[Phpmyadmin-devel] Should a user be able to remove their own privileges?
chirayu.chiripal at gmail.com
Thu Jul 17 20:26:44 CEST 2014
On Thu, Jul 17, 2014 at 4:18 AM, Marc Delisle <marc at infomarc.info> wrote:
> Le 2014-07-16 17:45, Isaac Bennetch a écrit :
> > Bringing this to phpmyadmin--devel for further discussion. This is
> > specifically related to implementing feature request 1488 "User
> > privilege tab not shown in all relevant cases" 
> > On 7/16/14, 4:00 PM, Chirayu Chiripal wrote:
> >> Does it makes sense, to allow a user to revoke some of the global
> >> privileges from himself?
> > I think ideally, we would allow this but display a message warning that
> > it's a bad idea. Something like "You are attempting to remove privileges
> > from the user with which you are currently logged in. This is generally
> > a bad idea and might result in you being unable to log in or change
> > privileges. Are you sure you wish to remove these privileges?"
> > I can't think of a scenario when a user would actually want to do this;
> > but just because it's a bad idea doesn't mean we should prevent the user
> > from doing it, right? Or in this case, is it reasonable to disallow this
> > action?
> > What does everyone else think?
> As MySQL permits this, phpMyAdmin should let the user do it.
> Adding a warning can be helpful, keeping in mind that there are certain
> others actions like a direct deletion of something in the "mysql"
> database that could cause the same problem to the user.
Instead of adding a confirmation dialog and increasing one step for the
user, how about adding a short notice on the edit privileges page to remind
the user that he is editing his own privileges?
The notice can be something like this: "Note: You are attempting to edit
privileges of the user with which you are currently logged in.". This
notice will appear only when user is editing his own privileges.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Developers