Only "grant usage", but can still select, drop, create?

I have a mysql user (I'll call) "user5" who only has "grant usage" (i.e. no privileges) in the output of "show grants", but can still do a select on database "app_db" (which is what I want, but I do understand how it has that privilege). There is no anonymous user. How can user5 be using its database with this configuration?

When logged in as user5:

mysql> show grants;
+--------------------------------------------------------------------------------------------------------------+
| Grants for user5@10.14.%                                                                                   |
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user5'@'10.14.%' IDENTIFIED BY PASSWORD '*long hash' |
+--------------------------------------------------------------------------------------------------------------+

When logged in as root, looking at the User table:

mysql> select User, Host, Select_priv from mysql.user;
+----------+---------------+-------------+
| User     | Host          | Select_priv |
+----------+---------------+-------------+
| root     | localhost     | Y           |
| root     | 127.0.0.1     | Y           |
| root     | 10.14.12.8    | Y           |
| user5    | 10.14.%       | N           |
| (other named non-root users)           |
+----------+---------------+-------------+

...yet, as user5, "select * from app_db.users" returns results.

Most likely, your user5 has database (i.e. schema) privileges, just not server-wide privileges. So look here.

USE app_db;
SHOW GRANTS FOR user5;

or check in the data dictionary for the same:

SELECT *
FROM INFORMATION_SCHEMA.SCHEMA_PRIVILEGES
WHERE GRANTEE LIKE '%user5%';

if not anything, then maybe also check

SELECT *
FROM INFORMATION_SCHEMA.TABLE_PRIVILEGES
WHERE GRANTEE LIKE '%user5%';

StackExchange Database Administrators Q#66584, answer score: 5