The Ultimate Guide to High Availability with MariaDB

Comments - Grants from host % vs localhost

2 years, 9 months ago Anel Husakovic
Re: Grants from host % vs localhost

Hi,

It would be much easier if you could pass the links and provide an example what you would like to achieve, but let me see if I understood you correctly.
When you grant privileges to the user, you can specify to which user@host pair it should apply.
Let's look an example. Let's create 2 users and look the privs:

MariaDB [(none)]> create user foo@'%' identified by 'foo1';
Query OK, 0 rows affected (0.02 sec)

MariaDB [(none)]> create user foo@'localhost' identified by 'foo2';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> select user,host from mysql.user;
+------+-----------+
| user | host      |
+------+-----------+
| foo  | %         |
| root | 127.0.0.1 |
| root | ::1       |
|      | anel      |
| root | anel      |
|      | localhost |
| foo  | localhost |
| root | localhost |
+------+-----------+
8 rows in set (0.00 sec)

MariaDB [(none)]> show grants for foo;
+----------------------------------------------------------------------------------------------------+
| Grants for foo@%                                                                                   |
+----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'foo'@'%' IDENTIFIED BY PASSWORD '*6EAC5249D53050AE649BDB0CC4B85D1AE90CA16E' |
+----------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

MariaDB [(none)]> show grants for foo@localhost;
+------------------------------------------------------------------------------------------------------------+
| Grants for foo@localhost                                                                                   |
+------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'foo'@'localhost' IDENTIFIED BY PASSWORD '*3A4DD2A68933D2F38A899323EE91A540A7557C43' |
+------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

Now we can specify different privileges for them:

MariaDB [(none)]> grant select on mysql.* to foo@localhost;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant select,update on mysql.* to foo@'%';
Query OK, 0 rows affected (0.00 sec)

And let's verify they are different:

MariaDB [(none)]> show grants for foo;
+----------------------------------------------------------------------------------------------------+
| Grants for foo@%                                                                                   |
+----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'foo'@'%' IDENTIFIED BY PASSWORD '*6EAC5249D53050AE649BDB0CC4B85D1AE90CA16E' |
| GRANT SELECT, UPDATE ON `mysql`.* TO 'foo'@'%'                                                     |
+----------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

MariaDB [(none)]> show grants for foo@localhost;
+------------------------------------------------------------------------------------------------------------+
| Grants for foo@localhost                                                                                   |
+------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'foo'@'localhost' IDENTIFIED BY PASSWORD '*3A4DD2A68933D2F38A899323EE91A540A7557C43' |
| GRANT SELECT ON `mysql`.* TO 'foo'@'localhost'                                                             |
+------------------------------------------------------------------------------------------------------------+

I guess this was what you are looking for?

 
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.