SQL triggers for granting/revoking privilages
Is it possible to create triggers that will grant or revoke permissions to users in mysql 5.1?
I tried this one :
delimiter //
create trigger sup_tog
before update on members
for each row begin
if old.fname = "xyz" and new.sta开发者_开发百科tus = "b"
then
revoke select, update on mkdb.* from xyz;
end if;
end//
The error message that I got is:
Error Code: 1422. Explicit or implicit commit is not allowed in stored function or trigger.
You can manipulate the rights tables in the mysql
database directly.
table mysql.user
holds universal rights for users (access rights to all databases)
table mysql.db
holds access rights per database
table mysql.table_priv
: access rights per table
Change your trigger into:
DELIMITER $$
CREATE TRIGGER bu_members BEFORE UPDATE ON members FOR EACH ROW
BEGIN
IF old.fname = "xyz" AND new.status = "b" THEN BEGIN
/*revoke select, update on mkdb.* from xyz;*/
UPDATE mysql.db SET
select_priv = 'N'
, update_priv = 'N'
WHERE mysql.db.user = 'xyz' AND mysql.db.db = 'mkdb';
END; END IF;
END $$
Note that the changes will only take effect after the current transaction ends.
This must happen outside the trigger as @Denis has already explained.
Beware that the structure of the
mysql
schema can change (and has changed in the past).If this happens your query may break.
GRANT
/REVOKE
do not have this problem.Use this sort of code with caution and check to see if everything still works if you upgrade your MySQL server.
Double-check the docs on grant/revoke. The error is suggesting that they'd both be auto-committing. This cannot occur during the trigger itself, since the latter gets fired as part of an ongoing transaction.
精彩评论