Table of Contents
Advertisement
If
NO_AUTO_CREATE_USER
create the account unless the
Other Account Characteristics
The
clause is used for several purposes:
WITH
• To enable a user to grant privileges to other users
• To specify resource limits for a user
• To specify whether and how a user must use secure connections to the server
The
WITH GRANT OPTION
the user has at the specified privilege level. You should be careful to whom you give the
[577]
OPTION
You cannot grant another user a privilege which you yourself do not have; the
privilege enables you to assign only those privileges which you yourself possess.
Be aware that when you grant a user the
any privileges the user possesses (or may be given in the future) at that level can also be granted by
that user to other users. Suppose that you grant a user the
If you then grant the
that user can give to other users not only the
then grant the
[578], and
SELECT
For a nonadministrative user, you should not grant the
database. If you do that, the user can try to subvert the privilege system by renaming tables!
For additional information about security risks associated with particular privileges, see
"Privileges Provided by
Several
WITH
• The
MAX_QUERIES_PER_HOUR
MAX_CONNECTIONS_PER_HOUR count
connections to the server permitted to this account during any given one-hour period. (Queries for
which results are served from the query cache do not count against the
limit.) If
count
• The
MAX_USER_CONNECTIONS count
maximum number of simultaneous connections to the server by the account. A nonzero
specifies the limit for the account explicitly. If
count
determines the number of simultaneous connections for the account from the global value of the
max_user_connections
there is no limit for the account.
To specify resource limits for an existing user without affecting existing privileges, use
at the global level
GRANT USAGE ON *.* TO ...
WITH MAX_QUERIES_PER_HOUR 500 MAX_UPDATES_PER_HOUR 100;
Account Management Statements
[536]
is enabled and the account does not exist,
IDENTIFIED BY
Important
may be recorded in server logs or in a history file such as
GRANT
~/.mysql_history, which means that cleartext passwords may be read by
anyone having read access to that information. See
Passwords
Secure".
clause gives the user the ability to give to other users any privileges
privilege because two users with different privileges may be able to combine privileges!
[578]
privilege on the database and specify
SELECT
[578]
privilege to the user on the database, the user can grant
UPDATE
[578].
UPDATE
MySQL".
clause options specify limits on use of server resources by an account:
count,
is
(the default), this means that there is no limitation for the account.
0
[472]
system variable. If
(ON
*.*) and name the limits to be changed. For example:
clause is given to provide a nonempty password.
[577]
privilege at a particular privilege level,
GRANT OPTION
INSERT
[578]
privilege, but also
SELECT
[576]
ALTER
MAX_UPDATES_PER_HOUR
limits restrict the number of queries, updates, and
limit, implemented in MySQL 5.0.3, restricts the
is
count
max_user_connections
1157
fails and does not
GRANT
Section 6.1.2, "Keeping
GRANT OPTION
[577]
privilege on a database.
WITH GRANT
[577]. If you
INSERT
INSERT
privilege globally or for the
Section 6.2.1,
count, and
MAX_QUERIES_PER_HOUR
(the default), the server
0
[472]
GRANT USAGE
GRANT
[577]
OPTION,
[577],
mysql
is also zero,
Advertisement
Chapters
Table of Contents
Troubleshooting
