Currently I perform a manual two-step procedure to get the grants information for all the users.
Step 1:
SELECT user, host FROM mysql.user;
Step 2:
SHOW GRANTS FOR '«user»'#'«host»'; -- Repeated for all user-host pairs.
Is there a single command to give me this information?
You should be able to retrieve privileges for all users from information_schema:
select grantee, group_concat(privilege_type) from information_schema.user_privileges group by grantee
Related
Can I use wildcards to see the grants of all users in MySQL 8.0 ?
SHOW GRANTS FOR '%'#'%'; doesn't work.
I 've had exported all the SHOW GRANT statements for all users into a text like this:
SELECT CONCAT('SHOW GRANTS FOR ''',user,'''#''',host,''';') FROM mysql.user WHERE mysql.user.user NOT IN ('mysql.infoschema','mysql.session','mysql.sys') INTO outfile '/var/lib/mysql-files/show_grants.txt';
but I don't know how to use it in order to create a table with 2 columns (1 for the user and 1 for the grants).
Is there a query (not a stored procedure or a command) which can be executed to retrieve list of privileges for objects (Tables, Views, Stored Procedures, Functions & Triggers) and users for a particular database (require following columns -- Schema name, Object type, Object name, Permission)?
MySQL --
Tried this but require a consolidate query -- SHOW GRANTS FOR 'root'#'localhost';
Oracle --
Tried this SELECT * FROM DBA_TAB_PRIVS but it provides for tables and views only
MariaDB --
SQL --
As of Oracle (I don't know other databases; by the way, I believe you wrongly used the sql tag. It is the language, while the database you're probably talking about is named the MS SQL Server), remember that you can ask the Dictionary. For example:
SQL> select * From dictionary where lower(comments) like '%grant%';
TABLE_NAME COMMENTS
-------------------- -------------------------------------------------------
<snip>
USER_ROLE_PRIVS Roles granted to current user
USER_SYS_PRIVS System privileges granted to current user
USER_TAB_PRIVS Grants on objects for which the user is the owner, gran
tor or grantee
USER_TAB_PRIVS_MADE All grants on objects owned by the user
USER_TAB_PRIVS_RECD Grants on objects for which the user is the grantee
<snip>
20 rows selected.
SQL>
Saying that DBA_TAB_PRIVS (which displays info for the whole database; I'm running this from an ordinary user, not a DBA) shows only tables and views, well - you are wrong. It displays procedures as well. How do I know?
This is my procedure and I'll grant execute privilege to mike:
SQL> select object_name, object_type from user_procedures where object_name = 'P_TEST';
OBJECT_NAME OBJECT_TYPE
--------------- -------------------
P_TEST PROCEDURE
SQL> grant execute on p_test to mike;
Grant succeeded.
What do I see?
SQL> select grantee, owner, table_name, privilege
2 from user_tab_privs
3 where table_name = 'P_TEST';
GRANTEE OWNER TABLE_NAME PRIVILEGE
---------- ---------- -------------------- ----------
MIKE SCOTT P_TEST EXECUTE
SQL>
Here it is. So yes, you were wrong.
Looking for a query to find all users who have a given permission (EG execute) for a given database.
Rationale: cleaning up ancient stored procedures and want to know who might be using them.
I can imagine a plug-n-chug SP where I loop through all the values returned from "show grants for xxx" but I'm hoping there is a better way.
select * from mysql.user where `Execute_priv` = 'Y'
Replace Execute_priv with the column name of the other priviledges you're after
For privileges on a DB by DB basis, try querying the mysql.db table:
select * from mysql.db where `Db` = 'databasename' and `Execute_priv` = 'Y'
I want to implement privileges in phpmyadmin, at table level. I want certain columns only to be shown to the user.
Here is the query I used.
REVOKE ALL PRIVILEGES ON `resource_test`.`resources` FROM 'test_user'#'%';
GRANT SELECT (`resource_id`, `first_name`) ON `resource_test`.`resources` TO 'test_user'#'%'WITH GRANT OPTION;
But I am unable to select only selected fields/columns.
Is it possible to only show the user a few number of columns only?
For your information i m using MySQL - 5.1.50
ya it is possible.
GRANT SELECT (columnname) ON person TO SomeOne
Refer DOCS
yes
GRANT select(col1, col2,...) On tbl To user
something like
GRANT select (id,name) ON Users To scott
where id and name are cols in table Users
To allow someuser to do SELECTs on mydb, I can execute the following statement:
GRANT SELECT ON mydb.* TO 'someuser'#'somehost';
Suppose that I want allow SELECTs on only two tables: event and event_detail.
I guess I can do the following:
GRANT SELECT ON mydb.event TO 'someuser'#'somehost';
GRANT SELECT ON mydb.event_detail TO 'someuser'#'somehost';
Would the following also work? (Supposing no other tables are matched)
GRANT SELECT ON mydb.event* TO 'someuser'#'somehost';
No - wildcards can only be used for entire table or database names.
You'll have to either type the grant statement for every table explicitly, or write a script or program to do it for you.
Based on the GRANT syntax:
GRANT
... priv_level ...
priv_level:
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
| db_name.routine_name
So I guess you can't. You can, anyway, use the INFORMATION_SCHEMA to find those tables with the name prefix you desire, and then iterate through them.