select version(), current_date; version() current_date 5.0.10a-beta-nt-log 2005-07-29 DROP DATABASE IF EXISTS db_datadict; create database db_datadict; CREATE USER 'user_1'@'localhost'; CREATE USER 'user_2'@'localhost'; GRANT UPDATE ON db_datadict.* TO 'user_1'@'localhost'; GRANT INSERT ON *.* TO 'user_2'@'localhost'; GRANT SELECT ON mysql.user TO 'user_1'@'localhost'; FLUSH PRIVILEGES; Problem! Here I expect more than only for user_1 -------------------------------------------------------- SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL USAGE NO 'user_2'@'localhost' NULL INSERT NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections localhost user_1 N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 localhost user_2 N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 SHOW GRANTS; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION add GRANT OPTION db_datadict.* to user_1 ---------------------------------------- GRANT UPDATE ON db_datadict.* TO 'user_1'@'localhost' WITH GRANT OPTION; Problem! Here I_m missing the for the GRANT OPTION for user_1 ------------------------------------------------------------------- SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL USAGE NO 'user_2'@'localhost' NULL INSERT NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections localhost user_1 N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 localhost user_2 N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 SHOW GRANTS; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION connect(localhost,user_1,,db_datadict,MYSQL_PORT,c:\\MySQL\\mysql-5.0\\mysql-test\\var\\tmp\\master.sock); SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL USAGE NO SHOW GRANTS; Grants for user_1@localhost GRANT USAGE ON *.* TO 'user_1'@'localhost' GRANT UPDATE ON `db_datadict`.* TO 'user_1'@'localhost' WITH GRANT OPTION GRANT SELECT ON `mysql`.`user` TO 'user_1'@'localhost' Now add SELECT on *.* to user_1 ------------------------------- root@localhost test GRANT SELECT ON *.* TO 'user_1'@'localhost'; SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL SELECT NO 'user_2'@'localhost' NULL INSERT NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections localhost user_1 Y N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 localhost user_2 N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 SHOW GRANTS; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION GRANT SELECT ON *.* TO 'user_1'@'localhost' WITH GRANT OPTION; SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL SELECT YES 'user_2'@'localhost' NULL INSERT NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections localhost user_1 Y N N N N N N N N N Y N N N N N N N N N N N N N N N 0 0 0 0 localhost user_2 N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 SHOW GRANTS; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION FLUSH PRIVILEGES; SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL SELECT YES 'user_2'@'localhost' NULL INSERT NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections localhost user_1 Y N N N N N N N N N Y N N N N N N N N N N N N N N N 0 0 0 0 localhost user_2 N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 SHOW GRANTS; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION user_1@localhost db_datadict SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL SELECT YES SELECT * FROM mysql.user WHERE user LIKE "%user%"; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections localhost user_1 Y N N N N N N N N N Y N N N N N N N N N N N N N N N 0 0 0 0 localhost user_2 N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 SHOW GRANTS; Grants for user_1@localhost GRANT SELECT ON *.* TO 'user_1'@'localhost' WITH GRANT OPTION GRANT UPDATE ON `db_datadict`.* TO 'user_1'@'localhost' WITH GRANT OPTION GRANT SELECT ON `mysql`.`user` TO 'user_1'@'localhost' connect(localhost,user_2,,db_datadict,MYSQL_PORT,c:\\MySQL\\mysql-5.0\\mysql-test\\var\\tmp\\master.sock); SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_2'@'localhost' NULL INSERT NO SHOW GRANTS; Grants for user_2@localhost GRANT INSERT ON *.* TO 'user_2'@'localhost' revoke privileges from user_1 ----------------------------- root@localhost test REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user_1'@'localhost'; SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL USAGE NO 'user_2'@'localhost' NULL INSERT NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections localhost user_1 N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 localhost user_2 N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 SHOW GRANTS; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION user_1@localhost db_datadict SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL USAGE NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; ERROR 42000: SELECT command denied to user 'user_1'@'localhost' for table 'user' SHOW GRANTS; Grants for user_1@localhost GRANT USAGE ON *.* TO 'user_1'@'localhost' user_1@localhost db_datadict CREATE TABLE db_datadict.tb_55 ( c1 TEXT ); ERROR 42000: CREATE command denied to user 'user_1'@'localhost' for table 'tb_55' user_1@localhost db_datadict SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL USAGE NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; ERROR 42000: SELECT command denied to user 'user_1'@'localhost' for table 'user' SHOW GRANTS; Grants for user_1@localhost GRANT USAGE ON *.* TO 'user_1'@'localhost' CREATE TABLE db_datadict.tb_66 ( c1 TEXT ); ERROR 42000: CREATE command denied to user 'user_1'@'localhost' for table 'tb_66' add ALL on db_datadict.* (and select on mysql.user) to user_1 ------------------------------------------------------------- root@localhost test GRANT ALL ON db_datadict.* TO 'user_1'@'localhost' WITH GRANT OPTION; GRANT SELECT ON mysql.user TO 'user_1'@'localhost'; SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL USAGE NO 'user_2'@'localhost' NULL INSERT NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections localhost user_1 N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 localhost user_2 N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 SHOW GRANTS; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION user_1@localhost db_datadict SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL USAGE NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections localhost user_1 N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 localhost user_2 N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 SHOW GRANTS; Grants for user_1@localhost GRANT USAGE ON *.* TO 'user_1'@'localhost' GRANT ALL PRIVILEGES ON `db_datadict`.* TO 'user_1'@'localhost' WITH GRANT OPTION GRANT SELECT ON `mysql`.`user` TO 'user_1'@'localhost' CREATE TABLE db_datadict.tb_56 ( c1 TEXT ); ERROR 42000: CREATE command denied to user 'user_1'@'localhost' for table 'tb_56' USE db_datadict; user_1@localhost db_datadict SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL USAGE NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections localhost user_1 N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 localhost user_2 N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 SHOW GRANTS; Grants for user_1@localhost GRANT USAGE ON *.* TO 'user_1'@'localhost' GRANT ALL PRIVILEGES ON `db_datadict`.* TO 'user_1'@'localhost' WITH GRANT OPTION GRANT SELECT ON `mysql`.`user` TO 'user_1'@'localhost' CREATE TABLE tb_57 ( c1 TEXT ); revoke privileges from user_1 ----------------------------- root@localhost test REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user_1'@'localhost'; FLUSH PRIVILEGES; SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL USAGE NO 'user_2'@'localhost' NULL INSERT NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; Host User Password Select_priv Insert_priv Update_priv Delete_priv Create_priv Drop_priv Reload_priv Shutdown_priv Process_priv File_priv Grant_priv References_priv Index_priv Alter_priv Show_db_priv Super_priv Create_tmp_table_priv Lock_tables_priv Execute_priv Repl_slave_priv Repl_client_priv Create_view_priv Show_view_priv Create_routine_priv Alter_routine_priv Create_user_priv ssl_type ssl_cipher x509_issuer x509_subject max_questions max_updates max_connections max_user_connections localhost user_1 N N N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 localhost user_2 N Y N N N N N N N N N N N N N N N N N N N N N N N N 0 0 0 0 SHOW GRANTS; Grants for root@localhost GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION user_1@localhost db_datadict SELECT * FROM information_schema.user_privileges WHERE grantee LIKE "%user%"; GRANTEE TABLE_CATALOG PRIVILEGE_TYPE IS_GRANTABLE 'user_1'@'localhost' NULL USAGE NO SELECT * FROM mysql.user WHERE user LIKE "%user%"; ERROR 42000: SELECT command denied to user 'user_1'@'localhost' for table 'user' SHOW GRANTS; Grants for user_1@localhost GRANT USAGE ON *.* TO 'user_1'@'localhost' CREATE TABLE db_datadict.tb_58 ( c1 TEXT ); USE db_datadict; ERROR 42000: Access denied for user 'user_1'@'localhost' to database 'db_datadict' CREATE TABLE db_datadict.tb_59 ( c1 TEXT ); root@localhost test DROP USER 'user_1'@'localhost'; DROP USER 'user_2'@'localhost'; DROP DATABASE IF EXISTS db_datadict;