MySQL Blog Archive
For the latest blogs go to blogs.oracle.com/mysql
New MySQL Utility to Display Grants by Object

We are happy to announce mysqlgrants, a new utility that allows users to display the privileges of grantees over database objects. Together with mysqlbinlogmove, these are the new utilities included in MySQL Utilities release-1.6.0 Alpha.

Mysqlgrants allows you to know which users have access to a specific object or list of objects. Furthermore, it can also show the list of privileges that each user has over said object(s). In short, mysqlgrants simplifies the task of monitoring grants in MySQL helping you ensure users do not have more permissions than necessary, thus keeping data more secure.

Main Features

Below is a summary of the main features of the mysqlgrants utility:

  • Helps DBAs to see which users have what level of access for each object listed.
  • Supports several types of reporting: list just the grantees, the grantees and their respective grants or the grantees together with the DCL statements.
  • Displays global and object-level privileges following the grant hierarchy within MySQL. For example, when showing the grants for a specific table, the global and database privileges that apply are also displayed.
  • Provides a –privileges option that allows DBAs to filter out all grantees that do not have at least a specific set of privileges over the specified objects.

Permissions

The mysqlgrants utility requires the SELECT privilege over the mysql database.

Examples

Below is an example of how to check the grantees and respective privileges
over a set of different object types: databases, procedures and functions.

Here is an example of how to show only the users that have all privileges over a set of specified objects and the respective SQL grant statements.
Notice that while some grantees do not explicitly have the ALL PRIVILEGES grant over a given object, they are still shown as a result of having the set of privileges that is equivalent to ALL PRIVILEGES for the given object type.

The following shows how to list just the grantees with some specific privileges
over a set of objects.

Do you want to know more ?

Try it now and send us your feedback!

MySQL Utilities release-1.6.0 alpha is available for download from the following links.

MySQL developers website: http://dev.mysql.com/downloads/utilities/1.6.html
Launchpad project: https://launchpad.net/mysql-utilities

The documentation of MySQL Utilities can be obtained from the following link:
http://dev.mysql.com/doc/index-gui.html

Contributing Ideas:

Meet us at MySQL Central @ OpenWorld

Do you want to get your hands dirty and ask your questions directly to the MySQL Utilities team?

Participate in the Hands-on Lab session “DevOps Made Easy with MySQL Utilities” at the 2014 MySQL Central @ OpenWorld conference. See this link for details about the session: https://oracleus.activeevents.com/2014/connect/sessionDetail.ww?SESSION_ID=9234

MySQL Community Reception at Oracle OpenWorld: http://eventreg.oracle.com/profile web/index.cfm?PKWebId=0x11859974f4