Bug #12855 Non privileged users can't create or drop triggers
Submitted: 29 Aug 2005 18:28 Modified: 19 Sep 2005 17:51
Reporter: Markus Popp Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server Severity:S2 (Serious)
Version:5.0.11-beta OS:Any (all)
Assigned to: MySQL Verification Team CPU Architecture:Any

[29 Aug 2005 18:28] Markus Popp 
Description:
The fact that creating and dropping triggers require the SUPER privilege makes it impossible for administrators to give non privileged users the permission to create and drop triggers.

How to repeat:
If you create a user who should only be able to access one or more specific database(s) and to create or drop triggers, you can only give him the SUPER privilege which gives him further administrative permissions far beyond creating and dropping triggers. For example, ISPs could never allow their users to create or drop triggers due to security risks.

Suggested fix:
I would recommand creating an own set of privileges for creating and dropping triggers based on a specific database.
[17 Sep 2005 1:10] Markus Popp 
Changed the severity of this report.
[19 Sep 2005 17:51] MySQL Verification Team 
Please do not submit the same bug more than once. An existing
bug report already describes this very problem. Even if you feel
that your issue is somewhat different, the resolution is likely
to be the same. Because of this, we hope you add your comments
to the original bug instead.

Thank you for your interest in MySQL.

Additional info:

Duplicate of: http://bugs.mysql.com/bug.php?id=9412