Re: Revoke all privileges on *.* doesn't work

Thu, 10 Mar 2005 08:03:48 -0800 

Nico Sabbi <[EMAIL PROTECTED]> wrote on 03/10/2005 10:46:37 AM:

> Hi,
> the documentation reads:
> 
> REVOKE /|priv_type|/ [(/|column_list|/)] [, /|priv_type|/ 
> [(/|column_list|/)]] ...
>     ON {/|tbl_name|/ | * | *.* | /|db_name|/.*}
>     FROM /|user|/ [, /|user|/] ...
> REVOKE ALL PRIVILEGES, GRANT OPTION FROM /|user|/ [, /|user|/] ...
> 
> 
> but it doesn't work, as you can see below:
> 
> 
> grant all privileges on *.* to user3;
> Query OK, 0 rows affected (0.00 sec)
> 
> mysql> show grants for user3;
> +--------------------------------------------+
> | Grants for [EMAIL PROTECTED]                         |
> +--------------------------------------------+
> | GRANT ALL PRIVILEGES ON *.* TO 'user3'@'%' |
> +--------------------------------------------+
> 1 row in set (0.00 sec)mysql> show variables like 'version';
> +---------------+----------------+
> | Variable_name | Value          |
> +---------------+----------------+
> | version       | 4.0.21-Max-log |
> +---------------+----------------+
> 1 row in set (0.00 sec)
> 
> 
> 
> mysql> revoke all privileges on *.* from user3;
> Query OK, 0 rows affected (0.00 sec)
> 
> mysql> show grants for user3;
> +-----------------------------------+
> | Grants for [EMAIL PROTECTED]                |
> +-----------------------------------+
> | GRANT USAGE ON *.* TO 'user3'@'%' |
> +-----------------------------------+
> 1 row in set (0.00 sec)
> 
> mysql> flush privileges;
> Query OK, 0 rows affected (0.09 sec)
> 
> mysql> show grants for user3;
> +-----------------------------------+
> | Grants for [EMAIL PROTECTED]                |
> +-----------------------------------+
> | GRANT USAGE ON *.* TO 'user3'@'%' |
> +-----------------------------------+
> 1 row in set (0.00 sec)
> 
> 
> mysql> show variables like 'version';
> +---------------+----------------+
> | Variable_name | Value          |
> +---------------+----------------+
> | version       | 4.0.21-Max-log |
> +---------------+----------------+
> 1 row in set (0.00 sec)
> 
> 
> 
> what am I doing wrong?
> 
> Thanks,
> 
> -- 
> Nico Sabbi - Officine Digitali - Bologna
> Tel. 051 - 4187565

'USAGE' is what permission you have when you can log into the server but 
do nothing else.  The table that controls global permissions also contains 
the user's login and password. When you REVOKE ALL ... on a user you don't 
delete that user's row from this table, you set every permission column to 
'N'. If you had deleted the record for that user then you would not have 
been able to do a "SHOW GRANTS FOR user3" as it would no longer exist in 
the system.

Run this query and you will see what I mean:

SELECT * from mysql.user where user='user3';

Shawn Green
Database Administrator
Unimin Corporation - Spruce Pine

Reply via email to