From: http://dev.mysql.com/doc/refman/5.0/en/drop-database.html
...when a database is dropped, user privileges on the database are not automatically dropped.
So the question becomes, how do you revoke all privileges for all users on a MySQL DB? I imagine it's simple, but I'm surprised I haven't been able to find this anywhere.
REVOKE ALL PRIVILEGES ON *.* FROM '<user_name>'#'localhost';
REVOKE ALL PRIVILEGES ON *.* FROM '<user_name>'#'%';
Eg.:
REVOKE ALL PRIVILEGES ON *.* FROM 'jeffrey'#'localhost';
REVOKE ALL PRIVILEGES ON *.* FROM 'jeffrey'#'%';
You can revoke all privileges for a specific user with this syntax:
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] ...
FLUSH PRIVILEGES;
which drops all global, database, table, column, and routine privileges for the named user or users
Not sure if there's a way to do this for all users at once, though.
REVOKE ALL PRIVILEGES FROM '%'#'%';
The above could be dangerous as i suppose it will delete all the privileges from all the users including root
Modify it to:
REVOKE ALL PRIVILEGES FROM 'user'#'localhost';
or
REVOKE ALL PRIVILEGES FROM 'user'#'%';
before execute
I suppose you can do:
REVOKE ALL PRIVILEGES FROM '%'#'%';
FLUSH PRIVILEGES;
(Don't modify MySQL tables directly)
Related
MySQL v8
command line and with phpmyadmin
I am logged into mysql as root (FULL Privileges) and I am trying to assign ALL privileges on a specific database to a user.
It gives them all privileges but DOES NOT allow Administration GRANT on the database (See Attached)
This is the same result for direct command line or phpmyadmin
Any ideas please?
Thanks in advance
P
You must GRANT ALL PRIVILEGES ... WITH GRANT OPTION.
That means you grant all the privileges to the target user, as well as the privilege to grant those privileges to others.
Read https://dev.mysql.com/doc/refman/8.0/en/grant.html:
The optional WITH clause is used to enable a user to grant privileges
to other users. The WITH GRANT OPTION clause gives the user the
ability to give to other users any privileges the user has at the
specified privilege level.
To grant the GRANT OPTION privilege to an account without otherwise
changing its privileges, do this:
GRANT USAGE ON *.* TO 'someuser'#'somehost' WITH GRANT OPTION;
Im trying to remove all permissions for a user on a database.
REVOKE ALL PRIVILEGES ON database.* FROM 'user'#'%';
This just gives an error saying:
ERROR 1141 (42000): There is no such grant defined for user 'user' on host '%'
I am logged in as root user when running the query. And running show grants for user query shows that the user has permissions on all databases
Output from show grants query:
GRANT USAGE ON *.* TO 'user'#'%' IDENTIFIED BY PASSWORD 'xxxxxx'
Revoke statement has to match the grants issued. If grant is issued to *.*, you can only revoke *.* as well.
since SHOW GRANTS for 'user'#'%' shows a line like:
GRANT USAGE ON *.* TO 'user'#'%' IDENTIFIED BY PASSWORD 'xxxxxx'
You need to revoke that!
This should work:
REVOKE ALL PRIVILEGES ON *.* FROM 'user'#'%';
database.* denotes all tables in the "database" database
*.* denotes all tables in all databases
You can execute the below queries,
1) REVOKE ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TABLESPACE, CREATE TEMPORARY TABLES, CREATE USER, CREATE VIEW, DELETE, DROP, EVENT, EXECUTE, FILE, INDEX, INSERT, LOCK TABLES, PROCESS, REFERENCES, RELOAD, REPLICATION CLIENT, REPLICATION SLAVE, SELECT, SHOW DATABASES, SHOW VIEW, SHUTDOWN, SUPER, TRIGGER, UPDATE ON . FROM ‘user'#'%’;
OR
REVOKE ALL PRIVILEGES ON . FROM ‘user'#'%';
2) REVOKE GRANT OPTION ON . FROM ‘user'#'%';
Can someone explain the following command?
mysql> GRANT ALL PRIVILEGES ON *.* TO 'user1'#'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES
This gives the user specified later in the command all privileges.
http://dev.mysql.com/doc/refman/5.7/en/grant.html
ON *.*
Matches everything.
TO 'user1'#'localhost'
The user with name ‘user1’ on localhost which is to be granted the privileges.
WITH GRANT OPTION
The GRANT OPTION privilege enables you to give to other users or remove from other users those privileges that you yourself possess.
https://dev.mysql.com/doc/refman/5.6/en/privileges-provided.html#priv_grant-option
What could be the reason for the following cause. "I did press the revoke privileges button"
The REVOKE statement enables system administrators to revoke privileges from MySQL accounts.
With this, you deleted all the privileges of your user like global, database, table, column, and routine privileges for the user.
The database administrator must provide the privileges of your user with GRANT command.
GRANT ALL PRIVILEGES ON *.* TO 'myuser'#'%' WITH GRANT OPTION;
I accidentally did something a bit stupid and typed this into the mysql console:
mysql> grant all on myDB.* to root#'%' identified by 'root';
... and the db configuration is open to remote logins. Now I need to remove this grant but don't want to accidentally revoke all privileges for my root user and effectively lock myself out of the db as the db admin. What should I do?
First, verify that your root#localhost and/or root#127.0.0.1 users have access.
SHOW GRANTS FOR root#localhost;
SHOW GRANTS FOR root#127.0.0.1;
You should see within the result set a line like GRANT ALL PRIVILEGES ON *.* to... Assuming that entry exists, you can safely remove the grant for root#'%' from the mysql database:
REVOKE all on myDB.* from root#'%';
FLUSH PRIVILEGES;
Assuming you don't want the root#'%' user to exist either:
DROP USER root#'%';
Use:
SHOW GRANTS FOR 'root'#'%';
To see all the permission that root has.
Then, to remove specific permissions:
REVOKE SELECT FROM root#'%'
There's more here.
one thing you can do is to go through mysql.user to remove the offending line only, and flush privileges