The mysql.user table contains information about users that have permission to access the MariaDB server, and their global privileges. The table can be queried and although it is possible to directly update it, it is best to use GRANT and CREATE USER for adding users and privileges.

Note that the MariaDB privileges occur at many levels. A user may not be granted create privilege at the user level, but may still have create permission on certain tables or databases, for example. See privileges for a more complete view of the MariaDB privilege system.

The mysql.user table contains the following fields:

FieldTypeNullKeyDefaultDescriptionIntroduced
Hostchar(60)NOPRIHost (together with User makes up the unique identifier for this account.
Userchar(80)NOPRIUser (together with Host makes up the unique identifier for this account.
Passwordchar(41)NOHashed password, generated by the PASSWORD() function.
Select_privenum('N','Y')NONCan perform SELECT statements.
Insert_privenum('N','Y')NONCan perform INSERT statements.
Update_privenum('N','Y')NONCan perform UPDATE statements.
Delete_privenum('N','Y')NONCan perform DELETE statements.
Create_privenum('N','Y')NONCan CREATE DATABASE's or CREATE TABLE's.
Drop_privenum('N','Y')NONCan DROP DATABASE's or DROP TABLE's.
Reload_privenum('N','Y')NONCan execute FLUSH statements or equivalent mysqladmin commands.
Shutdown_privenum('N','Y')NONCan shut down the server with SHUTDOWN or mysqladmin shutdown.
Process_privenum('N','Y')NONCan show information about active processes, via SHOW PROCESSLIST or mysqladmin processlist.
File_privenum('N','Y')NONRead and write files on the server, using statements like LOAD DATA INFILE or functions like LOAD_FILE(). Also needed to create CONNECT outward tables. MariaDB server must have permission to access those files.
Grant_privenum('N','Y')NONUser can grant privileges they possess.
References_privenum('N','Y')NONUnused
Index_privenum('N','Y')NONCan create an index on a table using the CREATE INDEX statement. Without the INDEX privilege, user can still create indexes when creating a table using the CREATE TABLE statement if the user has have the CREATE privilege, and user can create indexes using the ALTER TABLE statement if they have the ALTER privilege.
Alter_privenum('N','Y')NONCan perform ALTER TABLE statements.
Show_db_privenum('N','Y')NONCan list all databases using the SHOW DATABASES statement. Without the SHOW DATABASES privilege, user can still issue the SHOW DATABASES statement, but it will only list databases containing tables on which they have privileges.
Super_privenum('N','Y')NONCan execute superuser statements: CHANGE MASTER TO, KILL (users who do not have this privilege can only KILL their own threads), PURGE LOGS, SET global system variables, or the mysqladmin debug command. Also, this permission allows the user to write data even if the read_only startup option is set, enable or disable logging, enable or disable replication on slaves, specify a DEFINER for statements that support that clause, connect once after reaching the MAX_CONNECTIONS. If a statement has been specified for the init-connect mysqld option, that command will not be executed when a user with SUPER privileges connects to the server.
Create_tmp_table_privenum('N','Y')NONCan create temporary tables with the CREATE TEMPORARY TABLE statement.
Lock_tables_privenum('N','Y')NONAcquire explicit locks using the LOCK TABLES statement; user also needs to have the SELECT privilege on a table in order to lock it.
Execute_privenum('N','Y')NONCan execute stored procedure or functions.
Repl_slave_privenum('N','Y')NONAccounts used by slave servers on the master need this privilege. This is needed to get the updates made on the master.
Repl_client_privenum('N','Y')NONCan execute SHOW MASTER STATUS and SHOW SLAVE STATUS statements.
Create_view_privenum('N','Y')NONCan create a view using the CREATE_VIEW statement.
Show_view_privenum('N','Y')NONCan show the CREATE VIEW statement to create a view using the SHOW CREATE VIEW statement.
Create_routine_privenum('N','Y')NONCan create stored programs using the CREATE PROCEDURE and CREATE FUNCTION statements.
Alter_routine_privenum('N','Y')NONCan change the characteristics of a stored function using the ALTER FUNCTION statement.
Create_user_privenum('N','Y')NONCan create a user using the CREATE USER statement, or implicitly create a user with the GRANT statement.
Event_privenum('N','Y')NONCreate, drop and alter events.
Trigger_privenum('N','Y')NONCan execute triggers associated with tables the user updates, execute the CREATE TRIGGER and DROP TRIGGER statements.
Create_tablespace_privenum('N','Y')NON
ssl_typeenum('', 'ANY', 'X509', 'SPECIFIED')NOTLS type - see TLS options.
ssl_cipherblobNONULLTLS cipher - see TLS options.
x509_issuerblobNONULLX509 cipher - see TLS options.
x509_subjectblobNONULLSSL subject - see TLS options.
max_questionsint(11) unsignedNO0Number of queries the user can perform per hour. Zero is unlimited. See per-account resource limits.
max_updatesint(11) unsignedNO0Number of updates the user can perform per hour. Zero is unlimited. See per-account resource limits.
max_connectionsint(11) unsignedNO0Number of connections the account can start per hour. Zero is unlimited. See per-account resource limits.
max_user_connectionsint(11)NO0Number of simultaneous connections the account can have. Zero is unlimited. See per-account resource limits.
pluginchar(64)NOAuthentication plugin used on connection. If empty, use the default.MariaDB 5.5
authentication_stringtextNONULLAuthentication string for the authentication plugin.MariaDB 5.5
password_expiredenum('N','Y')NONMySQL-compatibility option, not implemented in MariaDB.
is_roleenum('N','Y')NONWhether the user is a role.MariaDB 10.0.5

The Acl_roles status variable, added in MariaDB 10.1.4, indicates how many rows the mysql.user table contains where is_role='Y'.

The Acl_users status variable, added in MariaDB 10.1.4, indicates how many rows the mysql.user table contains where is_role='N'.

Comments

Comments loading...