Thursday, November 21, 2024
HomeHow ToHow to Get a List of Permissions of MySQL Users
How ToMySQL Tools

How to Get a List of Permissions of MySQL Users

dbForge Team
By dbForge Team
0
13076

MySQL has an advanced database access system. A database user can have access to the whole database, separate tables, or to separate columns of tables. Also, there is a restriction for actions a user may perform with records.

MySQL server uses several tables in a special database to organize such a complicated database access structure. The access policy is based on the values available in these tables.

Download a 30-day free trial version of dbForge Studio for MySQL

The database that MySQL server uses to store internal data about users is called mysql by default. There are tables for storing information about users’ accounts in this database:

  • user contains a list of all users of the MySQL server and their permissions to access the database;
  • db contains a list of databases with a matching list of database users and their privileges for executing operations;
  • tables_priv contains a list of database tables (views) that a user has access to;
  • columns_priv contains a list of columns from the database tables (views) a user has access to;
  • procs_priv contains a list of database procedures (functions) a user has access to.

To get the list of users’ privileges concerning data access, the following queries may be executed:

  • the list of global privileges:
  SELECT
  mu.host `Host`,
  mu.user `User`,
  REPLACE(RTRIM(CONCAT(
  IF(mu.Select_priv = 'Y', 'Select ', ''),
  IF(mu.Insert_priv = 'Y', 'Insert ', ''),
  IF(mu.Update_priv = 'Y', 'Update ', ''),
  IF(mu.Delete_priv = 'Y', 'Delete ', ''),
  IF(mu.Create_priv = 'Y', 'Create ', ''),
  IF(mu.Drop_priv = 'Y', 'Drop ', ''),
  IF(mu.Reload_priv = 'Y', 'Reload ', ''),
  IF(mu.Shutdown_priv = 'Y', 'Shutdown ', ''),
  IF(mu.Process_priv = 'Y', 'Process ', ''),
  IF(mu.File_priv = 'Y', 'File ', ''),
  IF(mu.Grant_priv = 'Y', 'Grant ', ''),
  IF(mu.References_priv = 'Y', 'References ', ''),
  IF(mu.Index_priv = 'Y', 'Index ', ''),
  IF(mu.Alter_priv = 'Y', 'Alter ', ''),
  IF(mu.Show_db_priv = 'Y', 'Show_db ', ''),
  IF(mu.Super_priv = 'Y', 'Super ', ''),
  IF(mu.Create_tmp_table_priv = 'Y', 'Create_tmp_table ', ''),
  IF(mu.Lock_tables_priv = 'Y', 'Lock_tables ', ''),
  IF(mu.Execute_priv = 'Y', 'Execute ', ''),
  IF(mu.Repl_slave_priv = 'Y', 'Repl_slave ', ''),
  IF(mu.Repl_client_priv = 'Y', 'Repl_client ', ''),
  IF(mu.Create_view_priv = 'Y', 'Create_view ', ''),
  IF(mu.Show_view_priv = 'Y', 'Show_view ', ''),
  IF(mu.Create_routine_priv = 'Y', 'Create_routine ', ''),
  IF(mu.Alter_routine_priv = 'Y', 'Alter_routine ', ''),
  IF(mu.Create_user_priv = 'Y', 'Create_user ', ''),
  IF(mu.Event_priv = 'Y', 'Event ', ''),
  IF(mu.Trigger_priv = 'Y', 'Trigger ', '')
  )), ' ', ', ') AS `Privileges`
 FROM
  mysql.user mu
 ORDER BY
  mu.Host,
  mu.User
  • the list of privileges for a database:
 SELECT 
  md.host `Host`,
  md.user `User`,
  md.db `Database`,
  REPLACE(RTRIM(CONCAT(
  IF(md.Select_priv = 'Y', 'Select ', ''),
  IF(md.Insert_priv = 'Y', 'Insert ', ''),
  IF(md.Update_priv = 'Y', 'Update ', ''),
  IF(md.Delete_priv = 'Y', 'Delete ', ''),
  IF(md.Create_priv = 'Y', 'Create ', ''),
  IF(md.Drop_priv = 'Y', 'Drop ', ''),
  IF(md.Grant_priv = 'Y', 'Grant ', ''),
  IF(md.References_priv = 'Y', 'References ', ''),
  IF(md.Index_priv = 'Y', 'Index ', ''),
  IF(md.Alter_priv = 'Y', 'Alter ', ''),
  IF(md.Create_tmp_table_priv = 'Y', 'Create_tmp_table ', ''),
  IF(md.Lock_tables_priv = 'Y', 'Lock_tables ', ''),
  IF(md.Create_view_priv = 'Y', 'Create_view ', ''),
  IF(md.Show_view_priv = 'Y', 'Show_view ', ''),
  IF(md.Create_routine_priv = 'Y', 'Create_routine ', ''),
  IF(md.Alter_routine_priv = 'Y', 'Alter_routine ', ''),
  IF(md.Execute_priv = 'Y', 'Execute ', ''),
  IF(md.Event_priv = 'Y', 'Event ', ''),
  IF(md.Trigger_priv = 'Y', 'Trigger ', '')
  )), ' ', ', ') AS `Privileges`
 FROM
  mysql.db md
 ORDER BY
  md.Host,
  md.User,
  md.Db
  • the list of privileges for tables:
 SELECT 
  mt.host `Host`,
  mt.user `User`,
  CONCAT(mt.Db, '.', mt.Table_name) `Tables`,
  REPLACE(mt.Table_priv, ',', ', ') AS `Privileges`
 FROM
  mysql.tables_priv mt
 WHERE
  mt.Table_name IN
  (SELECT
  DISTINCT
    t.table_name `tables`
  FROM
    information_schema.tables AS t
  WHERE
    t.table_type IN
    ('BASE TABLE', 'SYSTEM VIEW', 'TEMPORARY', '') OR
    t.table_type <> 'VIEW' AND
    t.create_options IS NOT NULL
  )
 ORDER BY
  mt.Host,
  mt.User,
  mt.Db,
  mt.Table_name;
  • the list of privileges for views:
 SELECT 
  mv.host `Host`,
  mv.user `User`,
  CONCAT(mv.Db, '.', mv.Table_name) `Views`,
  REPLACE(mv.Table_priv, ',', ', ') AS `Privileges`
 FROM
  mysql.tables_priv mv
 WHERE
  mv.Table_name IN
  (SELECT
  DISTINCT
    v.table_name `views`
  FROM
    information_schema.views AS v
  )
 ORDER BY
  mv.Host,
  mv.User,
  mv.Db,
  mv.Table_name;
  • the list of privileges for table columns:
SELECT 
  mtc.host `Host`,
  mtc.user `User`,
  CONCAT(mtc.Db, '.', mtc.Table_name, '.', mtc.Column_name) `Tables Columns`,
  REPLACE(mtc.Column_priv, ',', ', ') AS `Privileges`
FROM
  mysql.columns_priv mtc
WHERE
  mtc.Table_name IN
  (SELECT
  DISTINCT
    t.table_name `tables`
  FROM
    information_schema.tables AS t
  WHERE
    t.table_type IN
    ('BASE TABLE', 'SYSTEM VIEW', 'TEMPORARY', '') OR
    t.table_type <> 'VIEW' AND
    t.create_options IS NOT NULL
  )
ORDER BY
  mtc.Host,
  mtc.User,
  mtc.Db,
  mtc.Table_name,
  mtc.Column_name;
  • the list of privileges for view columns:
 SELECT
  mvc.host `Host`,
  mvc.user `User`,
  CONCAT(mvc.Db, '.', mvc.Table_name, '.', mvc.Column_name) `Views Columns`,
  REPLACE(mvc.Column_priv, ',', ', ') AS `Privileges`
 FROM
  mysql.columns_priv mvc
 WHERE
  mvc.Table_name IN
  (SELECT
  DISTINCT
    v.table_name `views`
  FROM
    information_schema.views AS v
  )
 ORDER BY
  mvc.Host,
  mvc.User,
  mvc.Db,
  mvc.Table_name,
  mvc.Column_name;
  • the list of privileges for procedures:
 SELECT
  mp.host `Host`,
  mp.user `User`,
  CONCAT(mp.Db, '.', mp.Routine_name) `Procedures`,
  REPLACE(mp.Proc_priv, ',', ', ') AS `Privileges`
 FROM
  mysql.procs_priv mp
 WHERE
  mp.Routine_type = 'PROCEDURE'
 ORDER BY
  mp.Host,
  mp.User,
  mp.Db,
  mp.Routine_name;
  • the list of privileges for functions:
 SELECT
  mf.host `Host`,
  mf.user `User`,
  CONCAT(mf.Db, '.', mf.Routine_name) `Procedures`,
  REPLACE(mf.Proc_priv, ',', ', ') AS `Privileges`
 FROM
  mysql.procs_priv mf
 WHERE
  mf.Routine_type = 'FUNCTION'
 ORDER BY
  mf.Host,
  mf.User,
  mf.Db,
  mf.Routine_name;

You may need to create a decent printable report with this data and to give it as a report, for example, by the demand of a customer or authority. For this purpose, you may use a special MySQL GUI tool that includes a data report designer.

If you have ready queries, you can take advantage of an easy-to-use wizard and create a report using a predefined template and data grouped, for example, by the host, in several minutes.

New Data Report menu
New Data Report menu
Data Report Wizard
Data Report Wizard
Data Report Custom Query
Data Report Custom Query
Data Report Load Query
Data Report Load Query
Data Report Group by Host
Data Report Group by Host
Data Report Title
Data Report Title
Data Report Preview
Data Report Preview

As you can see on these screenshots, we have created a report using dbForge Studio’s wizard without tedious designing the report itself.

Conclusion

In the article, we have described with particular scripts how to get a list of users’ privileges concerning data access.

Download a 30-day trial version of dbForge Studio for MySQL
dbForge Team
dbForge Team
RELATED ARTICLES

Whitepaper

Social

Topics

How To454What’s New318Events77Industry Insights36

Products

SQL Server Tools365MySQL Tools183ADO.NET Data Providers95PostgreSQL Tools90Oracle Tools87Delphi DAC79ODBC Drivers70Productivity Tools58ORM Solutions47SSIS Components24Excel Add-ins20

Devart

Founded in 1997, Devart is currently one of the leading developers of database management software, ALM solutions and data providers for most popular database servers. © 2024 Devart. All rights reserved.

Products
Support
Tutorials

Company