debugsqlMinor
Unable to remove permission for mysql.user
Viewed 0 times
userpermissionunableremovemysqlfor
Problem
I am trying to remove permission from mysql user to not be able to delete specific database. But if i run this command:
or this
I get this error
ERROR 1141 (42000): There is no such grant defined for user 'demo' on host 'localhost'
test is the name of the databse.
The permissions for demo user are this:
Also, when i login as user demo i am able to delete the database test.
Why i am getting this error when i try to remove the permissions from user demo?
revoke all privileges on test.* from 'demo'@'localhost';or this
revoke drop on test.* from 'demo'@'localhost';I get this error
ERROR 1141 (42000): There is no such grant defined for user 'demo' on host 'localhost'
test is the name of the databse.
The permissions for demo user are this:
mysql> show grants for demo@'localhost';
+----------------------------------------------------------------------------------------------------------------------+
| Grants for demo@localhost |
+----------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'demo'@'localhost' IDENTIFIED BY PASSWORD '*C142FB215B6E05B7C134B1A653AD4B455157FD79' |Also, when i login as user demo i am able to delete the database test.
Why i am getting this error when i try to remove the permissions from user demo?
Solution
There is a big reason for this. There are four levels of grants in MySQL
When you ran
mysqld read the grants and saw
When you ran
mysqld looked for the grants, not in
You cannot yank grants on individual database from a user with global grants.
- Global (stored in
mysql.user)
- Database (stored in
mysql.db)
- Table (stored in
mysql.tables_priv)
- Column (stored in
mysql.columns_priv)
When you ran
show grants for demo@'localhost';mysqld read the grants and saw
demo@'localhost' in mysql.userWhen you ran
revoke all privileges on test.* from 'demo'@'localhost';mysqld looked for the grants, not in
mysql.user, but mysql.db.You cannot yank grants on individual database from a user with global grants.
Code Snippets
show grants for demo@'localhost';revoke all privileges on test.* from 'demo'@'localhost';Context
StackExchange Database Administrators Q#107239, answer score: 5
Revisions (0)
No revisions yet.