GRANT OPTION Privilege
This page is part of MariaDB's Documentation.
The parent of this page is: Privileges for MariaDB Xpand
Topics on this page:
Overview
Grants ability to execute GRANT
.
DETAILS
Scope: Global, Database, Table, Routine
Privilege name for
GRANT
:GRANT OPTION
Privilege name for
REVOKE
:GRANT OPTION
Privilege shown by
SHOW GRANTS
:GRANT OPTION
EXAMPLES
GRANT
To grant the GRANT OPTION
privilege at global scope, replace the user specification ('USERNAME'@'HOSTNAME'
) in the following query to align to your requirements:
GRANT ALL PRIVILEGES
ON *.*
TO 'USERNAME'@'HOSTNAME'
WITH GRANT OPTION;
To grant the GRANT OPTION
privilege at database scope, replace the user specification ('USERNAME'@'HOSTNAME'
) and database name (DATABASE_NAME
) in the following query to align to your requirements:
GRANT ALL PRIVILEGES
ON DATABASE_NAME.*
TO 'USERNAME'@'HOSTNAME'
WITH GRANT OPTION;
To grant the GRANT OPTION
privilege at table scope, replace the user specification ('USERNAME'@'HOSTNAME'
), database name (DATABASE_NAME
), and table name (TABLE_NAME
) in the following query to align to your requirements
GRANT ALL PRIVILEGES
ON DATABASE_NAME.TABLE_NAME
TO 'USERNAME'@'HOSTNAME'
WITH GRANT OPTION;
To grant the GRANT OPTION
privilege at routine scope, replace the user specification ('USERNAME'@'HOSTNAME'
), database name (DATABASE_NAME
), and routine name (ROUTINE_NAME
) in the following query to align to your requirements:
GRANT ALL PRIVILEGES
ON DATABASE_NAME.ROUTINE_NAME
TO 'USERNAME'@'HOSTNAME'
WITH GRANT OPTION;
REVOKE
Replace the user specification ('USERNAME'@'HOSTNAME'
), database name (DATABASE_NAME
), and table name (TABLE_NAME
) in alignment to your requirements.
To revoke the GRANT OPTION
privilege at global scope, replace the user specification ('USERNAME'@'HOSTNAME'
) in the following query to align to your requirements:
REVOKE ALL PRIVILEGES, GRANT OPTION
ON *.*
FROM 'USERNAME'@'HOSTNAME';
To revoke the GRANT OPTION
privilege at database scope, replace the user specification ('USERNAME'@'HOSTNAME'
) and database name (DATABASE_NAME
) in the following query to align to your requirements:
REVOKE ALL PRIVILEGES, GRANT OPTION
ON DATABASE_NAME.*
FROM 'USERNAME'@'HOSTNAME';
To revoke the GRANT OPTION
privilege at table scope, replace the user specification ('USERNAME'@'HOSTNAME'
), database name (DATABASE_NAME
), and table name (TABLE_NAME
) in the following query to align to your requirements
REVOKE ALL PRIVILEGES, GRANT OPTION
ON DATABASE_NAME.TABLE_NAME
FROM 'USERNAME'@'HOSTNAME';
To revoke the GRANT OPTION
privilege at routine scope, replace the user specification ('USERNAME'@'HOSTNAME'
), database name (DATABASE_NAME
), and routine name (ROUTINE_NAME
) in the following query to align to your requirements:
REVOKE ALL PRIVILEGES, GRANT OPTION
ON DATABASE_NAME.ROUTINE_NAME
FROM 'USERNAME'@'HOSTNAME';
SHOW Output
A user's privileges can be displayed using the SHOW GRANTS
statement.
If the GRANT OPTION
privilege is present, it will be shown as WITH GRANT OPTION
in the output. For example:
SHOW GRANTS FOR 'app_user'@'192.0.2.%';
+-------------------------------------------------------------------------+
| Grants for app_user@192.0.2.% |
+-------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'app_user'@'192.0.2.%' WITH GRANT OPTION |
+-------------------------------------------------------------------------+
Privilege Failure
An error message is raised if an operation fails due to insufficient privileges. For example:
GRANT ALL PRIVILEGES
ON *.*
TO 'USERNAME'@'HOSTNAME'
WITH GRANT OPTION;
ERROR 1045 (HY000): [11281] Permission denied: User 'USERNAME'@'HOSTNAME' is missing GRANT OPTION on *.*; transaction aborted