Discussions
Categories
- 382.3K All Categories
- 2.1K Data
- 209 Big Data Appliance
- 1.9K Data Science
- 448K Databases
- 220.9K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 25 Multilingual Engine
- 520 MySQL Community Space
- 467 NoSQL Database
- 7.8K Oracle Database Express Edition (XE)
- 2.9K ORDS, SODA & JSON in the Database
- 492 SQLcl
- 3.9K SQL Developer Data Modeler
- 186.2K SQL & PL/SQL
- 21K SQL Developer
- 293.3K Development
- 7 Developer Projects
- 128 Programming Languages
- 290K Development Tools
- 95 DevOps
- 3K QA/Testing
- 645.5K Java
- 24 Java Learning Subscription
- 36.9K Database Connectivity
- 149 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.9K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 16 Java Essentials
- 144 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 198 Java User Groups
- 24 JavaScript - Nashorn
- Programs
- 266 LiveLabs
- 36 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.8K Other Languages
- 2.3K Chinese
- 166 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 230 Portuguese
MySQL Privilege Restriction Using Partial Revokes
MySQL version 5.7.32。
I have a user 'test'@'%' in MySQL database.
mysql> show grants for test;
+--------------------------------------------------------------------------------+
| Grants for [email protected]% |
+--------------------------------------------------------------------------------+
| GRANT SELECT ON *.* TO 'test'@'%' |
+--------------------------------------------------------------------------------+
mysql> desc employees.salaries;
+-----------+---------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------+---------+------+-----+---------+-------+
| emp_no | int(11) | NO | PRI | NULL | |
| salary | int(11) | NO | | NULL | |
| from_date | date | NO | PRI | NULL | |
| to_date | date | NO | | NULL | |
+-----------+---------+------+-----+---------+-------+
I want to revoke select privilege which on employees.salaries.salary.
mysql> revoke select(salary) on employees.salaries from test;
ERROR 1147 (42000): There is no such grant defined for user 'test' on host '%' on table 'salaries'
This privilege Cannot be revoked directly.
Is there any other way to achieve?
Thanks!
Answers
-
Your GRANT ALL to test for all tables provides that account with access to all schemas on the server.
If you want to keep test out of salaries but allow others, you first need to set up the grants on the employees.salaries table before blocking the test account. You have to do the equivalent of building the fence around the property before barring them or there is no way to block their access.
https://dev.mysql.com/doc/refman/8.0/en/grant.html#grant-column-privileges
Dave Stokes
MySQL Community Manager
