAGE on *.*
for 'peter'@'%' identified by
"kieke";
So that default permissions are set to
'N'.
Basic idea: restrict access to only READ for specific
domains (using the % ) and allow WRITE to some specic hosts of the same
domain
Hope someone can
hint me a solution.
With
regards,
Peter
De Leuze SIEMENS Atea [EMAIL PROTECTED] phone: +32 14 253493 Fax: +32 14 22 29 94 |
Mobile Solutions and Enabling Services http://www.ic.siemens.be |
|
Customer driven solution providers |
-- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]