[Phpmyadmin-devel] 1295022 - Privileges for non superuser
Aaron Maturen
atmature at svsu.edu
Wed Apr 14 19:10:43 CEST 2010
There may be a bug with the current configuration. The privilege tab is enabled if the user has SELECT on mysql.user, not based on whether the user has the Grant Option. This allows the user to enter into Edit Privilege but all of the subsequent queries will fail because the user doesn't have the permission to grant any privileges. Also the current way of handling the privilege queries can get buggy if the user doesn't have ALL PRIVILEGES. The current way to handle changes to server privileges is to revoke *.* then to reassign the privileges that are wanted. This runs into a problem when the User changing the grants doesn't have a grant that they need to reassign to another user. MySQL doesn't allow for a user to modify privileges that they don't have assigned themselves. To prevent this there could be a query on the administrative user's grants and then disable the boxes on the form that they don't have themselves. If they don't have the grant option, then all the boxes could be disabled so they can view grants but not change any of them. Then the query generation needs to be changed from revoke *.* to just revoking/granting the difference in another user's grants.
More information about the Developers
mailing list