List:General Discussion« Previous MessageNext Message »
From:Mark Leith Date:August 16 2005 10:33am
Subject:RE: Why can't I revoke usage from user?
View as plain text  
Martin,

Comments in-line:

> -----Original Message-----
> From: Martijn Tonies [mailto:m.tonies@stripped] 
> Sent: 16 August 2005 10:35
> To: mysql@stripped
> Subject: Re: Why can't I revoke usage from user?
> 
> Gleb,
> 
> > Hello.
> >
> > 'USAGE' means that user doesn't have any privileges. Use 
> 'DROP USER'.
> > See:
> >   http://dev.mysql.com/doc/mysql/en/drop-user.html
> 
> I disagree here.
> 
> "drop user" will drop the user, revoking "usage" can be 
> something different.

You can't actually revoke USAGE, without dropping the user. 

> 
> If, for example, you do "grant usage on dbname.*" this is 
> different from then "just" a user without "usage" granted to 
> that database.

USAGE is a global level privilege, whilst you can "GRANT USAGE ON test.*
..", it's actually ignored. 

> 
> Besides, having a user without privileges might be useful as well :-)

Exactly what USAGE is for.. ;)

Here's a quick example:

mysql> create user frank;
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for frank;
+-----------------------------------+
| Grants for frank@%                |
+-----------------------------------+
| GRANT USAGE ON *.* TO 'frank'@'%' |
+-----------------------------------+
1 row in set (0.00 sec)

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| Tracking           |
| mysql              |
| test               |
+--------------------+
4 rows in set (0.00 sec)

mysql> grant usage on test.* to frank;
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for frank;
+-----------------------------------+
| Grants for frank@%                |
+-----------------------------------+
| GRANT USAGE ON *.* TO 'frank'@'%' |
+-----------------------------------+
1 row in set (0.00 sec)

mysql> revoke usage on *.* from frank;
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for frank;
+-----------------------------------+
| Grants for frank@%                |
+-----------------------------------+
| GRANT USAGE ON *.* TO 'frank'@'%' |
+-----------------------------------+
1 row in set (0.00 sec)

Mark

Mark Leith
Cool-Tools UK Limited
http://www.cool-tools.co.uk
http://leithal.cool-tools.co.uk 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.338 / Virus Database: 267.10.10/73 - Release Date: 15/08/2005
Thread
Why can't I revoke usage from user?Gu Lei16 Aug
  • Re: Why can't I revoke usage from user?Gleb Paharenko16 Aug
  • Re: Why can't I revoke usage from user?Martijn Tonies16 Aug
  • Re: Why can't I revoke usage from user?Martijn Tonies16 Aug
    • RE: Why can't I revoke usage from user?Mark Leith16 Aug
      • Re: Why can't I revoke usage from user?Martijn Tonies16 Aug