MySQL grant syntax & dynamic database using wildcards

I was recently looking at a MySQL grant script to create default system users after server setup.
One of the syntax failed with error and that drew my attention to the details.

ERROR 1064 (42000) at line 1: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''dbname%'.* to 'dbuser'@'%'' at line 1


The issue above was fixed by correcting the syntax. You shall read below to know more.

A sample mysql grant syntax could be:

GRANT ...PRIVILEGES ON DB.TABLE TO 'USER'@'HOST' IDENTIFIED BY 'PASSWORD';

# There are varients and ways to create user but let’s consider this for simplicity.

You may refer to the documentation for list of MySQL user privileges & the grant syntax itself.

We’re looking into dynamically specifying MySQL user privileges.

GRANT …PRIVILEGES ON DB.TABLE TO ‘USER’@’HOST’ IDENTIFIED BY ‘PASSWORD’;

A user in MySQL is combination of USERNAME and HOSTNAME.

Example:

GRANT SELECT, INSERT ON mydb.mytbl TO 'someuser'@'somehost';

This will grant someuser to connect from somehost and the privileges of SELECT & INSERT on mydb.mytbl.

Example:

GRANT SELECT, INSERT ON mydb.mytbl TO 'someuser'@'%';

This will grant someuser to connect from any machine and the privileges of SELECT & INSERT on mydb.mytbl.

Let’s see what options we have while specifying MySQL Grants on database objects.

GRANT …PRIVILEGES ON DB.TABLE TO ‘USER’@’HOST’ IDENTIFIED BY ‘PASSWORD’;

The case I met was the GRANT where the SQL was written to provide privileges on a dynamic database name and had incorrect syntax.

So yes it is fairly possible to specify a regular expression for a database name while granting privileges to a MySQL user.

So we can grant SELECT permissions on all databases starting with WP to a user as follows:

mysql> GRANT SELECT ON `WP%`.* to 'mysql-user'@'%';
Query OK, 0 rows affected (0.00 sec)

Above syntax grants SELECT command on all databases starting with “WP” (matching the regexp). Note the backtick (`) around “%”. The escape character (\) is required for the literal usage of underscore (_) or percentage (%) in the syntax. I corrected those two to resolve said error earlier.

MySQL documentation reads:

The "_" and "%" wildcards are permitted when specifying database names in GRANT statements that grant privileges at the global or database levels.

In above line, it is clear about “usage of wildcard specifying database names at database level” but couldn’t quite understand what MySQL documentation meant about the usage of wildcards at global levels!!!

mysql> grant replication slave on `%`.* to 'test'@localhost;
ERROR 1221 (HY000): Incorrect usage of DB GRANT and GLOBAL PRIVILEGES

Hope this helps.

Exit mobile version