Bug #9734 GRANT USAGE TO ... ON db.* should not be accepted
Submitted: 7 Apr 2005 22:14 Modified: 11 Apr 2005 20:00
Reporter: Carsten Pedersen Email Updates:
Status: Can't repeat Impact on me:
None 
Category:MySQL Server Severity:S3 (Non-critical)
Version:4.1.7-max;4.1.10;others OS:Linux (Linux, Windows)
Assigned to: CPU Architecture:Any

[7 Apr 2005 22:14] Carsten Pedersen 
Description:
GRANT allows constructs such as 

  GRANT USAGE ON test.* TO testuser@localhost

Granting USAGE on anything but the global level makes no sense; granting on the db level also creates havoc with commands such as SHOW GRANTS (which displays it as if it's on the global level) and DROP USER (which refuses to do so). Apparently, these expect only global-level privileges.

How to repeat:
See above. Note that an entry is created in the mysql.db table

Suggested fix:
Disallow granting of USAGE on anything but the global level
[11 Apr 2005 19:51] Jorge del Conde 
Carsten, having SHOW GRANTS display the USAGE entry on the global level is correct, as it impliciltly creates an entry in mysql.host.  This basically means the user nas no privileges.
[11 Apr 2005 20:00] Jorge del Conde 
Sorry, I meant mysql.user, not mysql.host