Using standard SQL - have have done this repeatedly in PosgresQL and Oracle - I wish to grant a SELECT to all tables in schema1 except secret
to user1
grant select on schema1.* to user1;
revoke select on schema1.users from user1;
Received error:
ERROR 1147 (42000): There is no such grant defined for user 'user1' on host '%' on table 'secret'
What am I doing wrong?
Evidently this is standard MySQL behavior!!
Makes it easier to understand the lack of security sophistication in apps using MySQL - to set up correct user security in MySQL is insanely difficult.
Nothing. MySQL doesn't expand the schema1.*
wildcard to the individual tables, nor does it store "exceptions". The permissions tables store the granted permissions. Therefore, since you didn't actually grant anything on schema1.users
, there's nothing for MySQL to revoke. It just comes down to how MySQL handles permissions.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With