I was just thinking about the problem of allowing insert access only on temporary tables (to allow a 'report generator' task scratch space to work without letting them accidentally hose real data) when it occurred to me:

Why take the performance hit of checking permissions against temporary tables at all in the server? If temporary tables are per-session critters, then the fact that you can see a temporary table means you have the 'create temporary table' privilege, and you have already used it to create a table. So why not implicitly allow select/insert/update against any temporary tables you can see? There's no point in restricting access to a table no one else can use, and there's no point in giving a user permission to create a temporary table they aren't allowed to use for themselves.

Comments? Am I missing something about the security model that makes this an impractical idea? Or is this just a relic of MySQLs development history?

[p.s. I started a separate message thread about how to work around the specific problem and setup 'write' access just for the temp tables. No solutions yet. This thread is more generally about the hows and whys of security checks on temporary tables]