Bug #40776 NO Privileges (insert,update,delete) for TEMPORARY table
Submitted: 17 Nov 2008 9:38 Modified: 1 Dec 2008 7:40
Reporter: mysql2006@mail.ru mysql2006@mail.ru Email Updates:
Status: Duplicate Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S2 (Serious)
Version:5.0.67-community-nt OS:Any
Assigned to: CPU Architecture:Any
Tags: temporary tables

[17 Nov 2008 9:38] mysql2006@mail.ru mysql2006@mail.ru
Description:
After create TEMPORARY table
client no have privileges
for insert, update, delete.

Privileges granted only after execute sql:
grant insert,update,delete on * to ulogin@hostname

For TEMPORARY table privileges "insert,update,delete" must be always in access.
For TEMPORARY table privileges client must have all privileges.
Please, also test select, alter, ... privileges.
Please!

How to repeat:
grant usage                   on * to ulogin@hostname;
grant select                  on * to ulogin@hostname;
grant create temporary tables on * to ulogin@hostname;
flush privileges;
_____________________________
drop TEMPORARY table if exists tmp;
CREATE TEMPORARY TABLE tmp1(npp char(3));
INSERT INTO tmp select "ppp";
update tmp set npp="nnn";
[21 Nov 2008 9:22] Sveta Smirnova
Please do not submit the same bug more than once. An existing bug report already describes this very problem. Even if you feel that your issue is somewhat different, the resolution is likely
to be the same. Because of this, we hope you add your comments to the original bug instead.

Thank you for your interest in MySQL.

Duplicate of bug #2317
[24 Nov 2008 8:56] mysql2006@mail.ru mysql2006@mail.ru
[10 Jan 2006 8:44] Valeriy Kravchuk: CREATE TEMPORARY TABLES gives you no privileges for temporary tables created. So, it is not a bug... But I see no reason for the current behaviour ... (http://bugs.mysql.com/bug.php?id=16254)

IT IS THE BUG!!! HOW to use TEMPORARY TABLES without ROOT privileges?
[24 Nov 2008 19:48] Valeriy Kravchuk
Bug #2317 (the one you quoted is also it's duplicate) is a verified feature request. Current behaviour is documented (so it is not a bug formally), but it should be changed in future versions.
[1 Dec 2008 7:40] mysql2006@mail.ru mysql2006@mail.ru
FOR [Valeriy Kravchuk ]
RUS:
1. V informix (i drugih) prava dostupa ne svayzani s ob'ektami dostupa
(v tom chisle s nalichiem Usera),
poetomu peresozdanie usera, tablits ili procedur ne porojdaet zadachu pereopredeleniya prav dospuda zanovo.

2. Poka net prav dostupa k vremennum tablitsam net vosmojnosti delat razgranichenie dostupa.

3. Prcedure and Function doljnu imet priznak "prava administratora" - t.e. ne zavisimo ot togo, kto "call procedure", esli ona sozdana s priznakom "prava administrator", to vse SQL v ney imeut vse prava. Konechno, sosdavat takuyu procedure ili function mojet tolko root.

Spasibo
[18 Sep 2009 16:06] MySQL Verification Team
Consolidating this and the related bugs as duplicates of bug #27480