EXECUTE Privilege
This page is part of MariaDB's Documentation.
The parent of this page is: Privileges for MariaDB Xpand
Topics on this page:
Overview
Grants ability to execute stored routines.
DETAILS
Scope: Global, Database, Routine
Privilege name for
GRANT
:EXECUTE
Privilege name for
REVOKE
:EXECUTE
Privilege shown by
SHOW GRANTS
:EXECUTE
EXAMPLES
GRANT
The following examples demonstrate grant of a single privilege. A single GRANT
statement can grant multiple privileges at the same scope by providing a comma-separated list of the privileges.
To grant the EXECUTE
privilege at global scope, replace the user specification ('USERNAME'@'HOSTNAME'
) in the following query to align to your requirements:
GRANT EXECUTE
ON *.*
TO 'USERNAME'@'HOSTNAME';
To grant the EXECUTE
privilege at database scope, replace the user specification ('USERNAME'@'HOSTNAME'
) and database name (DATABASE_NAME
) in the following query to align to your requirements:
GRANT EXECUTE
ON DATABASE_NAME.*
TO 'USERNAME'@'HOSTNAME';
To grant the EXECUTE
privilege at routine scope, replace the user specification ('USERNAME'@'HOSTNAME'
), database name (DATABASE_NAME
), and routine name (ROUTINE_NAME
) in the following query to align to your requirements:
GRANT EXECUTE
ON DATABASE_NAME.ROUTINE_NAME
TO 'USERNAME'@'HOSTNAME';
REVOKE
The following examples demonstrate revoke of a single previously-granted privilege. A single REVOKE
statement can revoke multiple privileges at the same scope by providing a comma-separated list of the privileges.
To revoke the EXECUTE
privilege at global scope, replace the user specification ('USERNAME'@'HOSTNAME'
) in the following query to align to your requirements:
REVOKE EXECUTE
ON *.*
FROM 'USERNAME'@'HOSTNAME';
To revoke the EXECUTE
privilege at database scope, replace the user specification ('USERNAME'@'HOSTNAME'
) and database name (DATABASE_NAME
) in the following query to align to your requirements:
REVOKE EXECUTE
ON DATABASE_NAME.*
FROM 'USERNAME'@'HOSTNAME';
To revoke the EXECUTE
privilege at routine scope, replace the user specification ('USERNAME'@'HOSTNAME'
), database name (DATABASE_NAME
), and routine name (ROUTINE_NAME
) in the following query to align to your requirements:
REVOKE EXECUTE
ON DATABASE_NAME.ROUTINE_NAME
FROM 'USERNAME'@'HOSTNAME';
SHOW Output
A user's privileges can be displayed using the SHOW GRANTS
statement.
If the EXECUTE
privilege is present, it will be shown as EXECUTE
in the output. For example:
SHOW GRANTS FOR 'app_user'@'192.0.2.%';
+-------------------------------------------------------+
| Grants for app_user@192.0.2.% |
+-------------------------------------------------------+
| GRANT EXECUTE ON `app_db`.* TO 'app_user'@'192.0.2.%' |
+-------------------------------------------------------+
Privilege Failure
An error message is raised if an operation fails due to insufficient privileges. For example:
CALL db1.test_proc();
ERROR 1045 (HY000): [11281] Permission denied: User 'USERNAME'@'HOSTNAME' is missing EXECUTE on `db1`.`test_proc`; transaction aborted