Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

in MySQL, revoke a privilege after granting a general privilege

Using standard SQL - have have done this repeatedly in PosgresQL and Oracle - I wish to grant a SELECT to all tables in schema1 except secret to user1

grant select on schema1.* to user1;
revoke select on schema1.users from user1;

Received error:

ERROR 1147 (42000): There is no such grant defined for user 'user1' on host '%' on table 'secret'

What am I doing wrong?


Evidently this is standard MySQL behavior!!

Makes it easier to understand the lack of security sophistication in apps using MySQL - to set up correct user security in MySQL is insanely difficult.

like image 634
cc young Avatar asked Oct 05 '11 08:10

cc young


1 Answers

Nothing. MySQL doesn't expand the schema1.* wildcard to the individual tables, nor does it store "exceptions". The permissions tables store the granted permissions. Therefore, since you didn't actually grant anything on schema1.users, there's nothing for MySQL to revoke. It just comes down to how MySQL handles permissions.

like image 132
Mac Avatar answered Oct 21 '22 03:10

Mac