On Thu, Jul 17, 2014 at 4:18 AM, Marc Delisle <marc(a)infomarc.info> wrote:
Le 2014-07-16 17:45, Isaac Bennetch a écrit :
Bringing this to phpmyadmin--devel for further
discussion. This is
specifically related to implementing feature request 1488 "User
privilege tab not shown in all relevant cases" [1]
On 7/16/14, 4:00 PM, Chirayu Chiripal wrote:
Does it makes sense, to allow a user to revoke
some of the global
privileges from himself?
I think ideally, we would allow this but display a message warning that
it's a bad idea. Something like "You are attempting to remove privileges
from the user with which you are currently logged in. This is generally
a bad idea and might result in you being unable to log in or change
privileges. Are you sure you wish to remove these privileges?"
I can't think of a scenario when a user would actually want to do this;
but just because it's a bad idea doesn't mean we should prevent the user
from doing it, right? Or in this case, is it reasonable to disallow this
action?
What does everyone else think?
As MySQL permits this, phpMyAdmin should let the user do it.
Adding a warning can be helpful, keeping in mind that there are certain
others actions like a direct deletion of something in the "mysql"
database that could cause the same problem to the user.
Instead of adding a confirmation dialog and increasing one step for the
user, how about adding a short notice on the edit privileges page to remind
the user that he is editing his own privileges?
The notice can be something like this: "Note: You are attempting to edit
privileges of the user with which you are currently logged in.". This
notice will appear only when user is editing his own privileges.