具有选择权限的MySQL用户仍然可以更新

Question

I have an OpenShift app with a MySQL database that I configured an ODBC connection for, such that users can use Access as a read only front end to the tables. I created such a user, but they are able to update data from the Access front end and it is reflected in the database. Here's what I did:

I created a user named 'reports', to be given read only access to only one schema, 'reviews'.

GRANT SELECT ON reviews.* TO reports@'%' IDENTIFIED BY `password`;

When I run

SELECT * FROM mysql.user WHERE user = 'reports';

I get all N's and 0's. I understand there's no 'Y' for "Select_priv" because it's not a global select priv, only on one schema, so I figured it was okay.

When I run

SHOW GRANTS FOR 'reports'@'%';

I get

GRANT USAGE ON . TO 'reports'@'%' IDENTIFIED BY PASSWORD 'stringstringstring'
GRANT SELECT ON 'reviews'.* TO 'reports'@'%';

Which I expected.

SELECT * FROM db where User = 'reports';

|Host|Db |User |Select_priv|Insert_priv|Update_priv|...
|% |reviews|reports|Y |N |N |...

But when I go into Access, edit some data, then ssh into the database and view the database, the UPDATES are working.

I am using rhc port-forward -a applicationname before I connect in Access, and I use rhc ssh applicationname to view the MySQL from the server.

Answer 1

There is a bug in Access where if you feed it a Data Source, then try to change it, it won't actually let go of your initial Data Source even though it has appeared to. I had initially set my Access DB up with an All Privileges account, then changed the Data Source to a read only account, but it continued to use my All Access account behind the scenes. Deleting the Data Source using odbcad32.exe proved this, as I just got connection errors, even though it said I was connected via my valid Read Only account. I created a new Access DB using the Read Only data source from the beginning and it worked as expected.