Table of Contents
Advertisement
The
and
DEFINER
SQL SECURITY
access privileges for the view when a statement is executed that references the view. These clauses
were addded in MySQL 5.0.13, but have no effect until MySQL 5.0.16. The legal
characteristic values are
held by the user who defined or invoked the view, respectively. The default
DEFINER.
If a
value is given for the
user
'user_name'@'host_name'
or
[959]. The default
CURRENT_USER()
statement. This is the same as specifying
If you specify the
DEFINER
• If you do not have the
specified literally or by using
account.
• If you have the
SUPER
account does not actually exist, a warning is generated.
• Although it is possible to create a view with a nonexistent
the view is referenced if the
exist.
For more information about view security, see
Views".
Within a view definition,
of MySQL 5.0.24. For older versions, and for views defined with the
characteristic,
CURRENT_USER
user auditing within views, see
Within a stored routine that is defined with the
[959]
CURRENT_USER
a routine, if the view definition contains a
As of MySQL 5.0.16 (when the
privileges are checked like this:
• At view definition time, the view creator must have the privileges needed to use the top-level objects
accessed by the view. For example, if the view definition refers to table columns, the creator must
have some privilege for each column in the select list of the definition, and the
privilege for each column used elsewhere in the definition. If the definition refers to a stored function,
only the privileges needed to invoke the function can be checked. The privileges required at function
invocation time can be checked only as it executes: For different invocations, different execution
paths within the function might be taken.
• The user who references a view must have appropriate privileges to access it
select from it,
INSERT
• When a view has been referenced, privileges for objects accessed by the view are checked against
the privileges held by the view
characteristic is
SECURITY
• If reference to a view causes execution of a stored function, privilege checking for statements
executed within the function depend on whether the function
or INVOKER. If the security characteristic is DEFINER, the function runs with the privileges
DEFINER
of the
account. If the characteristic is INVOKER, the function runs with the privileges
DEFINER
determined by the view's
CREATE VIEW
clauses determine which MySQL account to use when checking
and INVOKER. These indicate that the required privileges must be
DEFINER
clause, it should be a MySQL account specified as
DEFINER
(the same format used in the
DEFINER
DEFINER = CURRENT_USER
clause, these rules determine the legal
[578]
privilege, the only legal
SUPER
CURRENT_USER
[578]
privilege, you can specify any syntactically legal account name. If the
SQL SECURITY
[959]
CURRENT_USER
[959]
returns the account for the view's invoker. For information about
Section 6.3.8, "SQL-Based MySQL Account Activity
returns the routine's
DEFINER
DEFINER
and
DEFINER
[577]
to insert into it, and so forth.)
account or invoker, depending on whether the
DEFINER
or INVOKER, respectively.
DEFINER
characteristic.
SQL SECURITY
1053
Syntax
GRANT
value is the user who executes the
DEFINER
value is your own account, either
user
[959]. You cannot set the definer to some other
DEFINER
value is
but the definer account does not
DEFINER
Section 18.5, "Access Control for Stored Programs and
returns the view's
DEFINER
SQL SECURITY INVOKER
SQL SECURITY DEFINER
value. This also affects a view defined within such
value of
CURRENT_USER
clauses were implemented), view
SQL SECURITY
SQL SECURITY
SQL SECURITY
SQL SECURITY
statement),
CURRENT_USER
CREATE VIEW
explicitly.
user values:
account, an error occurs when
value by default as
Auditing".
characteristic,
[959].
[578]
SELECT
(SELECT
[578]
SQL
characteristic is
value is
[959],
to
Advertisement
Chapters
Table of Contents
Troubleshooting
