Remove Permissions for a MySQL User on Linux via Command Line

MySQL via Command Line 102: Basic User Interaction
  1. Create a MySQL User on Linux via Command Line
  2. Grant Permissions to a MySQL User on Linux via Command Line
  3. Remove Permissions for a MySQL User on Linux via Command Line
  4. Remove a MySQL User on Linux via Command Line
Reading Time: 2 minutes
How to Remove Permissions for a MySQL user on Linux via Command Line
Preflight Check
  • These instructions are intended for revoking a MySQL user permissions on Linux via the command line
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I'll be logged in as root.
Login to MySQL

First we'll log in to the MySQL server from the command line with the following command:

mysql -u root -p

In this case, I've specified the user root with the -u flag, and then used the -p flag so MySQL prompts for a password. Enter your current password to complete the login.

If you need to change your root (or any other) password in the database, then follow this tutorial on changing a password for MySQL via the command line.

You should now be at a MySQL prompt that looks very similar to this:

mysql>

If you haven't yet created a MySQL user, please refer to our tutorial on creating a MySQL user.

View Grants for MySQL User

Use the following command to check the grants for the user testuser :

SHOW GRANTS FOR 'testuser'@'localhost';

Revoke Permissions to MySQL User

The basic syntax for revoking permissions is as follows:

REVOKE permission ON database.table FROM 'user'@'localhost';

Here is a short list of commonly used permissions :

  • ALL - Allow complete access to a specific database. If a database is not specified, then allow complete access to the entirety of MySQL.
  • CREATE - Allow a user to create databases and tables.
  • DELETE - Allow a user to delete rows from a table.
  • DROP - Allow a user to drop databases and tables.
  • EXECUTE - Allow a user to execute stored routines.
  • GRANT OPTION - Allow a user to grant or remove another user's privileges.
  • INSERT - Allow a user to insert rows from a table.
  • SELECT - Allow a user to select data from a database.
  • SHOW DATABASES- Allow a user to view a list of all databases.
  • UPDATE - Allow a user to update rows in a table.

Example #1: To revoke CREATE permissions for all databases * and all tables * from the user we created in a previous tutorial, testuser , use the following command:

REVOKE CREATE ON *.* FROM 'testuser'@'localhost';

Using an asterisk (*) in the place of the database or table is a completely valid option, and implies all databases or all tables.

Example #2: To revoke testuser the ability to drop tables in the specific database, tutorial_database , use the DROP permission:

REVOKE DROP ON tutorial_database.* FROM 'testuser'@'localhost';

Note: If the specified user does not have the specified permission, then you will receive an error. Be sure to use the SHOW GRANTS command, as demonstrated above, to see what permissions are granted.

When finished making your permission changes, it's good practice to reload all the privileges with the flush command!

FLUSH PRIVILEGES;

Series Navigation
<< Previous ArticleNext Article >>

About the Author: Justin Palmer

Categories
Have Some Questions?

Our Sales and Support teams are available 24 hours by phone or e-mail to assist.

1.800.580.4985
1.517.322.0434

Latest Articles

Tutorials

How to Install and Configure HAProxy on CentOS 7

Read Article
Products

Restoring Files From an Acronis VMware Backup

Read Article
Other

Liquid Web’s Incident Management Process

Read Article
Security Bulletins

Microsoft Exchange Server Security Update

Read Article
Technical Support

How to Monitor Your Server in WHM

Read Article