GRANT OPTION Privilege
This page is part of MariaDB's Documentation.
The parent of this page is: Privileges for MariaDB Xpand
Topics on this page:
Overview
Grants ability to execute GRANT.
DETAILS
Scope: Global, Database, Table, Routine
Privilege name for
GRANT:GRANT OPTIONPrivilege name for
REVOKE:GRANT OPTIONPrivilege shown by
SHOW GRANTS:GRANT OPTION
EXAMPLES
GRANT
To grant the GRANT OPTION privilege at global scope, replace the user specification ('USERNAME'@'HOSTNAME') in the following query to align to your requirements:
GRANT ALL PRIVILEGES
ON *.*
TO 'USERNAME'@'HOSTNAME'
WITH GRANT OPTION;
To grant the GRANT OPTION privilege at database scope, replace the user specification ('USERNAME'@'HOSTNAME') and database name (DATABASE_NAME) in the following query to align to your requirements:
GRANT ALL PRIVILEGES
ON DATABASE_NAME.*
TO 'USERNAME'@'HOSTNAME'
WITH GRANT OPTION;
To grant the GRANT OPTION privilege at table scope, replace the user specification ('USERNAME'@'HOSTNAME'), database name (DATABASE_NAME), and table name (TABLE_NAME) in the following query to align to your requirements
GRANT ALL PRIVILEGES
ON DATABASE_NAME.TABLE_NAME
TO 'USERNAME'@'HOSTNAME'
WITH GRANT OPTION;
To grant the GRANT OPTION privilege at routine scope, replace the user specification ('USERNAME'@'HOSTNAME'), database name (DATABASE_NAME), and routine name (ROUTINE_NAME) in the following query to align to your requirements:
GRANT ALL PRIVILEGES
ON DATABASE_NAME.ROUTINE_NAME
TO 'USERNAME'@'HOSTNAME'
WITH GRANT OPTION;
REVOKE
Replace the user specification ('USERNAME'@'HOSTNAME'), database name (DATABASE_NAME), and table name (TABLE_NAME) in alignment to your requirements.
To revoke the GRANT OPTION privilege at global scope, replace the user specification ('USERNAME'@'HOSTNAME') in the following query to align to your requirements:
REVOKE ALL PRIVILEGES, GRANT OPTION
ON *.*
FROM 'USERNAME'@'HOSTNAME';
To revoke the GRANT OPTION privilege at database scope, replace the user specification ('USERNAME'@'HOSTNAME') and database name (DATABASE_NAME) in the following query to align to your requirements:
REVOKE ALL PRIVILEGES, GRANT OPTION
ON DATABASE_NAME.*
FROM 'USERNAME'@'HOSTNAME';
To revoke the GRANT OPTION privilege at table scope, replace the user specification ('USERNAME'@'HOSTNAME'), database name (DATABASE_NAME), and table name (TABLE_NAME) in the following query to align to your requirements
REVOKE ALL PRIVILEGES, GRANT OPTION
ON DATABASE_NAME.TABLE_NAME
FROM 'USERNAME'@'HOSTNAME';
To revoke the GRANT OPTION privilege at routine scope, replace the user specification ('USERNAME'@'HOSTNAME'), database name (DATABASE_NAME), and routine name (ROUTINE_NAME) in the following query to align to your requirements:
REVOKE ALL PRIVILEGES, GRANT OPTION
ON DATABASE_NAME.ROUTINE_NAME
FROM 'USERNAME'@'HOSTNAME';
SHOW Output
A user's privileges can be displayed using the SHOW GRANTS statement.
If the GRANT OPTION privilege is present, it will be shown as WITH GRANT OPTION in the output. For example:
SHOW GRANTS FOR 'app_user'@'192.0.2.%';
+-------------------------------------------------------------------------+
| Grants for app_user@192.0.2.% |
+-------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'app_user'@'192.0.2.%' WITH GRANT OPTION |
+-------------------------------------------------------------------------+
Privilege Failure
An error message is raised if an operation fails due to insufficient privileges. For example:
GRANT ALL PRIVILEGES
ON *.*
TO 'USERNAME'@'HOSTNAME'
WITH GRANT OPTION;
ERROR 1045 (HY000): [11281] Permission denied: User 'USERNAME'@'HOSTNAME' is missing GRANT OPTION on *.*; transaction aborted