The MySQL grant system takes stored routines into account as follows:
CREATE ROUTINEprivilege is needed to create stored routines.
ALTER ROUTINEprivilege is needed to alter or drop stored routines. This privilege is granted automatically to the creator of a routine if necessary, and dropped from the creator when the routine is dropped.
EXECUTEprivilege is required to execute stored routines. However, this privilege is granted automatically to the creator of a routine if necessary (and dropped from the creator when the routine is dropped). Also, the default
SQL SECURITYcharacteristic for a routine is
DEFINER, which enables users who have access to the database with which the routine is associated to execute the routine.
automatic_sp_privilegessystem variable is 0, the
ALTER ROUTINEprivileges are not automatically granted to and dropped from the routine creator.
The creator of a routine is the account used to execute the
CREATEstatement for it. This might not be the same as the account named as the
DEFINERin the routine definition.
The server manipulates the
mysql.proc table in
response to statements that create, alter, or drop stored
routines. Manual manipulation of this table is not supported.