Re: DELETE FROM mysql.user?

[V. M. Brasseur]

"USAGE" is a synonym for "no privileges."  Yes, it's kind of a confusing 
term which implies "this user can use the system" when in fact the 
situation is exactly the opposite.

http://dev.mysql.com/doc/mysql/en/User_resources.html
Cheers,
--V
Mark C. Stafford wrote:
Should I care that USAGE still shows up after all rights have been
revoked? It feels like a potential security hole...

-- working around the system to ensure a clean environment
-- i feel like i shouldn't have to do this...but want to start with a
clean slate
DELETE FROM mysql.user WHERE user = 'jdoe';
DELETE FROM mysql.columns_priv WHERE user = 'jdoe';
DELETE FROM mysql.tables_priv WHERE user = 'jdoe';
DELETE FROM mysql.db WHERE user = 'jdoe';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'jdoe'@'192.168.%';
/*
[localhost -- root] ERROR 1141: There is no such grant defined for
user 'jdoe' on host '192.168.%'
*/
-- simulating new user
GRANT SELECT ON test.* TO 'jdoe'@'192.168.%' IDENTIFIED BY 'still-got-usage';
GRANT INSERT ON test.* TO 'jdoe'@'192.168.%';
GRANT UPDATE ON test.* TO 'jdoe'@'192.168.%';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'jdoe'@'192.168.%';
/*
+------------------------------------------------------------------------------------+
| Grants for [EMAIL PROTECTED]                                           
              |
+------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'jdoe'@'192.168.%' IDENTIFIED BY PASSWORD
'4a8930bb6abf3967' |
| GRANT SELECT, INSERT ON `test`.* TO 'jdoe'@'192.168.%'              
              |
+------------------------------------------------------------------------------------+
*/

-- simulating user's departure from organization
REVOKE SELECT ON test.* FROM 'jdoe'@'192.168.%';
REVOKE INSERT ON test.* FROM 'jdoe'@'192.168.%';
REVOKE UPDATE ON test.* FROM 'jdoe'@'192.168.%';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'jdoe'@'192.168.%';
/*
+------------------------------------------------------------------------------------+
| Grants for [EMAIL PROTECTED]                                           
              |
+------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'jdoe'@'192.168.%' IDENTIFIED BY PASSWORD
'4a8930bb6abf3967' |
+------------------------------------------------------------------------------------+
*/

--try it again, sam
REVOKE USAGE ON *.* FROM 'jdoe'@'192.168.%';
FLUSH PRIVILEGES;
SHOW GRANTS FOR 'jdoe'@'192.168.%';
/*
+------------------------------------------------------------------------------------+
| Grants for [EMAIL PROTECTED]                                           
              |
+------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'jdoe'@'192.168.%' IDENTIFIED BY PASSWORD
'4a8930bb6abf3967' |
+------------------------------------------------------------------------------------+
*/

--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe:    http://lists.mysql.com/[EMAIL PROTECTED]