72

I understand how to create a new user with privileges, but what is the correct way to change privileges for users that are already created?

We are running a DB audit and some of the users have way more access then is needed. Plus I don't know the passwords for most of these MySQL users, so I don't want to delete them and create new ones.

T. Zengerink
  • 199
  • 5
  • 13
Clutch
  • 970
  • 1
  • 8
  • 13

2 Answers2

117

To list users:

select user,host from mysql.user;

To show privileges:

show grants for 'user'@'host';

To change privileges, first revoke. Such as:

revoke all privileges on *.* from 'user'@'host';

Then grant the appropriate privileges as desired:

grant SELECT,INSERT,UPDATE,DELETE ON `db`.* TO 'user'@'host';

Finally, flush:

flush privileges;

The MySQL documentation is excellent:

https://dev.mysql.com/doc/refman/8.0/en/access-control.html

culix
  • 551
  • 1
  • 3
  • 13
Warner
  • 23,440
  • 2
  • 57
  • 69
  • 3
    Well without revoke, it will be dublicates privileges; – Sergey Sep 27 '12 at 12:38
  • 12
    mysql documentation is near unreadable, this answer is much better – Timo Huovinen Mar 01 '16 at 10:02
  • I think (revoke all privileges on *.* from 'user'@'host'; ) should be (revoke all on *.* from 'user'@'host';) Thanks, – Nicholas Jul 12 '18 at 14:42
  • 2
    this answer is plain wrong "flush privileges" does not apply to privileges set with grant. the above process results in the user having no privilege at all between the moment the revoke and the grant queries are run, and additionally flushing the grants cache for no reason __ this would work if you perform regular queries against the mysql.user table rather than using grants and if the server does not crash or stop between the queries. – skullnobrains Aug 16 '18 at 09:48
  • How can it be done without leaving the user with no privileges during the gap? – Jimbali Feb 10 '22 at 10:30
0

without downtime you can do this (example for granting ALTER command):

UPDATE mysql.db
set Alter_priv='Y'
WHERE User='USER'

for any other privilege, see current user privileges and right columns to change:

SELECT *
FROM mysql.db
WHERE User='USER'
a.k
  • 101