Comments on: Dropping a table does not remove permissions granted to it in MySQL http://www.haidongji.com/2009/02/23/dropping-a-table-does-not-remove-permissions-granted-to-it-in-mysql/ 季庄新闻--Haidong Ji's Blog Wed, 04 Jan 2012 09:32:09 +0000 hourly 1 http://wordpress.org/?v=3.1.2 By: Haidong Jihttp://www.haidongji.com/2009/02/23/dropping-a-table-does-not-remove-permissions-granted-to-it-in-mysql/comment-page-1/#comment-17673 Haidong Ji Thu, 26 Feb 2009 05:07:37 +0000 http://www.haidongji.com/?p=567#comment-17673 Hi Don and Tim, Thanks for the great comments. @Don, thanks for the link. Interestingly, I think I encountered a bug of MySQL 5.1 Community on Windows, where if you do: create user 'haidong'@'%' identified by 'StrongPassword'; grant select on test.t1 to 'haidong'@'%'; flush privileges and haidong could not connect! I think I will need to dig further. @Tim S. The DROP DATABASE PURGE USERS is an intriguing idea. I still think that when something is dropped, everything that associated with that object should go, or dereferenced, for lack of better word. I know that it is a common practice to for pre-built script to drop and recreate tables, but I will submit part of that script should take care of permissions. Been busy lately. I may come back to this when I get a moment to spare. Thanks again for the comments. Hi Don and Tim,

Thanks for the great comments.

@Don, thanks for the link. Interestingly, I think I encountered a bug of MySQL 5.1 Community on Windows, where if you do:

create user ‘haidong’@'%’ identified by ‘StrongPassword’;
grant select on test.t1 to ‘haidong’@'%’;
flush privileges

and haidong could not connect! I think I will need to dig further.

@Tim S.

The DROP DATABASE PURGE USERS is an intriguing idea. I still think that when something is dropped, everything that associated with that object should go, or dereferenced, for lack of better word. I know that it is a common practice to for pre-built script to drop and recreate tables, but I will submit part of that script should take care of permissions.

Been busy lately. I may come back to this when I get a moment to spare. Thanks again for the comments.

]]> By: Don McArthurhttp://www.haidongji.com/2009/02/23/dropping-a-table-does-not-remove-permissions-granted-to-it-in-mysql/comment-page-1/#comment-17672 Don McArthur Wed, 25 Feb 2009 21:40:34 +0000 http://www.haidongji.com/?p=567#comment-17672 Tim S., I like that, it's clever. Though I'm not much of a fan of deviating from the SQL standard (more than all RDBMSs do already). How about an extension to the user account management syntax? PURGE ACCOUNTS WITHOUT VALID GRANTS or some such? Tim S.,

I like that, it’s clever. Though I’m not much of a fan of deviating from the SQL standard (more than all RDBMSs do already).

How about an extension to the user account management syntax? PURGE ACCOUNTS WITHOUT VALID GRANTS or some such?

]]> By: Tim S.http://www.haidongji.com/2009/02/23/dropping-a-table-does-not-remove-permissions-granted-to-it-in-mysql/comment-page-1/#comment-17671 Tim S. Wed, 25 Feb 2009 20:26:38 +0000 http://www.haidongji.com/?p=567#comment-17671 So I was thinking about this a bit and the thought occurred to me - you might be able to get this to work by simply modifying the DROP DATABASE syntax. So, say, DROP DATABASE by itself would not remove the users associated with that database. But, perhaps something like "DROP DATABASE PURGE USERS" or something might work. That would actually be pretty nice since it doesn't mess with existing behavior but still allows some nice functionality. Just some thoughts! Tim S. So I was thinking about this a bit and the thought occurred to me – you might be able to get this to work by simply modifying the DROP DATABASE syntax. So, say, DROP DATABASE by itself would not remove the users associated with that database. But, perhaps something like “DROP DATABASE PURGE USERS” or something might work.

That would actually be pretty nice since it doesn’t mess with existing behavior but still allows some nice functionality.

Just some thoughts!

Tim S.

]]> By: Tim S.http://www.haidongji.com/2009/02/23/dropping-a-table-does-not-remove-permissions-granted-to-it-in-mysql/comment-page-1/#comment-17670 Tim S. Tue, 24 Feb 2009 14:07:52 +0000 http://www.haidongji.com/?p=567#comment-17670 There are quite a few edge cases I don't think you've realized as well. What if I dropped the table (on accident or purpose) and needed to re-create it? Or what if I am importing data from a dump-file (which usually includes DROP TABLE statements, and for good reason)? There are quite a few edge cases I don’t think you’ve realized as well. What if I dropped the table (on accident or purpose) and needed to re-create it? Or what if I am importing data from a dump-file (which usually includes DROP TABLE statements, and for good reason)?

]]> By: Don McArthurhttp://www.haidongji.com/2009/02/23/dropping-a-table-does-not-remove-permissions-granted-to-it-in-mysql/comment-page-1/#comment-17669 Don McArthur Tue, 24 Feb 2009 13:39:28 +0000 http://www.haidongji.com/?p=567#comment-17669 The issue fades to insignificance when compared to this: "When a client attempts to connect, the server looks through the sorted rows and uses the first match found. For a connection from localhost by jeffrey, two of the rows from the table match: the one with Host and User values of 'localhost' and '', and the one with values of '%' and 'jeffrey'. The 'localhost' row appears first in sorted order, so that is the one the server uses." http://dev.mysql.com/doc/refman/5.1/en/connection-access.html The issue fades to insignificance when compared to this:

“When a client attempts to connect, the server looks through the sorted rows and uses the first match found. For a connection from localhost by jeffrey, two of the rows from the table match: the one with Host and User values of ‘localhost’ and ”, and the one with values of ‘%’ and ‘jeffrey’. The ‘localhost’ row appears first in sorted order, so that is the one the server uses.”

http://dev.mysql.com/doc/refman/5.1/en/connection-access.html

]]>