[Phpmyadmin-devel] RFE #1488, #781 User privilege tab not shown in all relevant cases
Hi,
From the discussion on RFE #781, it seems that without having select access to mysql database the user having only GRANT or CREATE USER rights cannot see the list of users. So, what do you think should to be displayed in Users tab, only create user?
Such users can create user if they have create privilege and grant privileges which they are having to another user. -- Regards, Chirayu Chiripal phpMyAdmin Intern - Google Summer of Code 2014 https://chirayuchiripal.wordpress.com/
On Fri, Jul 11, 2014 at 8:21 AM, Chirayu Chiripal <chirayu.chiripal@gmail.com> wrote:
Hi,
From the discussion on RFE #781, it seems that without having select access to mysql database the user having only GRANT or CREATE USER rights cannot see the list of users. So, what do you think should to be displayed in Users tab, only create user?
This seems good to me.
Such users can create user if they have create privilege and grant privileges which they are having to another user.
-- Regards, Chirayu Chiripal phpMyAdmin Intern - Google Summer of Code 2014 https://chirayuchiripal.wordpress.com/
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
On Fri, Jul 11, 2014 at 6:46 PM, Isaac Bennetch <bennetch@gmail.com> wrote:
On Fri, Jul 11, 2014 at 8:21 AM, Chirayu Chiripal <chirayu.chiripal@gmail.com> wrote:
Hi,
From the discussion on RFE #781, it seems that without having select access to mysql database the user having only GRANT or CREATE USER rights cannot see the list of users. So, what do you think should to be displayed in Users tab, only create user?
This seems good to me.
And what if user is having only GRANT privileges?
Such users can create user if they have create privilege and grant privileges which they are having to another user.
-- Regards, Chirayu Chiripal phpMyAdmin Intern - Google Summer of Code 2014 https://chirayuchiripal.wordpress.com/
On Fri, Jul 11, 2014 at 9:24 AM, Chirayu Chiripal <chirayu.chiripal@gmail.com> wrote:
On Fri, Jul 11, 2014 at 6:46 PM, Isaac Bennetch <bennetch@gmail.com> wrote:
On Fri, Jul 11, 2014 at 8:21 AM, Chirayu Chiripal <chirayu.chiripal@gmail.com> wrote:
Hi,
From the discussion on RFE #781, it seems that without having select access to mysql database the user having only GRANT or CREATE USER rights cannot see the list of users. So, what do you think should to be displayed in Users tab, only create user?
This seems good to me.
And what if user is having only GRANT privileges?
If I correctly understand the MySQL privilege structure, what you're referring to is a situation where a user would be allowed to change privileges but can't see the list of other users. Obviously, that makes it difficult to provide a GUI for those users :) If I'm correct, there's no way to deal with this. The best I think we can do is provide some text ("You have the GRANT_OPTION privilege but not SELECT on the mysql database. We are unable to show the list of users, but you can still write SQL directly." with a link to the MySQL documentation, perhaps). That's the best idea I can come up with off hand. Of course, I've been interrupted five times writing these two paragraphs, so I may be answering a completely different question at this point...
Such users can create user if they have create privilege and grant privileges which they are having to another user.
-- Regards, Chirayu Chiripal phpMyAdmin Intern - Google Summer of Code 2014 https://chirayuchiripal.wordpress.com/
------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
On Fri, Jul 11, 2014 at 7:15 PM, Isaac Bennetch <bennetch@gmail.com> wrote:
On Fri, Jul 11, 2014 at 9:24 AM, Chirayu Chiripal <chirayu.chiripal@gmail.com> wrote:
On Fri, Jul 11, 2014 at 6:46 PM, Isaac Bennetch <bennetch@gmail.com> wrote:
On Fri, Jul 11, 2014 at 8:21 AM, Chirayu Chiripal <chirayu.chiripal@gmail.com> wrote:
Hi,
From the discussion on RFE #781, it seems that without having select access to mysql database the user having only GRANT or CREATE USER rights cannot see the list of users. So, what do you think should to be displayed in Users tab, only create user?
This seems good to me.
And what if user is having only GRANT privileges?
If I correctly understand the MySQL privilege structure, what you're referring to is a situation where a user would be allowed to change privileges but can't see the list of other users. Obviously, that makes it difficult to provide a GUI for those users :)
Its not only about list of other users, we can't also see what privileges they have. Actually, I maybe wrong with this assumption but I can't see use of such user (having GRANT_OPTION privilege but no SELECT on mysql database) in practical but this may happen accidentally.
If I'm correct, there's no way to deal with this. The best I think we can do is provide some text ("You have the GRANT_OPTION privilege but not SELECT on the mysql database. We are unable to show the list of users, but you can still write SQL directly." with a link to the MySQL documentation, perhaps). That's the best idea I can come up with off hand.
This seems good to me too.
Of course, I've been interrupted five times writing these two paragraphs, so I may be answering a completely different question at this point...
On 7/11/14, 4:10 PM, Chirayu Chiripal wrote:
On Fri, Jul 11, 2014 at 7:15 PM, Isaac Bennetch <bennetch@gmail.com <mailto:bennetch@gmail.com>> wrote:
On Fri, Jul 11, 2014 at 9:24 AM, Chirayu Chiripal <chirayu.chiripal@gmail.com <mailto:chirayu.chiripal@gmail.com>> wrote: > On Fri, Jul 11, 2014 at 6:46 PM, Isaac Bennetch <bennetch@gmail.com <mailto:bennetch@gmail.com>> wrote: >> >> On Fri, Jul 11, 2014 at 8:21 AM, Chirayu Chiripal >> <chirayu.chiripal@gmail.com <mailto:chirayu.chiripal@gmail.com>> wrote: >> > Hi, >> > >> > From the discussion on RFE #781, it seems that without having select >> > access >> > to mysql database the user having only GRANT or CREATE USER rights >> > cannot >> > see the list of users. So, what do you think should to be displayed in >> > Users >> > tab, only create user? >> >> This seems good to me. > > > And what if user is having only GRANT privileges?
If I correctly understand the MySQL privilege structure, what you're referring to is a situation where a user would be allowed to change privileges but can't see the list of other users. Obviously, that makes it difficult to provide a GUI for those users :)
Its not only about list of other users, we can't also see what privileges they have.
Ah, quite right.
Actually, I maybe wrong with this assumption but I can't see use of such user (having GRANT_OPTION privilege but no SELECT on mysql database) in practical but this may happen accidentally.
That is my thought as well. I think this is something we should deal with appropriately (the message below, for instance), but not worry too much about.
If I'm correct, there's no way to deal with this. The best I think we can do is provide some text ("You have the GRANT_OPTION privilege but not SELECT on the mysql database. We are unable to show the list of users, but you can still write SQL directly." with a link to the MySQL documentation, perhaps). That's the best idea I can come up with off hand.
This seems good to me too.
Of course, I've been interrupted five times writing these two paragraphs, so I may be answering a completely different question at this point...
------------------------------------------------------------------------------
_______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
Le 11 juil. 2014 22:15, "Isaac Bennetch" <bennetch@gmail.com> a écrit :
On 7/11/14, 4:10 PM, Chirayu Chiripal wrote:
On Fri, Jul 11, 2014 at 7:15 PM, Isaac Bennetch <bennetch@gmail.com <mailto:bennetch@gmail.com>> wrote:
On Fri, Jul 11, 2014 at 9:24 AM, Chirayu Chiripal <chirayu.chiripal@gmail.com <mailto:chirayu.chiripal@gmail.com>>
wrote:
> On Fri, Jul 11, 2014 at 6:46 PM, Isaac Bennetch <bennetch@gmail.com <mailto:bennetch@gmail.com>> wrote: >> >> On Fri, Jul 11, 2014 at 8:21 AM, Chirayu Chiripal >> <chirayu.chiripal@gmail.com <mailto:chirayu.chiripal@gmail.com>> wrote: >> > Hi, >> > >> > From the discussion on RFE #781, it seems that without having select >> > access >> > to mysql database the user having only GRANT or CREATE USER
rights
>> > cannot >> > see the list of users. So, what do you think should to be displayed in >> > Users >> > tab, only create user? >> >> This seems good to me. > > > And what if user is having only GRANT privileges?
If I correctly understand the MySQL privilege structure, what you're referring to is a situation where a user would be allowed to change privileges but can't see the list of other users. Obviously, that makes it difficult to provide a GUI for those users :)
Its not only about list of other users, we can't also see what privileges they have.
Ah, quite right.
Actually, I maybe wrong with this assumption but I can't see use of such user (having GRANT_OPTION privilege but no SELECT on mysql database) in practical but this may happen accidentally.
That is my thought as well. I think this is something we should deal with appropriately (the message below, for instance), but not worry too much about.
If I'm correct, there's no way to deal with this. The best I think
we
can do is provide some text ("You have the GRANT_OPTION privilege but not SELECT on the mysql database. We are unable to show the list of users, but you can still write SQL directly." with a link to the MySQL documentation, perhaps). That's the best
idea
I can come up with off hand.
This seems good to me too.
Of course, I've been interrupted five times writing these two paragraphs, so I may be answering a completely different question at this point...
Hi, I agree with Isaac. This is a strange case, but let's manage it simply by displaying a message and forwarding the user to SQL console. Hugues.
participants (3)
-
Chirayu Chiripal -
Hugues Peccatte -
Isaac Bennetch