- MySQL Basics
- MySQL - Home
- MySQL - Introduction
- MySQL - Features
- MySQL - Versions
- MySQL - Variables
- MySQL - Installation
- MySQL - Administration
- MySQL - PHP Syntax
- MySQL - Node.js Syntax
- MySQL - Java Syntax
- MySQL - Python Syntax
- MySQL - Connection
- MySQL - Workbench
- MySQL Databases
- MySQL - Create Database
- MySQL - Drop Database
- MySQL - Select Database
- MySQL - Show Database
- MySQL - Copy Database
- MySQL - Database Export
- MySQL - Database Import
- MySQL - Database Info
- MySQL Users
- MySQL - Create Users
- MySQL - Drop Users
- MySQL - Show Users
- MySQL - Change Password
- MySQL - Grant Privileges
- MySQL - Show Privileges
- MySQL - Revoke Privileges
- MySQL - Lock User Account
- MySQL - Unlock User Account
- MySQL Tables
- MySQL - Create Tables
- MySQL - Show Tables
- MySQL - Alter Tables
- MySQL - Rename Tables
- MySQL - Clone Tables
- MySQL - Truncate Tables
- MySQL - Temporary Tables
- MySQL - Repair Tables
- MySQL - Describe Tables
- MySQL - Add/Delete Columns
- MySQL - Show Columns
- MySQL - Rename Columns
- MySQL - Table Locking
- MySQL - Drop Tables
- MySQL - Derived Tables
- MySQL Queries
- MySQL - Queries
- MySQL - Constraints
- MySQL - Insert Query
- MySQL - Select Query
- MySQL - Update Query
- MySQL - Delete Query
- MySQL - Replace Query
- MySQL - Insert Ignore
- MySQL - Insert on Duplicate Key Update
- MySQL - Insert Into Select
- MySQL Indexes
- MySQL - Indexes
- MySQL - Create Index
- MySQL - Drop Index
- MySQL - Show Indexes
- MySQL - Unique Index
- MySQL - Clustered Index
- MySQL - Non-Clustered Index
- MySQL Operators and Clauses
- MySQL - Where Clause
- MySQL - Limit Clause
- MySQL - Distinct Clause
- MySQL - Order By Clause
- MySQL - Group By Clause
- MySQL - Having Clause
- MySQL - AND Operator
- MySQL - OR Operator
- MySQL - Like Operator
- MySQL - IN Operator
- MySQL - ANY Operator
- MySQL - EXISTS Operator
- MySQL - NOT Operator
- MySQL - NOT EQUAL Operator
- MySQL - IS NULL Operator
- MySQL - IS NOT NULL Operator
- MySQL - Between Operator
- MySQL - UNION Operator
- MySQL - UNION vs UNION ALL
- MySQL - MINUS Operator
- MySQL - INTERSECT Operator
- MySQL - INTERVAL Operator
- MySQL Joins
- MySQL - Using Joins
- MySQL - Inner Join
- MySQL - Left Join
- MySQL - Right Join
- MySQL - Cross Join
- MySQL - Full Join
- MySQL - Self Join
- MySQL - Delete Join
- MySQL - Update Join
- MySQL - Union vs Join
- MySQL Keys
- MySQL - Unique Key
- MySQL - Primary Key
- MySQL - Foreign Key
- MySQL - Composite Key
- MySQL - Alternate Key
- MySQL Triggers
- MySQL - Triggers
- MySQL - Create Trigger
- MySQL - Show Trigger
- MySQL - Drop Trigger
- MySQL - Before Insert Trigger
- MySQL - After Insert Trigger
- MySQL - Before Update Trigger
- MySQL - After Update Trigger
- MySQL - Before Delete Trigger
- MySQL - After Delete Trigger
- MySQL Data Types
- MySQL - Data Types
- MySQL - VARCHAR
- MySQL - BOOLEAN
- MySQL - ENUM
- MySQL - DECIMAL
- MySQL - INT
- MySQL - FLOAT
- MySQL - BIT
- MySQL - TINYINT
- MySQL - BLOB
- MySQL - SET
- MySQL Regular Expressions
- MySQL - Regular Expressions
- MySQL - RLIKE Operator
- MySQL - NOT LIKE Operator
- MySQL - NOT REGEXP Operator
- MySQL - regexp_instr() Function
- MySQL - regexp_like() Function
- MySQL - regexp_replace() Function
- MySQL - regexp_substr() Function
- MySQL Fulltext Search
- MySQL - Fulltext Search
- MySQL - Natural Language Fulltext Search
- MySQL - Boolean Fulltext Search
- MySQL - Query Expansion Fulltext Search
- MySQL - ngram Fulltext Parser
- MySQL Functions & Operators
- MySQL - Date and Time Functions
- MySQL - Arithmetic Operators
- MySQL - Numeric Functions
- MySQL - String Functions
- MySQL - Aggregate Functions
- MySQL Misc Concepts
- MySQL - NULL Values
- MySQL - Transactions
- MySQL - Using Sequences
- MySQL - Handling Duplicates
- MySQL - SQL Injection
- MySQL - SubQuery
- MySQL - Comments
- MySQL - Check Constraints
- MySQL - Storage Engines
- MySQL - Export Table into CSV File
- MySQL - Import CSV File into Database
- MySQL - UUID
- MySQL - Common Table Expressions
- MySQL - On Delete Cascade
- MySQL - Upsert
- MySQL - Horizontal Partitioning
- MySQL - Vertical Partitioning
- MySQL - Cursor
- MySQL - Stored Functions
- MySQL - Signal
- MySQL - Resignal
- MySQL - Character Set
- MySQL - Collation
- MySQL - Wildcards
- MySQL - Alias
- MySQL - ROLLUP
- MySQL - Today Date
- MySQL - Literals
- MySQL - Stored Procedure
- MySQL - Explain
- MySQL - JSON
- MySQL - Standard Deviation
- MySQL - Find Duplicate Records
- MySQL - Delete Duplicate Records
- MySQL - Select Random Records
- MySQL - Show Processlist
- MySQL - Change Column Type
- MySQL - Reset Auto-Increment
- MySQL - Coalesce() Function
MySQL - REVOKE Statement
Earlier, we discussed how a root user gets access to a MySQL server with default privileges after installation. These privileges are sufficient for performing basic operations on the data. However, in some special situations, users might need to request the server's host to take away certain privileges. To do so, we use the MySQL REVOKE statement.
The MySQ REVOKE statement
The MySQL REVOKE statement is used to remove certain administrative privileges or roles from users. It revokes permissions that were previously granted.
Syntax
Following is the syntax of the MySQL REVOKE Statement −
REVOKE privileges ON database_name.table_name FROM 'user'@'host';
Example
Assume we have created a user named 'test_user'@'localhost' in MySQL using the CREATE USER statement as shown below −
CREATE USER 'test_user'@'localhost' IDENTIFIED BY 'testpassword';
Following is the output produced −
Query OK, 0 rows affected (0.23 sec)
Now, let us create a database named 'test_database' −
CREATE DATABASE test_database;
The output produced is as follows −
Query OK, 1 row affected (0.56 sec)
Next, we will use the created database −
USE test_database;
We get the output as shown below −
Database changed
Now, let us create a table in the database −
CREATE TABLE MyTable(data VARCHAR(255));
The output obtained is as follows −
Query OK, 0 rows affected (0.67 sec)
Following query grants privileges on the table created above to the user 'test_user'@'localhost −
GRANT SELECT ON test_database.MyTable TO 'test_user'@'localhost';
After executing the above code, we get the following output −
Query OK, 0 rows affected (0.31 sec)
You can verify the granted privileges using the SHOW GRANTS statements −
SHOW GRANTS FOR 'test_user'@'localhost';
The output we get is as shown below −
| Grants for test_user@localhost |
|---|
| GRANT USAGE ON *.* TO `test_user`@`localhost` |
| GRANT SELECT ON `test_database`.`mytable` TO `test_user`@`localhost` |
Now, you can revoke the above granted privilege using the REVOKE statement as shown below −
REVOKE SELECT ON test_database.MyTable FROM 'test_user'@'localhost';
We get the output as follows −
Query OK, 0 rows affected (0.25 sec)
Verification
We can verify whether the SELECT privilege has been revoked or not using the SHOW GRANTS statements as shown below −
SHOW GRANTS FOR 'test_user'@'localhost';
We can see that the output no longer lists the SELECT privilege, indicating that it has been revoked −
| Grants for test_user@localhost |
|---|
| GRANT USAGE ON *.* TO `test_user`@`localhost` |
Revoking All Privileges
If a user has multiple privileges with a user, you can revoke all those privileges at once using the REVOKE ALL statement in MySQL.
Syntax
Following is the syntax to revoke all privileges in MySQL −
REVOKE ALL PRIVILEGES ON *.* FROM 'user'@'host';
Example
Assume we have created a user as follows −
CREATE USER 'sample_user'@'localhost';
Following is the output produced −
Query OK, 0 rows affected (0.18 sec)
We also create a procedure as shown below −
DELIMITER //
CREATE PROCEDURE sample ()
BEGIN
SELECT 'This is a sample procedure';
END//
DELIMITER ;
The output obtained is as follows −
Query OK, 0 rows affected (0.29 sec)
Additionally, we create a table named 'sample' in a database −
CREATE TABLE sample(data INT);
We get the output as shown below −
Query OK, 0 rows affected (0.68 sec)
Now, the following queries grants ALTER ROUTINE, EXECUTE privileges on the above created procedure to the user named 'sample_user'@'localhost'.
GRANT ALTER ROUTINE, EXECUTE ON PROCEDURE test_database.sample TO 'sample_user'@'localhost';
Output of the above code is as shown below −
Query OK, 0 rows affected (0.20 sec)
Similarly, following query grants SELECT, INSERT and UPDATE privileges on the table 'sample' to the user 'sample_user'@'localhost −
GRANT SELECT, INSERT, UPDATE ON test.sample TO 'sample_user'@'localhost';
The result produced is −
Query OK, 0 rows affected (0.14 sec)
You can verify the list of all privileges granted for the user using the SHOW GRANTS statement −
SHOW GRANTS FOR 'sample_user'@'localhost';
The result obtained is as follows −
| Grants for sample_user@localhost |
|---|
| GRANT USAGE ON *.* TO `sample_user`@`localhost` |
| GRANT SELECT, INSERT, UPDATE ON `test`.`sample` TO `sample_user`@`localhost` |
| GRANT EXECUTE, ALTER ROUTINE ON PROCEDURE `test_database`.`sample` TO `sample_user`@`localhost` |
Finally, to revoke all the privileges granted to 'sample_user'@'localhost', you can use the following statement −
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'sample_user'@'localhost';
The result produced is −
Query OK, 0 rows affected (0.30 sec)
Verification
After revoking privileges, you can check the user's grants again −
SHOW GRANTS FOR 'sample_user'@'localhost';
The output below confirms that all privileges have been revoked −
| Grants for sample_user@localhost |
|---|
| GRANT USAGE ON *.* TO `sample_user`@`localhost` |
Revoking Proxy Privilege
You can make one user as a proxy of another by granting the PROXY privilege to it. If you do so, both users have the same privileges.
Example
Assume we have created users named sample_user, proxy_user in MySQL using the CREATE statement −
CREATE USER sample_user, proxy_user IDENTIFIED BY 'testpassword';
Following is the output obtained −
Query OK, 0 rows affected (0.52 sec)
Now, we are creating a table 'Employee' −
CREATE TABLE Employee ( ID INT, Name VARCHAR(15), Phone INT, SAL INT);
We get the output as shown below −
Query OK, 0 rows affected (6.47 sec)
Following query grants SELECT and INSERT privileges on the table created above, to the user sample_user −
GRANT SELECT, INSERT ON Emp TO sample_user;
The output obtained is as follows −
Query OK, 0 rows affected (0.28 sec)
Now, we can assign proxy privileges to the user proxy_user using the GRANT statement as shown below −
GRANT PROXY ON sample_user TO proxy_user;
The result produced is −
Query OK, 0 rows affected (1.61 sec)
You can revoke a proxy privilege using the REVOKE PROXY statement as shown below −
REVOKE PROXY ON sample_user FROM proxy_user;
We get the following result −
Query OK, 0 rows affected (0.33 sec)
Revoking a Role
A role in MySQL is a set of privileges with name. You can create one or more roles in MySQL using the CREATE ROLE statement. If you use the GRANT statement without the ON clause, you can grant a role instead of privileges.
Example
Following query creates a role named TestRole_ReadOnly −
CREATE ROLE 'TestRole_ReadOnly';
Following is the output of the above code −
Query OK, 0 rows affected (0.13 sec)
Now, let us grant read only privilege to the created role using the GRANT statement −
GRANT SELECT ON * . * TO 'TestRole_ReadOnly';
The result obtained is −
Query OK, 0 rows affected (0.14 sec)
Then, you can GRANT the created role to a user as follows −
CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';
Output of the above code is as follows −
Query OK, 0 rows affected (0.14 sec)
Next, you can grant the 'TestRole_ReadOnly' role to the 'newuser'@'localhost'−
GRANT 'TestRole_ReadOnly' TO 'newuser'@'localhost';
We get the following result −
Query OK, 0 rows affected (0.13 sec)
Following query revokes the role from the user −
REVOKE 'TestRole_ReadOnly' FROM 'newuser'@'localhost';
After executing the above code, we get the following output −
Query OK, 0 rows affected (1.23 sec)
Revoking Privileges Using a Client Program
We can also revoke privileges from a MySQL user using a client program.
Syntax
Following are the syntaxes to revoke MySQL Privileges in various programming languages −
To revoke all the privileges granted to an user in MySQL database using the PHP program, we need to execute the REVOKE ALL statement as shown below −
$sql = "REVOKE ALL, GRANT OPTION FROM user_name"; $mysqli->query($sql);
Following is the syntax to revoke a particular privilege from the desired user using a JavaScript program −
sql= "REVOKE privilege_name(s) ON object FROM user_account_name";
con.query(sql, function (err, result) {
if (err) throw err;
console.log(result);
});
To revoke all the privileges granted to a particular user, we need to execute the REVOKE ALL PRIVILEGES statement using the JDBC execute() function as −
String sql = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM USER_NAME"; statement.execute(sql);
Following is the syntax to revoke a particular privilege to the desired user using a Python program −
sql = f"REVOKE {privileges} ON your_database.* FROM '{username_to_revoke}'@'localhost'";
cursorObj.execute(sql);
Example
Following are the implementations of this operation in various programming languages −
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'password';
$mysqli = new mysqli($dbhost, $dbuser, $dbpass);
if($mysqli->connect_errno ) {
printf("Connect failed: %s
", $mysqli->connect_error);
exit();
}
//printf('Connected successfully.
');
$sql = "REVOKE ALL, GRANT OPTION FROM Sarika";
if($result = $mysqli->query($sql)){
printf("Revoke privileges executed successfully...!");
}
if($mysqli->error){
printf("Failed..!" , $mysqli->error);
}
$mysqli->close();
Output
The output obtained is as follows −
Revoke privileges executed successfully...!
var mysql = require('mysql2');
var con = mysql.createConnection({
host: "localhost",
user: "root",
password: "Nr5a0204@123"
});
//Connecting to MySQL
con.connect(function (err) {
if (err) throw err;
console.log("Connected!");
console.log("--------------------------");
sql = "CREATE USER 'test_user'@'localhost' IDENTIFIED BY 'testpassword';"
con.query(sql);
sql = "CREATE DATABASE test_database;"
con.query(sql);
sql = "USE test_database;"
con.query(sql);
sql = "CREATE TABLE MyTable(data VARCHAR(255));"
con.query(sql);
sql = "GRANT SELECT ON test_database.MyTable TO 'test_user'@'localhost';"
con.query(sql);
sql = "SHOW GRANTS FOR 'test_user'@'localhost';";
con.query(sql, function(err, result){
if (err) throw err;
console.log("**Granted privileges:**");
console.log(result);
console.log("--------------------------");
});
sql = "REVOKE SELECT ON test_database.MyTable FROM 'test_user'@'localhost';"
con.query(sql);
sql = "SHOW GRANTS FOR 'test_user'@'localhost';";
con.query(sql, function(err, result){
if (err) throw err;
console.log("**Grants after revoking:**");
console.log(result);
});
});
Output
The output produced is as follows −
Connected!
--------------------------
**Granted privileges:**
[
{
'Grants for test_user@localhost': 'GRANT USAGE ON *.* TO `test_user`@`localhost`'
},
{
'Grants for test_user@localhost': 'GRANT SELECT ON `test_database`.`mytable` TO `test_user`@`localhost`'
}
]
--------------------------
**Grants after revoking:**
[
{
'Grants for test_user@localhost': 'GRANT USAGE ON *.* TO `test_user`@`localhost`'
}
]
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
public class RevokePriv {
public static void main(String[] args) {
String url = "jdbc:mysql://localhost:3306/TUTORIALS";
String user = "root";
String password = "password";
try {
Class.forName("com.mysql.cj.jdbc.Driver");
Connection con = DriverManager.getConnection(url, user, password);
Statement st = con.createStatement();
//System.out.println("Database connected successfully...!");
String sql = "REVOKE ALL PRIVILEGES, GRANT OPTION FROM Vivek";
st.execute(sql);
System.out.println("You revoked all the privileges form user 'Vivek'");
}catch(Exception e) {
e.printStackTrace();
}
}
}
Output
The output obtained is as shown below −
You revoked all the privileges form user 'Vivek'
import mysql.connector
# creating the connection object
connection = mysql.connector.connect(
host='localhost',
user='root',
password='password'
)
username_to_revoke = 'newUser'
# privileges we want to revoke
privileges = 'SELECT, INSERT, UPDATE'
# Create a cursor object for the connection
cursorObj = connection.cursor()
cursorObj.execute(f"REVOKE {privileges} ON your_database.* FROM '{username_to_revoke}'@'localhost'")
print(f"Privileges revoked from the user '{username_to_revoke}' successfully.")
cursorObj.close()
connection.close()
Output
Following is the output of the above code −
Privileges revoked from the user 'newUser' successfully.