[Phpmyadmin-devel] Should a user be able to remove their own privileges?
Marc Delisle
marc at infomarc.info
Thu Jul 17 00:48:02 CEST 2014
Le 2014-07-16 17:45, Isaac Bennetch a écrit :
> Bringing this to phpmyadmin--devel for further discussion. This is
> specifically related to implementing feature request 1488 "User
> privilege tab not shown in all relevant cases" [1]
>
> On 7/16/14, 4:00 PM, Chirayu Chiripal wrote:
>> Does it makes sense, to allow a user to revoke some of the global
>> privileges from himself?
>
> I think ideally, we would allow this but display a message warning that
> it's a bad idea. Something like "You are attempting to remove privileges
> from the user with which you are currently logged in. This is generally
> a bad idea and might result in you being unable to log in or change
> privileges. Are you sure you wish to remove these privileges?"
>
> I can't think of a scenario when a user would actually want to do this;
> but just because it's a bad idea doesn't mean we should prevent the user
> from doing it, right? Or in this case, is it reasonable to disallow this
> action?
>
> What does everyone else think?
As MySQL permits this, phpMyAdmin should let the user do it.
Adding a warning can be helpful, keeping in mind that there are certain
others actions like a direct deletion of something in the "mysql"
database that could cause the same problem to the user.
--
Marc Delisle | phpMyAdmin
More information about the Developers
mailing list