MySQL Grant authorization

Source: Internet
Author: User
Tags mysql index mysql view

The simple format that MySQL gives to user rights commands can be summarized as:

Grant permissions on database object to user

A grant general data user, the right to query, insert, UPDATE, delete all table data in the database.

Grant Select on testdb.* to [email protected] '% '
Grant insert on testdb.* to [email protected] '% '
Grant update on testdb.* to [email protected] '% '
Grant Delete on testdb.* to [email protected] '% '

Alternatively, replace it with a MySQL command:

Grant SELECT, INSERT, UPDATE, delete on testdb.* to [email protected] '% '

II. Grant Database Developer, creating tables, indexes, views, stored procedures, functions ... and other permissions.

Grant creates, modifies, and deletes MySQL data table structure permissions.

Grant create on testdb.* to [email protected] ' 192.168.0.% ';
Grant ALTER on testdb.* to [email protected] ' 192.168.0.% ';
Grant drop on testdb.* to [email protected] ' 192.168.0.% ';

Grant operates MySQL foreign key permissions.

Grant references on testdb.* to [email protected] ' 192.168.0.% ';

Grant operates MySQL temp table permissions.

Grant create temporary tables on testdb.* to [email protected] ' 192.168.0.% ';

Grant operates MySQL index permissions.

Grant index on testdb.* to [email protected] ' 192.168.0.% ';

Grant operates the MySQL view, viewing the view source code permissions.

Grant CREATE view on testdb.* to [email protected] ' 192.168.0.% ';
Grant Show view on testdb.* to [email protected] ' 192.168.0.% ';

Grant operates MySQL stored procedures, function permissions.

Grant create routine on testdb.* to [email protected] ' 192.168.0.% '; --now, can show procedure status
Grant alter routine on TESTDB.* to [email protected] ' 192.168.0.% '; --now, can drop a procedure
Grant execute on testdb.* to [email protected] ' 192.168.0.% ';

Grant General DBA manages permissions for a MySQL database.

Grant all privileges on TestDB to [email protected] ' localhost '

Where the keyword "privileges" can be omitted.


Grant Advanced DBA manages permissions for all databases in MySQL.

Grant all on * * to [email protected] ' localhost '

MySQL grant permissions can be used on multiple levels, respectively.

1. Grant acts on the entire MySQL server:

Grant SELECT On *. * to [email protected]; --DBAs can query tables in all databases in MySQL.
Grant all on * * to [email protected]; --DBA can manage all databases in MySQL

2. Grant acts on a single database:

Grant Select on testdb.* to [email protected]; --DBAs can query the tables in TestDB.

3. Grant acts on a single data table:

Grant SELECT, INSERT, UPDATE, delete on testdb.orders to [email protected];

Here, you can execute the above statement multiple times when you grant multiple tables to a user. For example:

Grant Select (user_id,username) on smp.users to [e-mail protected] '% ' identified by ' 123345 ';
Grant Select on smp.mo_sms to [email protected] '% ' identified by ' 123345 ';


4. Grant acts on the columns in the table:

Grant Select (ID, SE, rank) on testdb.apache_log to [email protected];

5. Grant acts on stored procedures, functions:

Grant execute on procedure testdb.pr_add to ' dba ' @ ' localhost '
Grant execute on function testdb.fn_add to ' dba ' @ ' localhost '

Vi. Viewing MySQL user rights

To view the current user (own) permissions:

Show grants;

To view additional MySQL user rights:

Show grants for [email protected];

Vii. revoke permissions that have been given to MySQL users.

Revoke is similar to Grant's syntax, just replace the keyword "to" with "from":

Grant all on * * to [email protected];
Revoke all on * * from [email protected];

Viii. MySQL Grant, REVOKE user rights considerations

1. Grant, after revoke user rights, the user has to reconnect to the MySQL database for the permission to take effect.

2. If you want to allow authorized users, you can also grant these permissions to other users, you need the option "grant option"

Grant Select on testdb.* to [e-mail protected] with GRANT option;

This feature is generally not available. In practice, database permissions are best managed centrally by DBAs.

*************************************************************************************************

Encountered SELECT command denied to user ' username ' @ ' hostname ' for table ' name ' This error, the workaround is to have the table name behind the authorization, that is, you want to authorize the core database.

I met the select command denied to the user ' my ' @ '% ' for table ' proc ', is the time to call the stored procedure, the original thought that as long as the specified database authorization on the line, what stored procedures, functions, etc. are no longer tube, Who knows also to have the database MySQL proc table authorized

*************************************************************************************************

There are 5 tables in the MySQL authorization table: User, DB, host, Tables_priv, and Columns_priv.

The contents of the authorization form are used as follows:
User table
The user table lists the users and their passwords that can connect to the server, and it specifies what global (superuser) permissions they have. Any permissions that are enabled on the user table are global permissions and apply to all databases. For example, if you have delete permission enabled, the users listed here can delete records from any table, so think carefully before you do so.

DB table
The DB table lists the databases, and the user has permission to access them. The permissions specified here apply to all tables in a database.

Host table
The host table is used in conjunction with the DB table to control access to the database for a particular host at a better level, which may be better than using DB alone. This table is not affected by the grant and REVOKE statements, so you may find that you are not using it at all.

Tables_priv table
The Tables_priv table specifies table-level permissions, and one of the permissions specified here applies to all columns of a table.

Columns_priv table
The COLUMNS_PRIV table specifies column-level permissions. The permissions specified here apply to a specific column of a table.

MySQL Grant authorization

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.