Bug #18478 | GRANT ALL PRIVILEGES does not give all the privileges for CREATE | ||
---|---|---|---|
Submitted: | 24 Mar 2006 7:36 | Modified: | 30 Mar 2006 12:00 |
Reporter: | vadim likhota | Email Updates: | |
Status: | Not a Bug | Impact on me: | |
Category: | MySQL Server | Severity: | S3 (Non-critical) |
Version: | 5.0.19 | OS: | Any (all) |
Assigned to: | CPU Architecture: | Any |
[24 Mar 2006 7:36]
vadim likhota
[24 Mar 2006 9:55]
Valeriy Kravchuk
Thank you for a problem report. Please, read the manual (http://dev.mysql.com/doc/refman/5.0/en/stored-procedure-logging.html) carefully and send the results of the following statement: SHOW VARIABLES LIKE 'log_bin%'; from your system. It may be not a bug, really.
[25 Mar 2006 10:12]
vadim likhota
I added "log-bin" in my.cnf in section [server] and restarted mysql. [vadim@vadim ~]$ mysql -u test01 -h myserver Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 to server version: 5.0.19-standard-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> use test01 Database changed mysql> delimiter // mysql> create trigger test01_bi -> before insert -> on test01 -> for each row -> begin -> set NEW.user_ins := user(); -> set NEW.date_ins := curdate(); -> end; -> // ERROR 1227 (42000): Access denied; you need the SUPER privilege for this operation mysql> SHOW VARIABLES LIKE 'log_bin%'; -> // +---------------------------------+-------+ | Variable_name | Value | +---------------------------------+-------+ | log_bin | ON | | log_bin_trust_function_creators | OFF | +---------------------------------+-------+ 2 rows in set (0.00 sec) mysql> quit Bye [vadim@vadim ~]$ mysql -u root -h myserver Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 3 to server version: 5.0.19-standard-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> SET GLOBAL log_bin_trust_function_creators = 1; Query OK, 0 rows affected (0.00 sec) mysql> quit Bye [vadim@vadim ~]$ mysql -u test01 -h myserver Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4 to server version: 5.0.19-standard-log Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql> use test01 Database changed mysql> delimiter // mysql> create trigger test01 -> before insert -> on test01 -> for each row -> begin -> set NEW.user_ins := user(); -> set NEW.date_ins := curdate(); -> end; -> // ERROR 1227 (42000): Access denied; you need the SUPER privilege for this operation mysql> SHOW VARIABLES LIKE 'log_bin%'; -> // +---------------------------------+-------+ | Variable_name | Value | +---------------------------------+-------+ | log_bin | ON | | log_bin_trust_function_creators | ON | +---------------------------------+-------+ 2 rows in set (0.00 sec)
[25 Mar 2006 16:56]
Paul DuBois
The results observed are as documented at: http://dev.mysql.com/doc/refman/5.0/en/stored-procedure-logging.html The restrictions noted there for stored functions also apply to triggers.
[30 Mar 2006 12:00]
Valeriy Kravchuk
Sorry, but in version 5.0.x it is not a bug. You need SUPER priviledge just to CREATE TRIGGER, anyway (http://dev.mysql.com/doc/refman/5.0/en/create-trigger.html): "This statement creates a new trigger. A trigger is a named database object that is associated with a table, and that activates when a particular event occurs for the table. CREATE TRIGGER was added in MySQL 5.0.2. Currently, its use requires the SUPER privilege." Compare to http://dev.mysql.com/doc/refman/5.1/en/create-trigger.html: "This statement creates a new trigger. A trigger is a named database object that is associated with a table, and that activates when a particular event occurs for the table. Currently, CREATE TRIGGER requires the TRIGGER privilege for the table associated with the trigger. (This statement requires the SUPER privilege prior to MySQL 5.1.6.)" In 5.1.6 and newer versions that notes from http://dev.mysql.com/doc/refman/5.0/en/stored-procedure-logging.html should apply as I supposed.