#4142 Permission to 'all users' ignored by currentUserHasPrivilege()

4.0.8
invalid
None
5
2013-11-10
2013-10-21
No

We have added the TRIGGER privilieges to all user for a database but the trigger tab still don't appear (and going directly to its url redirect back to the default tab)

it appears to be a bug in currentUserHasPrivilege() the function return true only when GRANTEE match CURRENT_USER() but it should return true for ''@domain if CURRENT_USER() is 'user'@domain

Discussion

  • Margus Lind (modulo)

    I can take a look at this.

     
  • Marc Delisle

    Marc Delisle - 2013-10-23

    modulo, please do.

     
  • Margus Lind (modulo)

    Mathieu,

    How are your permissions set up?

    Firstly let me state that I'm not a specialist on internal database dynamics and might be wrong in the following, but researching (for) this bug has brought me to the following conclusion.

    If you have permissions for "Any" user they will be indeed in the form of ''@'host'. Slightly misleadingly this does not mean they are applied to all users. Instead those permissions will take action only if you log on from the specified host with a username that is not explicitly listed. Then you will get ''@'host' as your CURRENT_USER() and the currentUserHasPrivilege() function works as intended.

    Logging on with any other user (an explicitly listed user) you will be subject to only those permissions set for that user. The user will generally even not be able to see the permissions for ''@'host', only the ones for 'user'@'host'.

    This is a MySQL feature.

    If I'm not mistaken then this is not a bug and also not related to https://sourceforge.net/p/phpmyadmin/bugs/4140/

    Could someone with more experience please either confirm or deny this?

     
  • Marc Delisle

    Marc Delisle - 2013-11-10
    • assigned_to: Marc Delisle
     
  • Marc Delisle

    Marc Delisle - 2013-11-10

    I agree with modulo's analysis. Moreover, I have set up test users, to the best of my knowledge, based on Mathieu's description, and the test user is refused the CREATE TRIGGER command even if the anonymous (blank) user has this privilege on this database.

     
  • Marc Delisle

    Marc Delisle - 2013-11-10
    • status: open --> invalid
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks