Bug #1358 ACCESS Control:CREATE TEMPORARY TABLE
Submitted: 20 Sep 2003 9:16 Modified: 21 Oct 2003 11:25
Reporter: [ name withheld ] Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:4.0.13 OS:Linux (gentoo Linux)
Assigned to: CPU Architecture:Any

[20 Sep 2003 9:16] [ name withheld ] 
Description:
When using the create_tmp_table_priv in db specific level ( so giving a user 
de right to create tmp_tables in a special db)  the user always gets an Access 
denied when creating the Table. It seems as if this isnt checked. 
 
When giving the User globaly create_tmp_table_priv the user then can create 
temporary tables, but he can also see the DB Names of the other DBs he doesnt 
have Access to. ( Which is not realy desired. I Just checked this out and 
tested it because the other way it didnt work).  

How to repeat:
create a user,  give him create_tmp_table_priv on a special db  an execute a 
query to create the Table. 

Suggested fix:
a review of the Access Control Functions
[24 Sep 2003 13:43] Oleg Ivanov 
i have the same problem on 4.1.0alpha
It is impossible to make a complicated SELECT without global user.Create_tmp_table_priv='Y' privilege:

General error, message from server: "select command denied to user: 'name@localhost' for table '/tmp/#sql_76e_0'"

I think, user wich have SELECT privilege on table MAY select from this table without any background conditions.
[21 Oct 2003 11:25] Dean Ellis 
I am unable to duplicate this with the latest stable release of MySQL 4.0.

If you are not using GRANT statements to give the privilege to the user (ie: GRANT CREATE TEMPORARY TABLES ON databasename.* TO user@host), then you may need to FLUSH PRIVILEGES.

If you continue to have the issue with the latest stable release, please submit a specific test case demonstrating the steps and the SQL you are using to grant the privilege and test for access to create temporary tables.

Thank you