imaging this case:
in the user root, grant a privilege to A
-- in root:
grant insert on school.students to 'userA'@'localhost' with grant option;
then A pass the privilege to B (A has grant)
-- in userA:
grant insert on school.students to 'userB'@'localhost';
now, if I switch back to root and revoke THAT privilege from A
-- in root:
revoke insert on school.students from 'userA'@'localhost';
finally I would find that the userB's insert privilege still exists.( but i hope it lost )
i wonder why mysql do such like this?
if in postgresSQL, B's privilege will lose if A's loses its privilege. Because is A that grant that privilege to B.
but mysql seems to do nothing. isn't there any security risk?
I know root can directly revoke that privilege from B by command line, but if the privilege chain in the system is so many, it would be hard to trace.
anyone can explain that?
thanks!!