Oracle 5.0 Reference Manual page 609

example, if you want to execute
[578] privilege to you, the server denies access without even checking the
SHUTDOWN
tables. (They contain no
For database-related requests (INSERT, UPDATE, and so on), the server first checks the user's global
privileges by looking in the
granted. If the global privileges in the
database-specific privileges by checking the
1. The server looks in the
columns are matched to the connecting user's host name and MySQL user name. The
User
column is matched to the database that the user wants to access. If there is no row for the
and User, access is denied.
2. If there is a matching
database-specific privileges.
3. If the matching table row's
db
which hosts should be permitted access to the database. In this case, a further lookup is done
in the table to find a match on the
host
access is denied. If there is a match, the user's database-specific privileges are computed as the
intersection (not the union!) of the privileges in the
that are in both entries. (This way you can grant general privileges in the
'Y'
selectively restrict them on a host-by-host basis using the
After determining the database-specific privileges granted by the
server adds them to the global privileges granted by the
operation, access is granted. Otherwise, the server successively checks the user's table and column
privileges in the
tables_priv
permits or denies access based on the result. For stored-routine operations, the server uses the
table rather than
procs_priv
Expressed in boolean terms, the preceding description of how a user's privileges are calculated may be
summarized like this:
global privileges
OR (database privileges AND host privileges)
OR table privileges
OR column privileges
OR routine privileges
It may not be apparent why, if the global
requested operation, the server adds those privileges to the database, table, and column privileges
later. The reason is that a request might require more than one type of privilege. For example, if you
execute an
INSERT INTO ... SELECT
[578] privileges. Your privileges might be such that the
SELECT
and the table row grants the other. In this case, you have the necessary privileges to perform the
db
request, but the server cannot tell that from either table by itself; the privileges granted by the entries in
both tables must be combined.
The table is not affected by the
host
installations. If you modify it directly, you can use it for some specialized purposes, such as to maintain
a list of secure servers on the local network that are granted all privileges.
You can also use the
host
machine
public.your.domain
can enable access to all hosts on your network except that machine by using
this:
+--------------------+----+-
| Host | Db | ...
+--------------------+----+-
| public.your.domain | %
Access Control, Stage 2: Request Verification
mysqladmin shutdown
column, so there is no need to do so.)
Shutdown_priv
table row. If the row permits the requested operation, access is
user
table are insufficient, the server determines the user's
user
db
table for a match on the Host, Db, and
db
table row and its
db Host
column is blank, it signifies that the
Host
Host
and
columns_priv
tables_priv
user
statement, you need both the
or
GRANT
table to indicate hosts that are not secure. Suppose that you have a
that is located in a public area that you do not consider secure. You
| ... (all privileges set to 'N')
589
but your
user
and tables:
host
column is not blank, that row defines the user's
and columns. If no
Db
and table entries; that is, the privileges
db host
table entries.)
host
and
db
table. If the result permits the requested
user
tables, adds those to the user's privileges, and
and columns_priv.
row privileges are initially found to be insufficient for the
user
statements, so it is unused in most MySQL
REVOKE
table row does not grant the
or
db host
columns. The
User Host
table enumerates
host
table row matches,
host
table row and then
db
table entries, the
host
[577] and the
INSERT
table row grants one privilege
table entries like
host
and
Db
Host