Bug #20066 | DELETE w/ WHERE clause requires SELECT privilege | ||
---|---|---|---|
Submitted: | 25 May 2006 13:15 | Modified: | 29 May 2006 13:07 |
Reporter: | Carsten Pedersen | Email Updates: | |
Status: | Not a Bug | Impact on me: | |
Category: | MySQL Server | Severity: | S2 (Serious) |
Version: | 5.0.21-community-nt-log | OS: | Windows (Win XP) |
Assigned to: | CPU Architecture: | Any |
[25 May 2006 13:15]
Carsten Pedersen
[29 May 2006 13:39]
MySQL Verification Team
Below the explanation why delete..where does a select quoting PeterG: You are effectively selecting, that is, you can find out what the values of column 'i' are. For example, suppose you want to know what Joe's salary is. You say: DELETE FROM t WHERE name='Joe' AND salary < 10; /* Look to see how many rows were deleted. */ ROLLBACK; DELETE FROM t WHERE name='Joe' AND salary < 20; /* Look to see how many rows were deleted. */ ROLLBACK; ... and so on until you see that one row was deleted. Therefore it is normal to say that you need SELECT privilege on the columns that you use in a WHERE clause.