It is possible to grant select all columns in table except one for user?
I tried to search any way to do this and read some docs, but can`t find solution
For example, you want to grant update privilege on ename column only, then give the following statement (where xyz is the username)
grant update (ename) on emp to xyz;
You have to name all the other columns, which could be tedious if it is a large table.
GRANT SELECT(col1,...,col99)
ON table_name
TO user_name
My MySQL database version is 5.6.35 and I use InnoDB.
I want to remove the Delete and Drop Table permissions of the user U1 from the table T1 in the db1 database.
The operating instructions are as follows:
Revoke delete,drop on db1.T1 from U1;
No error message appeared after execution.
But after execution, the user U1 can still use the DELETE command to delete the data row in the data table T1.
You can also use the DROP TABLE command to delete the data table T1.
Thanks for replying.
For a user in MySQL 5.6, can I limit the privileges to the point where the user can have delete, update privileges but
The user cannot update the whole table (no update without a where clause)
The user cannot delete the whole table (no delete without a where clause)
I am creating a fresh schema for a new project, My basic requirements are 2 users with different privileges. One is a regular user and have minimum privileges and other is the administrator who have some elevated privileges than the regular user.
I am taking this scenario for the instance:
basicUser have INSERT Privilege over Table1 butNOPrivilege over Table2 and Table3
adminUser have INSERT Privilege over All the tables
Now, Table1 have a Trigger defined for INSERT option which INSERT the records into Table2 and Table3 taking the values from Table1 as soon as the record is inserted into table1.
I am wondering whether the trigger will work when basicUser insert the data into Table1 ?
Remember He can insert the data in Table1 but He have no privilege over other tables being populated by the trigger, and this trigger is raised by basicUser's action.
My first guess is Yes! This should work. but I am not sure. Please correct me if I am wrong.
If yes, then is there any way I can prevent the trigger's action if the record is inserted by basicUser ?
I'll need a fail-safe workaround because I still need Table1 to hold the record inserted by basicUser but I dont want it to insert the data into other tables.
and if No, Then is there any way I can log some of basicUser's action, bearing in mind that He have No privilege over the table which is being used for storing logs ?
This question was originally using MySQL 5.1.44, but is applicable to MySQL 8.0+ too.
Let's say I have a table with records inserted by different users of my application. How can I give a specific user access to only see his/her records in that table? I've thought about creating a VIEW with his/her records, but I don't know how to create a MySQL user that can only see that VIEW.
So, is it possible to create a MySQL user that only has access to a single VIEW? Can this user also be made so they read-only access to that VIEW?
Thanks!
PS: What I call users in my example are really subsidiary offices that want to access their records with their own applications.
GRANT SELECT ON database1.view1 TO 'someuser'#'somehost';
Besides
GRANT SELECT ON <database_name>.<view_name>
TO <user>#<host>
it's better to also do
GRANT SHOW VIEW
ON <database_name>.<view_name> TO <user>#<host>
so that a lot of SQL UI tool can get the view definition and work appropriately for the view.
I believe the original question is actually asking how to limit the rows to those owned by a given user. (The idea of creating one view per user, and then granting just that, seems like a workaround.)
You can do this by inserting the user() reference into the data table, and then filtering on that.
Using MySQL 5.6. Create a view that limits SELECT to just records owned by the current user:
-- check the current user
select user();
create table t1 (myId int, mydata varchar(200), myName varchar(200));
insert t1 select 1, 'my data yes', user();
insert t1 select 2, 'my data yes2', user();
insert t1 select 3, 'my data no', 'joe';
select * from t1;
create or replace view v1 AS
select * from t1 where myName = user();
select * from v1;
GRANT SELECT ON <database name>.<view name>
TO <user>#<host> IDENTIFIED BY '<password>'
Source: MySQL Documentation
If you want to make the view read only which I suspect you do. Then you should create the view with the ALGORITHM = TEMPTABLE clause.
This will make the view read only virtue of it having to create a temp table.
Another way to achieve read only and this is depends on your data is to stick an aggregate function. For example if you have a view which is based on a table and shows all columns then you can stick a distinct onto the select.