Bug #17580 | Triggers meta-data should be protected by TRIGGER privilege | ||
---|---|---|---|
Submitted: | 20 Feb 2006 13:05 | Modified: | 11 Sep 2006 9:47 |
Reporter: | Alexander Nozdrin | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Stored Routines | Severity: | S3 (Non-critical) |
Version: | 5.1-BK/5.0 BK | OS: | Any (all) |
Assigned to: | Alexander Nozdrin | CPU Architecture: | Any |
[20 Feb 2006 13:05]
Alexander Nozdrin
[20 Feb 2006 14:20]
MySQL Verification Team
Thank you for the bug report.
[21 Feb 2006 17:41]
Sergei Golubchik
No, they should not. The standard analog of 'SHOW TRIGGERS' is INFORMATION_SCHEMA.TRIGGERS and according to the standard everybody is allowed to select from it. But one can only see triggers on tables for which he has at least one non-SELECT privilege on at least one column of the table. So, TRIGGER privilege is not required. But USAGE is wrong either.