Summary: in this tutorial, you will learn how to use MySQL REVOKE statement to revoke privileges from MySQL accounts. We are highly recommend that you follow the tutorials below to have a better understanding of how MySQL REVOKE works:
MySQL REVOKE SyntaxIn order to revoke privileges from an account, you use the MySQL REVOKE statement. The syntax of MySQL REVOKE statement is as follows:
REVOKE privilege_type [(column_list)] [, priv_type [(column_list)]]...
ON [object_type] privilege_level
FROM user [, user]...
Let’s examine the MySQL REVOKE statement in more detail.
In order to revoke privileges from an account, you must have GRANT OPTION privilege and privileges that you are revoking. To revoke all privileges, you use the following MySQL REVOKE syntax:
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user]…
To execute the above command, you must have the global CREATE USER privilege or the UPDATE privilege for the mysql database. To revoke proxy user, you use the REVOKE PROXY command as follows:
REVOKE PROXY ON user FROM user [, user]...
A proxy user is a valid user in MySQL who can impersonate as another user therefore the proxy user has all privileges of the user that it impersonates. Before revoking privileges of a user, it is good practice to check if the user has the privileges by using the SHOW GRANTS statement as follows:
SHOW GRANTS FOR user;
MySQL REVOKE examplesSuppose rfc account has privileges SELECT, UPDATE and DELETE in the classicmodels sample database . If you want to revoke UPDATE and DELETE privileges from the rfc account, you can do so as follows: First, you check the privileges of rfc account using SHOW GRANTS statement:
SHOW GRANTS FOR 'rfc'@'localhost';
GRANT SELECT, UPDATE, DELETE ON 'classicmodels'.* TO 'rfc'@'localhost'
If you have not followed the previous tutorial on granting privileges to user, you can first grant the SELECT, UPDATE and DELETE privileges for rfc account that connects from localhost to the classicmodels database as follows:
GRANT SELECT, UPDATE, DELETE ON classicmodels.* TO 'rfc'@'localhost';
Second, you can revoke the UPDATE and DELETE privileges from the rfc account:
REVOKE UPDATE, DELETE ON classicmodels.* FROM 'rfc'@'localhost';
Third, you can check the privileges of the rfc account again using the SHOW GRANTS command.
SHOW GRANTS FOR 'rfc'@'localhost';
GRANT SELECT ON 'classicmodels'.* TO 'rfc'@'localhost'
If you want to revoke all privileges of the rfc account, you run the following command:
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'rfc'@'localhost';
If you check the privileges of the rfc account again, you will see the rfc account has no privilege.
SHOW GRANTS FOR 'rfc'@'localhost';
GRANT USAGE ON *.* TO 'rfc'@'localhost'
Note that USAGE privilege means no privileges in MySQL. When MySQL REVOKE takes effectThe effect of MySQL REVOKE statement depends on the privilege level as follows:
In this tutorial, you’ve learned how to use MySQL REVOKE statement to revoke privileges from MySQL accounts. (责任编辑:IT) |