SQL triggers for granting/revoking privilages

Is it possible to create triggers that will grant or revoke permissions to users in mysql 5.1?

I tried this one :

delimiter //

create trigger sup_tog
before update on members
for each row begin
if old.fname = "xyz" and new.sta开发者_开发百科tus = "b"
then
revoke select, update on mkdb.* from xyz;
end if;

end//

The error message that I got is:

Error Code: 1422. Explicit or implicit commit is not allowed in stored function or trigger.

---

You can manipulate the rights tables in the mysql database directly.

table mysql.user holds universal rights for users (access rights to all databases)
table mysql.db holds access rights per database
table mysql.table_priv: access rights per table

Change your trigger into:

DELIMITER $$

CREATE TRIGGER bu_members BEFORE UPDATE ON members FOR EACH ROW
BEGIN
  IF old.fname = "xyz" AND new.status = "b" THEN BEGIN
    /*revoke select, update on mkdb.* from xyz;*/
    UPDATE mysql.db SET 
      select_priv = 'N'
      , update_priv = 'N' 
    WHERE mysql.db.user = 'xyz' AND mysql.db.db = 'mkdb';
  END; END IF;

END $$

Note that the changes will only take effect after the current transaction ends.
This must happen outside the trigger as @Denis has already explained.

Warning
Beware that the structure of the mysql schema can change (and has changed in the past).
If this happens your query may break.
GRANT/REVOKE do not have this problem.
Use this sort of code with caution and check to see if everything still works if you upgrade your MySQL server.

---

Double-check the docs on grant/revoke. The error is suggesting that they'd both be auto-committing. This cannot occur during the trigger itself, since the latter gets fired as part of an ongoing transaction.