[Phpmyadmin-devel] 1295022 - Privileges for non superuser

[Marc Delisle]

Aaron Maturen a écrit :
> There may be a bug with the current configuration. The privilege tab
> is enabled if the user has SELECT on mysql.user, not based on whether
> the user has the Grant Option. This allows the user to enter into
> Edit Privilege but all of the subsequent queries will fail because
> the user doesn't have the permission to grant any privileges. Also
> the current way of handling the privilege queries can get buggy if
> the user doesn't have ALL PRIVILEGES. The current way to handle
> changes to server privileges is to revoke *.* then to reassign the
> privileges that are wanted. This runs into a problem when the User
> changing the grants doesn't have a grant that they need to reassign
> to another user. MySQL doesn't allow for a user to modify privileges
> that they don't have assigned themselves. To prevent this there could
> be a query on the administrative user's grants and then disable the
> boxes on the form that they don't have themselves. If they don't have
> the grant option, then all the boxes could be disabled so they can
> view grants but not change any of them. Then the query generation
> needs to be changed from revoke *.* to just revoking/granting the
> difference in another user's grants.

Indeed, phpMyAdmin privileges modules was designed with the general 
cases in mind and I believe it works well for these cases, therefore for 
the majority of users. Your suggestions make sense.

-- 
Marc Delisle
http://infomarc.info