Database Reference
In-Depth Information
Table 13-1. Privileges for GRANT and REVOKE statements
Privilege
Description
ALL
[PRIVILEGES]
Grantsall of the basic privileges. Does not include the
GRANT OPTION
.
ALTER
Allowsuse ofthe
ALTER TABLE
statement, but requires also the
CREATE
and
INSERT
privileges.
DROP
is also needed to rename a table. This is a security risk: someone could
rename a table to get access to it.
ALTER
ROUTINE
Allows useraccount to alter or drop stored routines. This includes the
ALTER FUNCTION
and
ALTER PROCEDURE
statements, as well as the
DROP FUNCTION
and
DROP
PROCEDURE
statements.
CREATE
Allowsuse of the
CREATE TABLE
statement. Needs
INDEX
privilege to define indexes.
CREATE
ROUTINE
Allowsuser account to create stored routines. This includesthe
CREATE FUNCTION
and
CREATE PROCEDURE
statements. Gives the user has
ALTER ROUTINE
privileges to any
routine he creates.
CREATE
TEMPORARY
TABLES
Allowsthe
CREATE TEMPORARY TABLES
statement to be used.
CREATE
USER
Allowsthe user account the ability to execute several useraccount management state-
ments:
CREATE USER
,
RENAME USER
,
REVOKE ALL PRIVILEGES
, and the
DROP USER
statements.
CREATE
VIEW
Permitsthe
CREATE VIEW
statement.
DELETE
Allowsthe
DELETE
statement to be used.
DROP
Permitsthe user to execute
DROP TABLE
and
TRUNCATE
statements.
EVENT
Allowsthe user account to create events for the event scheduler. It allows the use of the
CREATE EVENT
,
ALTER EVENT
, and the
DROP EVENT
statements.
EXECUTE
Allowsthe execution of stored procedures, the
EXECUTE
statement.
FILE
Allowsthe use of
SELECT...INTO OUTFILE
and
LOAD DATA INFILE
statements to
export and import to and from a filesystem. This is a security risk. It can be limited to
specific directories with the
secure_file_priv
variable.
