Privileges Provided by MariaDB
MySQL provides privileges that apply in different contexts and at different levels of operation:
- Administrative privileges enable users to manage operation of the MariaDB server. These privileges are global because they are not specific to a particular database.
- Database privileges apply to a database and to all objects within it. These privileges can be granted for specific databases, or globally so that they apply to all databases.
- Privileges for database objects such as tables, indexes, views, and stored routines can be granted for specific objects within a database, for all objects of a given type within a database (for example, all tables in a database), or globally for all objects of a given type in all databases).
Information about account privileges is stored in the user, db, host, tables_priv, columns_priv, and procs_priv tables in the MariaDB database (see , "Privilege System Grant Tables"). The MariaDB server reads the contents of these tables into memory when it starts and reloads them under the circumstances indicated in , "When Privilege Changes Take Effect". Access-control decisions are based on the in-memory copies of the grant tables.
Some releases of MariaDB introduce changes to the structure of the grant tables to add new access privileges or features. Whenever you update to a new version of MySQL, you should update your grant tables to make sure that they have the current structure so that you can take advantage of any new capabilities. See , "mysql_upgrade - Check Tables for MariaDB Upgrade".
The following table shows the privilege names used at the SQL level in the GRANT and REVOKE statements, along with the column name associated with each privilege in the grant tables and the context in which the privilege applies.
Table 5.6. Permissible Privileges for GRANT and REVOKE
| Privilege | Column | Context |
|---|---|---|
CREATE
| Create_priv
| databases, tables, or indexes |
DROP
| Drop_priv
| databases, tables, or views |
GRANT OPTION
| Grant_priv
| databases, tables, or stored routines |
LOCK TABLES
| Lock_tables_priv
| databases |
REFERENCES
| References_priv
| databases or tables |
EVENT
| Event_priv
| databases |
ALTER
| Alter_priv
| tables |
DELETE
| Delete_priv
| tables |
INDEX
| Index_priv
| tables |
INSERT
| Insert_priv
| tables or columns |
SELECT
| Select_priv
| tables or columns |
UPDATE
| Update_priv
| tables or columns |
CREATE TEMPORARY TABLES
| Create_tmp_table_priv
| tables |
TRIGGER
| Trigger_priv
| tables |
CREATE VIEW
| Create_view_priv
| views |
SHOW VIEW
| Show_view_priv
| views |
ALTER ROUTINE
| Alter_routine_priv
| stored routines |
CREATE ROUTINE
| Create_routine_priv
| stored routines |
EXECUTE
| Execute_priv
| stored routines |
FILE
| File_priv
| file access on server host |
CREATE TABLESPACE
| Create_tablespace_priv
| server administration |
CREATE USER
| Create_user_priv
| server administration |
PROCESS
| Process_priv
| server administration |
PROXY
| see proxies_priv table
| server administration |
RELOAD
| Reload_priv
| server administration |
REPLICATION CLIENT
| Repl_client_priv
| server administration |
REPLICATION SLAVE
| Repl_slave_priv
| server administration |
SHOW DATABASES
| Show_db_priv
| server administration |
SHUTDOWN
| Shutdown_priv
| server administration |
SUPER
| Super_priv
| server administration |
ALL [PRIVILEGES]
| server administration | |
USAGE
| server administration |
The following list provides a general description of each privilege available in MySQL. Particular SQL statements might have more specific privilege requirements than indicated here. If so, the description for the statement in question provides the details.
- The
ALLorALL PRIVILEGESprivilege specifier is shorthand. It stands for "all privileges available at a given privilege level" (exceptGRANT OPTION). For example, grantingALLat the global or table level grants all global privileges or all table-level privileges. - The
ALTERprivilege enables use ofALTER TABLEto change the structure of tables.ALTER TABLEalso requires theCREATEandINSERTprivileges. Renaming a table requiresALTERandDROPon the old table,ALTER,CREATE, andINSERTon the new table. - The
ALTER ROUTINEprivilege is needed to alter or drop stored routines (procedures and functions). - The
CREATEprivilege enables creation of new databases and tables. - The
CREATE ROUTINEprivilege is needed to create stored routines (procedures and functions). - The
CREATE TABLESPACEprivilege is needed to create, alter, or drop tablespaces and log file groups. - The
CREATE TEMPORARY TABLESprivilege enables the creation of temporary tables using theCREATE TEMPORARY TABLEstatement.As of MariaDB 5.6.3, after a session has created a temporary table, the server performs no further privilege checks on the table. The creating session can perform any operation on the table, such as
DROP TABLE,INSERT,UPDATE, orSELECT.One implication of this behavior is that a session can manipulate its temporary tables even if the current user has no privilege to create them. Suppose that the current user does not have the
CREATE TEMPORARY TABLESprivilege but is able to execute aDEFINER-context stored procedure that executes with the privileges of a user who does haveCREATE TEMPORARY TABLESand that creates a temporary table. While the procedure executes, the session uses the privileges of the defining user. After the procedure returns, the effective privileges revert to those of the current user, which can still see the temporary table and perform any operation on it.Before MariaDB 5.6.3, other operations on a temporary table, such as
INSERT,UPDATE, orSELECT, require additional privileges for those operations for the database containing the temporary table, or for the nontemporary table of the same name.To keep privileges for temporary and nontemporary tables separate, a common workaround for this situation is to create a database dedicated to the use of temporary tables. Then for that database, a user can be granted the
CREATE TEMPORARY TABLESprivilege, along with any other privileges required for temporary table operations done by that user. - The
CREATE USERprivilege enables use ofCREATE USER,DROP USER,RENAME USER, andREVOKE ALL PRIVILEGES. - The
CREATE VIEWprivilege enables use ofCREATE VIEW. - The
DELETEprivilege enables rows to be deleted from tables in a database. - The
DROPprivilege enables you to drop (remove) existing databases, tables, and views. TheDROPprivilege is required in order to use the statementALTER TABLE ... DROP PARTITIONon a partitioned table. TheDROPprivilege is also required forTRUNCATE TABLE. If you grant theDROPprivilege for theMariaDBdatabase to a user, that user can drop the database in which the MariaDB access privileges are stored. - The
EVENTprivilege is required to create, alter, drop, or see events for the Event Scheduler. - The
EXECUTEprivilege is required to execute stored routines (procedures and functions). - The
FILEprivilege gives you permission to read and write files on the server host using theLOAD DATA INFILEandSELECT ... INTO OUTFILEstatements and theLOAD_FILE()function. A user who has theFILEprivilege can read any file on the server host that is either world-readable or readable by the MariaDB server. (This implies the user can read any file in any database directory, because the server can access any of those files.) TheFILEprivilege also enables the user to create new files in any directory where the MariaDB server has write access. As a security measure, the server will not overwrite existing files. - The
GRANT OPTIONprivilege enables you to give to other users or remove from other users those privileges that you yourself possess. - The
INDEXprivilege enables you to create or drop (remove) indexes.INDEXapplies to existing tables. If you have theCREATEprivilege for a table, you can include index definitions in theCREATE TABLEstatement. - The
INSERTprivilege enables rows to be inserted into tables in a database.INSERTis also required for theANALYZE TABLE,OPTIMIZE TABLE, andREPAIR TABLEtable-maintenance statements. - The
LOCK TABLESprivilege enables the use of explicitLOCK TABLESstatements to lock tables for which you have theSELECTprivilege. This includes the use of write locks, which prevents other sessions from reading the locked table. - The
PROCESSprivilege pertains to display of information about the threads executing within the server (that is, information about the statements being executed by sessions). The privilege enables use ofSHOW PROCESSLISTor mysqladmin processlist to see threads belonging to other accounts; you can always see your own threads. - The
PROXYprivilege enables a user to impersonate or become known as another user. See , "Proxy Users". - The
REFERENCESprivilege currently is unused. - The
RELOADprivilege enables use of theFLUSHstatement. It also enables mysqladmin commands that are equivalent toFLUSHoperations:flush-hosts,flush-logs,flush-privileges,flush-status,flush-tables,flush-threads,refresh, andreload.The
reloadcommand tells the server to reload the grant tables into memory.flush-privilegesis a synonym forreload. Therefreshcommand closes and reopens the log files and flushes all tables. The otherflush-commands perform functions similar toxxxrefresh, but are more specific and may be preferable in some instances. For example, if you want to flush just the log files,flush-logsis a better choice thanrefresh. - The
REPLICATION CLIENTprivilege enables the use ofSHOW MASTER STATUSandSHOW SLAVE STATUS. - The
REPLICATION SLAVEprivilege should be granted to accounts that are used by slave servers to connect to the current server as their master. Without this privilege, the slave cannot request updates that have been made to databases on the master server. - The
SELECTprivilege enables you to select rows from tables in a database.SELECTstatements require theSELECTprivilege only if they actually retrieve rows from a table. SomeSELECTstatements do not access tables and can be executed without permission for any database. For example, you can useSELECTas a simple calculator to evaluate expressions that make no reference to tables:SELECT 1+1; SELECT PI()*2;
The
SELECTprivilege is also needed for other statements that read column values. For example,SELECTis needed for columns referenced on the right hand side ofcol_name=exprassignment inUPDATEstatements or for columns named in theWHEREclause ofDELETEorUPDATEstatements. - The
SHOW DATABASESprivilege enables the account to see database names by issuing theSHOW DATABASEstatement. Accounts that do not have this privilege see only databases for which they have some privileges, and cannot use the statement at all if the server was started with the--skip-show-databaseoption. Note that any global privilege is a privilege for the database. - The
SHOW VIEWprivilege enables use ofSHOW CREATE VIEW. - The
SHUTDOWNprivilege enables use of the mysqladmin shutdown command. There is no corresponding SQL statement. - The
SUPERprivilege enables an account to useCHANGE MASTER TO,KILLor mysqladmin kill to kill threads belonging to other accounts (you can always kill your own threads),PURGE BINARY LOGS, configuration changes usingSET GLOBALto modify global system variables, the mysqladmin debug command, enabling or disabling logging, performing updates even if theread_onlysystem variable is enabled, starting and stopping replication on slave servers, specification of any account in theDEFINERattribute of stored programs and views, and enables you to connect (once) even if the connection limit controlled by themax_connectionssystem variable is reached.To create or alter stored functions if binary logging is enabled, you may also need the
SUPERprivilege, as described in , "Binary Logging of Stored Programs". - The
TRIGGERprivilege enables trigger operations. You must have this privilege for a table to create, drop, or execute triggers for that table. - The
UPDATEprivilege enables rows to be updated in tables in a database. - The
USAGEprivilege specifier stands for "no privileges." It is used at the global level withGRANTto modify account attributes such as resource limits or SSL characteristics without affecting existing account privileges.
It is a good idea to grant to an account only those privileges that it needs. You should exercise particular caution in granting the FILE and administrative privileges:
- The
FILEprivilege can be abused to read into a database table any files that the MariaDB server can read on the server host. This includes all world-readable files and files in the server's data directory. The table can then be accessed usingSELECTto transfer its contents to the client host. - The
GRANT OPTIONprivilege enables users to give their privileges to other users. Two users that have different privileges and with theGRANT OPTIONprivilege are able to combine privileges. - The
ALTERprivilege may be used to subvert the privilege system by renaming tables. - The
SHUTDOWNprivilege can be abused to deny service to other users entirely by terminating the server. - The
PROCESSprivilege can be used to view the plain text of currently executing statements, including statements that set or change passwords. - The
SUPERprivilege can be used to terminate other sessions or change how the server operates. - Privileges granted for the
MariaDBdatabase itself can be used to change passwords and other access privilege information. Passwords are stored encrypted, so a malicious user cannot simply read them to know the plain text password. However, a user with write access to theusertablePasswordcolumn can change an account's password, and then connect to the MariaDB server using that account.