can mysql revoke indirect privilege

40 views Asked by At

imaging this case:

in the user root, grant a privilege to A

-- in root:
grant insert on school.students to 'userA'@'localhost' with grant option;

then A pass the privilege to B (A has grant)

-- in userA:
grant insert on school.students to 'userB'@'localhost';

now, if I switch back to root and revoke THAT privilege from A

-- in root:
revoke insert on school.students from 'userA'@'localhost';

finally I would find that the userB's insert privilege still exists.( but i hope it lost )

i wonder why mysql do such like this?

if in postgresSQL, B's privilege will lose if A's loses its privilege. Because is A that grant that privilege to B.

but mysql seems to do nothing. isn't there any security risk?

I know root can directly revoke that privilege from B by command line, but if the privilege chain in the system is so many, it would be hard to trace.

anyone can explain that?

thanks!!

0

There are 0 answers