Bug #49070 | WB creating strange GRANTs | ||
---|---|---|---|
Submitted: | 24 Nov 2009 20:53 | Modified: | 3 Feb 2010 13:04 |
Reporter: | Todd Farmer (OCA) | Email Updates: | |
Status: | Not a Bug | Impact on me: | |
Category: | MySQL Workbench: Administration | Severity: | S2 (Serious) |
Version: | 5.2 r4753 | OS: | Windows (XP) |
Assigned to: | CPU Architecture: | Any |
[24 Nov 2009 20:53]
Todd Farmer
[3 Dec 2009 21:58]
Alfredo Kojima
Why is granting specific privileges on system tables less safe than granting GLOBAL privileges for the entire system?
[3 Dec 2009 23:13]
Todd Farmer
I think the question really needs to be; what use case requires direct manipulation of the mysql system tables? For example, what would require direct access to the mysql.user table that the GRANT privilege cannot accomplish? The only thing I can really think of here is backup of system tables, but these aren't part of the backup role.
[2 Feb 2010 16:30]
Alfredo Kojima
We need to perform direct manipulation on the mysql user tables to be able to support security admin in WB. GRANT OPTION alone is not enough as we need to do call DESCRIBE to view the available privs, and directly select and update the tables in the mysql schema for some operations. It's not viable to perform all possible changes by turning them into grant commands.