Specifications
The REVOKE Command
The opposite of GRANT is REVOKE. It is used to take privileges away from a user. It is very simi-
lar to GRANT in syntax:
REVOKE privileges [(columns)]
ON item
FROM user_name
If you have given the WITH GRANT OPTION clause, you can revoke this by doing:
REVOKE GRANT OPTION
ON item
FROM user_name
Examples Using GRANT and REVOKE
To set up an administrator, you can type
mysql> grant all
-> on *
-> to fred identified by ‘mnb123’
-> with grant option;
This grants all privileges on all databases to a user called Fred with the password mnb123, and
allows him to pass on those privileges.
Chances are you don’t want this user in your system, so go ahead and revoke him:
mysql> revoke all
-> on *
-> from fred;
Now let’s set up a regular user with no privileges:
mysql> grant usage
-> on books.*
-> to sally identified by ‘magic123’;
After talking to Sally, we know a bit more about what she wants to do, so we can give her the
appropriate privileges:
mysql> grant select, insert, update, delete, index, alter, create, drop
-> on books.*
-> to sally;
Note that we don’t need to specify Sally’s password in order to do this.
If we decide that Sally has been up to something in the database, we might decide to reduce
her privileges:
Using MySQL
P
ART II
192
11 7842 CH08 3/6/01 3:38 PM Page 192