Search Results
https://dev.mysql.com/doc/mysql-monitor/8.0/en/mem-acl-role-permissions-ref.html
Permission Groupings Permissions are grouped in the following way: Core Monitored Assets: grant or deny access to the monitored assets and collected data. MEM/Service Manager: grant or deny access to the application and its settings. Permission ...
https://dev.mysql.com/doc/mysql-monitor/8.0/en/security-advisors-ref.html
Default frequency 00:05:00 Default auto-close enabled no Users Can View All Databases On MySQL Server The SHOW DATABASES privilege should be granted only to users who need to see all the databases on a MySQL Server. It is recommended that the MySQL ...Note MySQL Enterprise Firewall and MySQL Enterprise Audit Plug-in advisors are described in MySQL Enterprise Firewall and MySQL Enterprise Audit ...
https://dev.mysql.com/doc/refman/8.4/en/information-schema-administrable-role-authorizations-table.html
The ADMINISTRABLE_ROLE_AUTHORIZATIONS table provides information about which roles applicable for the current user or role can be granted to other users or roles. GRANTEE The user name part of the account to which the role is granted. GRANTEE_HOST ...The ADMINISTRABLE_ROLE_AUTHORIZATIONS table has these columns: USER The user name part of the current user ...
https://dev.mysql.com/doc/refman/8.4/en/innodb-locking.html
If transaction T1 holds a shared (S) lock on row r, then requests from some distinct transaction T2 for a lock on row r are handled as follows: A request by T2 for an S lock can be granted immediately. A request by T2 for an X lock cannot be granted ...Shared and Exclusive Locks Intention Locks Record Locks Gap Locks Next-Key Locks Insert Intention Locks AUTO-INC Locks Predicate Locks for Spatial Indexes Shared and Exclusive Locks InnoDB implements standard row-level locking where there are two types of locks, shared (S) locks and exclusive (X) ...
https://dev.mysql.com/doc/refman/8.4/en/password-management.html
If an account is to be permitted to manipulate secondary passwords for all accounts, it should be granted the CREATE USER privilege rather than APPLICATION_PASSWORD_ADMIN. When the server reads the grant tables, it initializes state information for ... MySQL supports these password-management capabilities: Password expiration, to require passwords to be changed ...
https://dev.mysql.com/doc/refman/8.4/en/resetting-permissions.html
Alternatively, on any platform, you can reset the password using the mysql client (but this approach is less secure): Stop the MySQL server if necessary, then restart it with the --skip-grant-tables option. Because this is insecure, if the server is ... If you have never assigned a root password for MySQL, the server does not require a password at all for connecting as ...
https://dev.mysql.com/doc/refman/8.4/en/stored-objects-security.html
Administrators can prevent users from creating stored objects that specify highly privileged DEFINER accounts by not granting them the SET_ANY_DEFINER privilege. In some cases, you can prevent references to these objects by not granting unauthorized ... Stored programs (procedures, functions, triggers, and events) and views are defined prior to use and, when referenced, execute within a security context that determines their ...
https://dev.mysql.com/doc/refman/8.4/en/view-restrictions.html
If a user is granted the basic privileges necessary to create a view (the CREATE VIEW and SELECT privileges), that user cannot call SHOW CREATE VIEW on that object unless the user is also granted the SHOW VIEW privilege. The workaround to the ...
https://dev.mysql.com/doc/mysql-enterprise-backup/8.4/en/backup-history-table-update.html
Note If you are working with a multiprimary Group Replication setting, make sure these privileges are granted on all primary nodes; see also Chapter 9, Using MySQL Enterprise Backup with Group Replication. Rename the original mysql.backup_history ...
https://dev.mysql.com/doc/extending-mysql/8.4/en/writing-authentication-plugins-proxy-users.html
Use the CREATE USER or GRANT statement to associate accounts with plugins. One of the capabilities that pluggable authentication makes possible is proxy users (see Proxy Users). For a server-side authentication plugin to participate in proxy user ...