Using standard SQL - have have done this repeatedly in PosgresQL and Oracle - I wish to grant a SELECT to all tables in schema1 except secret to user1
grant select on schema1.* to user1;
revoke select on schema1.users from user1;
Received error:
ERROR 1147 (42000): There is no such grant defined for user 'user1' on host '%' on table 'secret'
What am I doing wrong?
Evidently this is standard MySQL behavior!!
Makes it easier to understand the lack of security sophistication in apps using MySQL - to set up correct user security in MySQL is insanely difficult.
Nothing. MySQL doesn't expand the schema1.* wildcard to the individual tables, nor does it store "exceptions". The permissions tables store the granted permissions. Therefore, since you didn't actually grant anything on schema1.users, there's nothing for MySQL to revoke. It just comes down to how MySQL handles permissions.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With