in MySQL, revoke a privilege after granting a general privilege
Using standard SQL - have have done this repeatedly in PosgresQL and Oracle - I wish to grant a SELECT to all tables in schema1 except secret
to user1
grant select on schema1.* to user1;
revoke select on schema1.users from user1;
Received开发者_如何学运维 error:
ERROR 1147 (42000): There is no such grant defined for user 'user1' on host '%' on table 'secret'
What am I doing wrong?
Evidently this is standard MySQL behavior!!
Makes it easier to understand the lack of security sophistication in apps using MySQL - to set up correct user security in MySQL is insanely difficult.
Nothing. MySQL doesn't expand the schema1.*
wildcard to the individual tables, nor does it store "exceptions". The permissions tables store the granted permissions. Therefore, since you didn't actually grant anything on schema1.users
, there's nothing for MySQL to revoke. It just comes down to how MySQL handles permissions.
精彩评论