Question
I have a database with many tables that are r/w accessible to the webapp service account, as well as admin account.
One particular table called foobarSettings stores API key for a 3d party service I consume. I would like to make that table r/o for webapp account, and write-only for admin. So that webapp can read it, but can't write. And admin can update it, but can't read it back.
I found two solutions for this problem:
Grant UPDATE/DELETE/INSERT to webapp account for all tables except foobarSettings and grant SELECT to admin account to all tables except foobarSettings. And then remove privs for those users at global level, and at the database levels.
create a separate schema for foobarSettings table.
Both of those solutions have some maintenance overhead.
Question: is there an easier way to setup this configuration?
Solution
According to the MySQL mailing list you can not deny and action to a table that has been granted to the database. Looks like you might have to set table level access per table.
From the mailing list post:
"You can't revoke SELECT privilege from the table if you grant privileges on the database. You can grant SELECT privilege on each table that you want to be visible to user instead."
Unfortunately this seems to be the only way atm.
https://stackoverflow.com/questions/22154915
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian