DBMS allows the admin to grant table access to a user using something like:
GRANT ALL ON mydb.mytbl1, mydb.mytbl2 TO 'someuser'@'somehost';
However, is it possible to grant all tables to a user and explicitly block access to some of them? For example (The BLOCK key word is a fake one and is only used for illustration.):
GRANT ALL ON mydb.* TO 'someuser'@'somehost';
BLOCK ALL ON mydb.mytbl3 TO 'someuser'@'somehost';
Another idea is to add a where clause to the GRANT statement. However, it seems that the GRANT statement syntax does not allow that (http://dev.mysql.com/doc/refman/5.1/en/grant.html) .
This kind of access control might be convenient if the admin trust the user in most cases (e.g. 1000 tables) and only want to block access to a small number of top sensitive tables.
Could you please tell me whether such kind of mechanism exists?
Asked by ZillGate
(133 rep)
Jun 24, 2014, 07:26 PM
Last activity: Feb 26, 2025, 05:22 PM
Last activity: Feb 26, 2025, 05:22 PM