SQL with grant option restriction

Question

Give permission to user 206 to read and modify the faculty and class tables. This user can authorize others to read and modify class but not faculty.

For the first part to the questions I have:

GRANT 
    SELECT, INSERT, DELETE, UPDATE
ON 
    faculty, class
TO 
    U206;

I'm not sure how to authorize others to read only class and not faculty though. Is there a restriction to put on when using WITH GRANT OPTION?

peterm · Answer 1 · 2013-11-05T20:56:16.827

You should issue GRANTs separately for class and faculty tables and use WITH GRANT OPTION only when granting permissions on class

GRANT SELECT, INSERT, DELETE, UPDATE ON class TO u206 WITH GRANT OPTION;
                                                      ^^^^^^^^^^^^^^^^^
GRANT SELECT, INSERT, DELETE, UPDATE ON faculty TO u206;

Now if we login as u206 we'll be able to grant permissions on class to other users

mysql> grant select, insert, delete, update on class to u207;
Query OK, 0 rows affected (0.00 sec)

but won't be able to do the same on faculty table

grant select, insert, delete, update on faculty to u207;
ERROR 1142 (42000): GRANT command denied to user 'u206' for table 'faculty'

@user2957877 Did it help? Do you need more help with your question? — peterm, Nov 06 '13 at 13:28

SQL with grant option restriction

1 Answers1