Best IT Recipes

Why is "GRANT USAGE" created the first time I grant privileges to a user?

I am new to the DBMS administration side and today I am collecting a new database (using MySQL) when I noticed this. After granting the user privileges for the first time, another grant is created that looks like

GRANT USAGE on *.* TO user IDENTIFIED BY PASSWORD password

The documentation says that the USAGE privilege means "no privileges", so I assume that it provides the work hierarchically, and perhaps the user should have some privilege for all databases, so what does it serve for everyone?

I also do not understand why there is an IDENTIFIED BY in it when the grant I created does not have it (mainly because I do not understand what the IDENTIFIED BY consists of).

Edit: Sorry for not specifying this initially, the grants were

 GRANT ALL PRIVILEGES ON database.* TO admin_user GRANT SELECT, INSERT, UPDATE, DELETE ON database.* TO user
+60
database mysql privileges grant
Jan 24 '10 at 6:54
source share
3 answers

As you said, MySQL USAGE is synonymous with “no privileges”. From the reference guide :

USAGE privilege specifier means "no privilege". It is used globally with GRANT to change account attributes, such as resource restrictions or SSL characteristics, without affecting existing account privileges.

USAGE is a way to tell MySQL that an account exists without giving any real privileges to this account. They just have permission to use MySQL, so USAGE . It matches the row in the `mysql`.`user` table without any privileges.

The IDENTIFIED BY indicates that a password has been set for this user. How do we know who they are, who they are? They identify themselves by sending the correct password for their account.

A user password is one of those attributes of a global level account that are not tied to a specific database or table. It is also located in the `mysql`.`user` table. If the user does not have other ON *.* Privileges, they are given USAGE ON *.* , And their hash is displayed there. This is often a side effect of the CREATE USER statement. When a user is created in this way, they do not initially have privileges, so they are simply granted USAGE .

+93
Oct 19 2018-10-19
source share

I tried to find the value of GRANT USAGE on *.* TO and found here. I can make it clear that GRANT USAGE on *.* TO user IDENTIFIED BY PASSWORD password will be provided when you create the user using the following ( CREATE ) command:

 CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';

When you grant privileges with GRANT , new privileges will be added on top of it.

+5
Mar 15 '13 at 17:59
source share

In addition, mysql passwords, when the IDENTIFIED BY not used, can be null; if they are not null, they can be encrypted. But yes, USAGE used to change the account by providing simple resource limiters such as MAX_QUERIES_PER_HOUR , again this can also be indicated using the WITH clause, in combination with GRANT USAGE (no privileges added) or GRANT ALL , you can also specify GRANT USAGE to global level, database level, table level, etc ...

+3
Dec 18
source share


More articles:


All Articles