[Phpmyadmin-devel] Should a user be able to remove their own privileges?
Bringing this to phpmyadmin--devel for further discussion. This is specifically related to implementing feature request 1488 "User privilege tab not shown in all relevant cases" [1] On 7/16/14, 4:00 PM, Chirayu Chiripal wrote:
Does it makes sense, to allow a user to revoke some of the global privileges from himself?
I think ideally, we would allow this but display a message warning that it's a bad idea. Something like "You are attempting to remove privileges from the user with which you are currently logged in. This is generally a bad idea and might result in you being unable to log in or change privileges. Are you sure you wish to remove these privileges?" I can't think of a scenario when a user would actually want to do this; but just because it's a bad idea doesn't mean we should prevent the user from doing it, right? Or in this case, is it reasonable to disallow this action? What does everyone else think? 1 - https://sourceforge.net/p/phpmyadmin/feature-requests/1488/
Le 16 juil. 2014 23:46, "Isaac Bennetch" <bennetch@gmail.com> a écrit :
Bringing this to phpmyadmin--devel for further discussion. This is specifically related to implementing feature request 1488 "User privilege tab not shown in all relevant cases" [1]
On 7/16/14, 4:00 PM, Chirayu Chiripal wrote:
Does it makes sense, to allow a user to revoke some of the global privileges from himself?
I think ideally, we would allow this but display a message warning that it's a bad idea. Something like "You are attempting to remove privileges from the user with which you are currently logged in. This is generally a bad idea and might result in you being unable to log in or change privileges. Are you sure you wish to remove these privileges?"
I can't think of a scenario when a user would actually want to do this; but just because it's a bad idea doesn't mean we should prevent the user from doing it, right? Or in this case, is it reasonable to disallow this action?
What does everyone else think?
1 - https://sourceforge.net/p/phpmyadmin/feature-requests/1488/
Hi, I agree with you that we should allow it, but also display a warning message. Hugues.
On Thu, Jul 17, 2014 at 3:21 AM, Hugues Peccatte <hugues.peccatte@gmail.com> wrote:
Le 16 juil. 2014 23:46, "Isaac Bennetch" <bennetch@gmail.com> a écrit :
Bringing this to phpmyadmin--devel for further discussion. This is specifically related to implementing feature request 1488 "User privilege tab not shown in all relevant cases" [1]
On 7/16/14, 4:00 PM, Chirayu Chiripal wrote:
Does it makes sense, to allow a user to revoke some of the global privileges from himself?
I think ideally, we would allow this but display a message warning that it's a bad idea. Something like "You are attempting to remove privileges from the user with which you are currently logged in. This is generally a bad idea and might result in you being unable to log in or change privileges. Are you sure you wish to remove these privileges?"
I can't think of a scenario when a user would actually want to do this; but just because it's a bad idea doesn't mean we should prevent the user from doing it, right? Or in this case, is it reasonable to disallow this action?
P.S.: Currently, it is allowed.
What does everyone else think?
1 - https://sourceforge.net/p/phpmyadmin/feature-requests/1488/
Hi,
I agree with you that we should allow it, but also display a warning message.
Hugues.
Le 2014-07-16 17:45, Isaac Bennetch a écrit :
Bringing this to phpmyadmin--devel for further discussion. This is specifically related to implementing feature request 1488 "User privilege tab not shown in all relevant cases" [1]
On 7/16/14, 4:00 PM, Chirayu Chiripal wrote:
Does it makes sense, to allow a user to revoke some of the global privileges from himself?
I think ideally, we would allow this but display a message warning that it's a bad idea. Something like "You are attempting to remove privileges from the user with which you are currently logged in. This is generally a bad idea and might result in you being unable to log in or change privileges. Are you sure you wish to remove these privileges?"
I can't think of a scenario when a user would actually want to do this; but just because it's a bad idea doesn't mean we should prevent the user from doing it, right? Or in this case, is it reasonable to disallow this action?
What does everyone else think?
As MySQL permits this, phpMyAdmin should let the user do it. Adding a warning can be helpful, keeping in mind that there are certain others actions like a direct deletion of something in the "mysql" database that could cause the same problem to the user. -- Marc Delisle | phpMyAdmin
On Thu, Jul 17, 2014 at 4:18 AM, Marc Delisle <marc@infomarc.info> wrote:
Le 2014-07-16 17:45, Isaac Bennetch a écrit :
Bringing this to phpmyadmin--devel for further discussion. This is specifically related to implementing feature request 1488 "User privilege tab not shown in all relevant cases" [1]
On 7/16/14, 4:00 PM, Chirayu Chiripal wrote:
Does it makes sense, to allow a user to revoke some of the global privileges from himself?
I think ideally, we would allow this but display a message warning that it's a bad idea. Something like "You are attempting to remove privileges from the user with which you are currently logged in. This is generally a bad idea and might result in you being unable to log in or change privileges. Are you sure you wish to remove these privileges?"
I can't think of a scenario when a user would actually want to do this; but just because it's a bad idea doesn't mean we should prevent the user from doing it, right? Or in this case, is it reasonable to disallow this action?
What does everyone else think?
As MySQL permits this, phpMyAdmin should let the user do it.
Adding a warning can be helpful, keeping in mind that there are certain others actions like a direct deletion of something in the "mysql" database that could cause the same problem to the user.
Instead of adding a confirmation dialog and increasing one step for the user, how about adding a short notice on the edit privileges page to remind the user that he is editing his own privileges? The notice can be something like this: "Note: You are attempting to edit privileges of the user with which you are currently logged in.". This notice will appear only when user is editing his own privileges.
participants (4)
-
Chirayu Chiripal -
Hugues Peccatte -
Isaac Bennetch -
Marc Delisle