Sie sind auf Seite 1von 3

MariaDB GRANT

Lets practice with some examples of using MariaDB GRANT statement to have a better
understanding.
If you want to create a super account that can do anything including being able to grant
privileges to other users, you can use the following statements:
MariaDB
1 CREATE USER 'super'@'localhost' IDENTIFIED BY 'SecurePass1';
2
3 GRANT ALL ON *.* TO 'super'@'localhost' WITH GRANT OPTION;
The ON *.* clause means all databases and all objects in the databases. The only limitation of
the super user is that it can only connect to the database server from the localhost, which
makes the MariaDB server more secure.
To create a user that has all access in the classicmodels database and can connect from any host
you use the following statements:
MariaDB
1 CREATE USER 'super2'@'%' IDENTIFIED BY 'SecurePass2';
2
3 GRANT ALL classicmodels.* TO 'super2'@'%' WITH GRANT OPTION;
You can grant multiple privileges using a single GRANT statement. For example, you can create a
user that can execute the SELECT, INSERT and UPDATE statements against the
classicmodels sample database using the following statements:
MariaDB
1 CREATE USER 'rfc'@'%' IDENTIFIED BY 'SecurePass3';
2
3 GRANT SELECT, UPDATE, DELETE ON classicmodels.* TO 'rfc'@'%';

Available privileges to use with MariaDB GRANT


The following table illustrates all privileges available in MariaDB.
Privilege
ALL [PRIVILEGES]
ALTER

Description
Grant all privileges at specified access level except GRANT OPTION
Allow to use of ALTER TABLE statement

Privilege
ALTER ROUTINE
CREATE
CREATE ROUTINE
CREATE
TABLESPACE
CREATE
TEMPORARY
TABLES
CREATE USER
CREATE VIEW
DELETE
DROP
EVENT
EXECUTE
FILE
GRANT OPTION
INDEX
INSERT
LOCK TABLES
PROCESS
PROXY
REFERENCES
RELOAD
REPLICATION
CLIENT
REPLICATION
SLAVE
SELECT
SHOW DATABASES
SHOW VIEW
SHUTDOWN
SUPER
TRIGGER
UPDATE

Description
Allow user to alter or drop stored routine
Allow user to create database and table
Allow user to create stored routine
Allow user to create, alter or drop tablespaces and log file groups
Allow user to create temporary table by using CREATE
TEMPORARY TABLE
Allow user to use the CREATE USER, DROP USER, RENAME
USER, and REVOKE ALL PRIVILEGES statements.
Allow user to create or modify view
Allow user to use DELETE
Allow user to drop database, table and view
Allow user to schedule events in Event Scheduler
Allow user to execute stored routines
Allow user to read any file in the database directory.
Allow user to have privileges to grant or revoke privileges from other
accounts
Allow user to create or remove indexes.
Allow user to use INSERT statement
Allow user to use LOCK TABLES on tables for which you have the
SELECT privilege
Allow user to see all processes with SHOW PROCESSLIST statement.
Enable user proxying
Not implemented
Allow user to use FLUSH operations
Allow user to query to see where master or slave servers are
Allow the user to use replicate slaves to read binary log events from the
master.
Allow user to use SELECT statement
Allow user to show all databases
Allow user to use SHOW CREATE VIEW statement
Allow user to use mysqladmin shutdown command
Allow user to use other administrative operations such as CHANGE
MASTER TO, KILL, PURGE BINARY LOGS, SET GLOBAL, and
mysqladmin command
Allow user to use TRIGGER operations.
Allow user to use UPDATE statement

Privilege
USAGE

Description
Equivalent to no privileges