Bug #73261 Revoke command not working as described in manual
Submitted: 10 Jul 2014 16:55 Modified: 11 Jul 2014 10:33
Reporter: Larry Madern Email Updates:
Status: Can't repeat Impact on me:
Category:MySQL Server Severity:S3 (Non-critical)
Version:5.1.61 OS:Linux
Assigned to: CPU Architecture:Any
Tags: access denied, grant, privileges, revoke

[10 Jul 2014 16:55] Larry Madern
MySQL ver 5.1.61 on redhat problem:
Agency dba has the following global privileges:
Select, Reload, Create User
Has following db privileges
All privileges on <dbname>.* with grant option

Is trying to execute
revoke all privileges on <dbname>.* from 'other user'@'localhost';
and is getting a 1044(42000) error saying Access denied for user to <dbname>.

The manual states only the global create user privilege is needed to use the above revoke syntax but yet it's still giving an access denied error.  What's going on?

How to repeat:
Have the above described privileges on a user account:
Global privs -- Select, Reload, Create User
DB privs -- all privleges with grant option

second id
global privs -- usage on *.*
db privs -- all privileges

first user account execute:
revoke all privileges from 'second id';
[10 Jul 2014 17:06] Larry Madern
*** mis-typed command ***
revoke all privileges on <dbname>.* from 'other user';
[10 Jul 2014 17:19] Larry Madern
Fixed by re-creating agency dba id with global privileges and flushing.
Something must have been messed up in the privilege tables.
[11 Jul 2014 10:33] MySQL Verification Team
Thanks for confirming about issue got fixed.
To use the first REVOKE syntax, you must have the GRANT OPTION privilege(global CREATE USER privilege or the UPDATE privilege for the mysql database), and you must have the privileges that you are revoking and most importantly revoke statement has to match the grants issued else it would complain too.

Please reference http://dev.mysql.com/doc/refman/5.1/en/revoke.html

Also, please use latest GA versions as we do not fix bugs that are not repeatable with current versions. Additionally version 5.1.61 is old and many bugs were fixed since. please upgrade to current version in 5.1/5.5/5.6, try with it and inform us if you can repeat this problem again.