home support FAQ resources services partners contact us contact us
 MySQL Tutorial Previous  Next  
 

Grant Table Privilege Columns

The grant tables also contain privilege columns. These indicate which privileges are held by the user who matches the values listed in the scope columns. The privileges supported by MySQL are shown in the following lists, which show the administrative privileges and the privileges that control database and table access. Each list uses the privilege names that are used for the GRANT statement. For the most part, these privilege names bear an obvious resemblance to the names of privilege columns in the user, db, and host tables. For example, the SELECT privilege corresponds to the Select_priv column.

Administrative Privileges

The following privileges apply to administrative operations that control the operation of the server or a user's ability to grant privileges:

CREATE TEMPORARY TABLES

Allows you to create temporary tables with the CREATE TEMPORARY TABLE statement.

EXECUTE

Allows you to execute stored procedures. This privilege is currently unimplemented. It will come into effect when stored procedures are implemented in a future version of MySQL (currently scheduled for MySQL 5).

FILE

Allows you to tell the server to read or write files on the server host. To keep the use of this privilege within certain bounds, the server takes certain precautions:

You can access only files that are world-readable, and thus likely not to be considered protected in any way.

Any file that you want to write must not already exist. This prevents you from coercing the server into overwriting important files, such as /etc/passwd or database files in a database belonging to someone else. (If this constraint were not enforced, you could completely replace the contents of the grant tables in the mysql database, for example.)

Despite these precautions, this privilege should not be granted without just cause; it can be extremely dangerous, as discussed in the "Grant Table Risks to Avoid" section later in this chapter. If you do grant the FILE privilege, be sure not to run the server as the UNIX root user, because root can create new files anywhere in the file system. By running the server from an ordinary login account, the server can create files only in directories accessible to that account.
Previous  Next  
Link Partners: Asia florist, Flowers to India, Hong kong flowers, Site submit, Cheap web hosting, China florist, Japan florist