Related Documentation Download this Manual
PDF (US Ltr) - 48.2Mb
PDF (A4) - 48.3Mb
PDF (RPM) - 43.6Mb
HTML Download (TGZ) - 11.0Mb
HTML Download (Zip) - 11.1Mb
HTML Download (RPM) - 9.5Mb
Man Pages (TGZ) - 238.6Kb
Man Pages (Zip) - 343.2Kb
Info (Gzip) - 4.3Mb
Info (Zip) - 4.3Mb
Excerpts from this Manual

MySQL 8.0 Reference Manual  /  ...  /  Stored Routines and MySQL Privileges

24.2.2 Stored Routines and MySQL Privileges

The MySQL grant system takes stored routines into account as follows:

  • The CREATE ROUTINE privilege is needed to create stored routines.

  • The ALTER ROUTINE privilege is needed to alter or drop stored routines. This privilege is granted automatically to the creator of a routine if necessary, and dropped from the creator when the routine is dropped.

  • The EXECUTE privilege is required to execute stored routines. However, this privilege is granted automatically to the creator of a routine if necessary (and dropped from the creator when the routine is dropped). Also, the default SQL SECURITY characteristic for a routine is DEFINER, which enables users who have access to the database with which the routine is associated to execute the routine.

  • If the automatic_sp_privileges system variable is 0, the EXECUTE and ALTER ROUTINE privileges are not automatically granted to and dropped from the routine creator.

  • The creator of a routine is the account used to execute the CREATE statement for it. This might not be the same as the account named as the DEFINER in the routine definition.

  • The account named as a routine DEFINER can see all routine properties, including its definition. The account thus has full access to the routine output as produced by:

  • For an account other than the account named as the routine DEFINER, access to routine properties depends on the privileges granted to the account:

    • With the SHOW_ROUTINE privilege or the global SELECT privilege, the account can see all routine properties, including its definition.

    • With the CREATE ROUTINE, ALTER ROUTINE or EXECUTE privilege granted at a scope that includes the routine, the account can see all routine properties except its definition.