MySQL Privileges: Granting and Revoking

Published On: 29 March 2023.By Anupam Singh.

Data, AI & Analytics
Quality Engineering

MySQL Privileges: Granting and Revoking

MySQL privileges:

Refer to the rights or permissions that are granted to a user account or role to access and manipulate database objects such as tables, views, and stored procedures. Privileges determine what actions a user can perform on a specific object, such as SELECT, INSERT, UPDATE, or DELETE.

MySQL provides a comprehensive set of privileges that can be assigned to users, such as the ability to create or drop tables, manage user accounts, and execute administrative tasks. These privileges can be granted at the global, database, table, or column level, depending on the level of access required.

Some common MySQL privileges include:

SELECT: allows a user to read data from a table
INSERT: allows a user to insert data into a table
UPDATE: allows a user to modify existing data in a table
DELETE: allows a user to remove data from a table
CREATE: allows a user to create databases, tables, or views
DROP: allows a user to delete databases, tables, or views
GRANT: allows a user to grant or revoke privileges to other users

MySQL also provides the option to assign privileges to roles, which can simplify the management of user permissions by allowing multiple users to share the same set of privileges. Roles can be assigned to users and can be granted or revoked privileges as needed.

In summary: MySQL privileges are an essential aspect of managing access to a database and its objects. By carefully assigning privileges to users and roles, database administrators can ensure that users have the necessary access to perform their tasks while protecting sensitive data and maintaining the integrity of the database.

Grant Privilege MySQL:

In MySQL, the GRANT privilege is used to give a user account or role permission to perform specific actions on a database or its objects, such as tables, views, or stored procedures. The GRANT statement is used to specify the privileges to be granted, the user account or role that will receive the privileges, and the level at which the privileges will be granted (i.e., global, database, table, or column).

The basic syntax for the GRANT statement in MySQL is as follows:

GRANT privileges ON object TO user@host [WITH GRANT OPTION];

1	GRANT privileges ON object TO user@host [WITH GRANT OPTION];

“privileges” refers to the specific actions or operations that the user or role will be allowed to perform, such as SELECT, INSERT, UPDATE, DELETE, CREATE, or DROP.
“object” refers to the database or database object (table, view, or stored procedure) to which the privileges will be applied.
“user@host” identifies the user account or role that will receive the privileges. The “user” parameter specifies the username and the “host” parameter specifies the hostname or IP address of the machine from which the user will connect.
The optional “WITH GRANT OPTION” clause allows the user or role to grant the same privileges to other users or roles.

Here is an example of how to use the GRANT statement in MySQL to give a user account named “veer” permission to SELECT data from a table named “orders” in a database named “finance”:

GRANT SELECT ON finance.orders TO veer@'192.168.1.100';

1	GRANT SELECT ON finance.orders TO veer@'192.168.1.100';

This statement grants the SELECT privilege on the “orders” table in the “finance” database to the user account “veer” when connecting from the machine with IP address “192.168.1.100”.

In summary, the GRANT privilege in MySQL is a powerful tool that allows database administrators to control user access to databases and their objects and should be used with care to avoid granting excessive permissions to users.

Revoke Privilege:

In MySQL, the REVOKE statement is used to remove privileges that have been previously granted to a user account or role. The REVOKE statement specifies the privileges to be revoked, the user account or role that currently has the privileges, and the level at which the privileges were granted (i.e., global, database, table, or column).

The basic syntax for the REVOKE statement in MySQL is as follows:

REVOKE privileges ON object FROM user@host;

1	REVOKE privileges ON object FROM user@host;

“privileges” refers to the specific actions or operations that were previously granted to the user or role.
“object” refers to the database or database object (table, view, or stored procedure) from which the privileges will be revoked.
“user@host” identifies the user account or role that currently has the privileges. The “user” parameter specifies the username and the “host” parameter specifies the hostname or IP address of the machine from which the user is connecting.

Here is an example of how to use the REVOKE statement in MySQL to remove the SELECT privilege from a user account named “virat” on a table named “orders” in a database named “finance”:

REVOKE SELECT ON finance.orders FROM virat@'192.168.1.100';

1	REVOKE SELECT ON finance.orders FROM virat@'192.168.1.100';

This statement removes the SELECT privilege on the “orders” table in the “finance” database from the user account “virat” when connecting from the machine with IP address “192.168.1.100”.

It’s important to note that when revoking privileges, you should be careful not to remove privileges that are necessary for a user account or role to perform its intended functions. Revoking privileges can impact the ability of users to perform certain tasks, so it’s important to consider the implications of revoking a privilege before executing the REVOKE statement.

In summary, the REVOKE statement in MySQL is used to remove previously granted privileges from user accounts or roles and should be used judiciously to avoid unintended consequences.