Mozilla/mozilla/webtools/bugzilla/docs/html/granttables.html

<HTML
><HEAD
><TITLE
>MySQL Permissions &#38; Grant Tables</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="The Bugzilla Guide"
HREF="index.html"><LINK
REL="UP"
TITLE="The Bugzilla Database"
HREF="database.html"><LINK
REL="PREVIOUS"
TITLE="MySQL Bugzilla Database Introduction"
HREF="dbdoc.html"><LINK
REL="NEXT"
TITLE="Useful Patches and Utilities for Bugzilla"
HREF="patches.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>The Bugzilla Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="dbdoc.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Appendix B. The Bugzilla Database</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="patches.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="granttables">B.3. MySQL Permissions &#38; Grant Tables</H1
><DIV
CLASS="note"
><P
></P
><TABLE
CLASS="note"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
>The following portion of documentation comes from my answer to an
      old discussion of Keystone, a cool product that does trouble-ticket
      tracking for IT departments. I wrote this post to the Keystone support
      group regarding MySQL grant table permissions, and how to use them
      effectively. It is badly in need of updating, as I believe MySQL has
      added a field or two to the grant tables since this time, but it serves
      as a decent introduction and troubleshooting document for grant table
      issues. I used Keynote to track my troubles until I discovered
      Bugzilla, which gave me a whole new set of troubles to work on : )
      Although it is of limited use, it still has SOME use, thus it's still
      included.</P
><P
>Please note, however, that I was a relatively new user to MySQL
      at the time. Some of my suggestions, particularly in how to set up
      security, showed a terrible lack of security-related database
      experience.</P
></TD
></TR
></TABLE
></DIV
><P
CLASS="literallayout"
>From&nbsp;matt_barnson@singletrac.com&nbsp;Wed&nbsp;Jul&nbsp;7&nbsp;09:00:07&nbsp;1999<br>
&nbsp;&nbsp;&nbsp;&nbsp;Date:&nbsp;Mon,&nbsp;1&nbsp;Mar&nbsp;1999&nbsp;21:37:04&nbsp;-0700&nbsp;From:&nbsp;Matthew&nbsp;Barnson<br>
&nbsp;&nbsp;&nbsp;&nbsp;matt_barnson@singletrac.com&nbsp;To:&nbsp;keystone-users@homeport.org&nbsp;Subject:<br>
&nbsp;&nbsp;&nbsp;&nbsp;[keystone-users]&nbsp;Grant&nbsp;Tables&nbsp;FAQ&nbsp;[The&nbsp;following&nbsp;text&nbsp;is&nbsp;in&nbsp;the<br>
&nbsp;&nbsp;&nbsp;&nbsp;"iso-8859-1"&nbsp;character&nbsp;set]&nbsp;[Your&nbsp;display&nbsp;is&nbsp;set&nbsp;for&nbsp;the&nbsp;"US-ASCII"<br>
&nbsp;&nbsp;&nbsp;&nbsp;character&nbsp;set]&nbsp;[Some&nbsp;characters&nbsp;may&nbsp;be&nbsp;displayed&nbsp;incorrectly]&nbsp;Maybe&nbsp;we<br>
&nbsp;&nbsp;&nbsp;&nbsp;can&nbsp;include&nbsp;this&nbsp;rambling&nbsp;message&nbsp;in&nbsp;the&nbsp;Keystone&nbsp;FAQ?&nbsp;It&nbsp;gets&nbsp;asked&nbsp;a<br>
&nbsp;&nbsp;&nbsp;&nbsp;lot,&nbsp;and&nbsp;the&nbsp;only&nbsp;option&nbsp;current&nbsp;listed&nbsp;in&nbsp;the&nbsp;FAQ&nbsp;is<br>
&nbsp;&nbsp;&nbsp;&nbsp;"--skip-grant-tables".&nbsp;Really,&nbsp;you&nbsp;can't&nbsp;go&nbsp;wrong&nbsp;by&nbsp;reading&nbsp;section&nbsp;6&nbsp;of<br>
&nbsp;&nbsp;&nbsp;&nbsp;the&nbsp;MySQL&nbsp;manual,&nbsp;at&nbsp;http://www.mysql.com/Manual/manual.html.&nbsp;I&nbsp;am&nbsp;sure<br>
&nbsp;&nbsp;&nbsp;&nbsp;their&nbsp;description&nbsp;is&nbsp;better&nbsp;than&nbsp;mine.&nbsp;MySQL&nbsp;runs&nbsp;fine&nbsp;without<br>
&nbsp;&nbsp;&nbsp;&nbsp;permissions&nbsp;set&nbsp;up&nbsp;correctly&nbsp;if&nbsp;you&nbsp;run&nbsp;the&nbsp;mysql&nbsp;daemon&nbsp;with&nbsp;the<br>
&nbsp;&nbsp;&nbsp;&nbsp;"--skip-grant-tables"&nbsp;option.&nbsp;Running&nbsp;this&nbsp;way&nbsp;denies&nbsp;access&nbsp;to&nbsp;nobody.<br>
&nbsp;&nbsp;&nbsp;&nbsp;Unfortunately,&nbsp;unless&nbsp;you've&nbsp;got&nbsp;yourself&nbsp;firewalled&nbsp;it&nbsp;also&nbsp;opens&nbsp;the<br>
&nbsp;&nbsp;&nbsp;&nbsp;potential&nbsp;for&nbsp;abuse&nbsp;if&nbsp;someone&nbsp;knows&nbsp;you're&nbsp;running&nbsp;it.&nbsp;Additionally,&nbsp;the<br>
&nbsp;&nbsp;&nbsp;&nbsp;default&nbsp;permissions&nbsp;for&nbsp;MySQL&nbsp;allow&nbsp;anyone&nbsp;at&nbsp;localhost&nbsp;access&nbsp;to&nbsp;the<br>
&nbsp;&nbsp;&nbsp;&nbsp;database&nbsp;if&nbsp;the&nbsp;database&nbsp;name&nbsp;begins&nbsp;with&nbsp;"test_"&nbsp;or&nbsp;is&nbsp;named&nbsp;"test"<br>
&nbsp;&nbsp;&nbsp;&nbsp;(i.e.&nbsp;"test_keystone").&nbsp;You&nbsp;can&nbsp;change&nbsp;the&nbsp;name&nbsp;of&nbsp;your&nbsp;database&nbsp;in&nbsp;the<br>
&nbsp;&nbsp;&nbsp;&nbsp;keystone.conf&nbsp;file&nbsp;($sys_dbname).&nbsp;This&nbsp;is&nbsp;the&nbsp;way&nbsp;I&nbsp;am&nbsp;doing&nbsp;it&nbsp;for&nbsp;some<br>
&nbsp;&nbsp;&nbsp;&nbsp;of&nbsp;my&nbsp;databases,&nbsp;and&nbsp;it&nbsp;works&nbsp;fine.&nbsp;The&nbsp;methods&nbsp;described&nbsp;below&nbsp;assume<br>
&nbsp;&nbsp;&nbsp;&nbsp;you're&nbsp;running&nbsp;MySQL&nbsp;on&nbsp;the&nbsp;same&nbsp;box&nbsp;as&nbsp;your&nbsp;webserver,&nbsp;and&nbsp;that&nbsp;you<br>
&nbsp;&nbsp;&nbsp;&nbsp;don't&nbsp;mind&nbsp;if&nbsp;your&nbsp;$sys_dbuser&nbsp;for&nbsp;Keystone&nbsp;has&nbsp;superuser&nbsp;access.&nbsp;See<br>
&nbsp;&nbsp;&nbsp;&nbsp;near&nbsp;the&nbsp;bottom&nbsp;of&nbsp;this&nbsp;message&nbsp;for&nbsp;a&nbsp;description&nbsp;of&nbsp;what&nbsp;each&nbsp;field<br>
&nbsp;&nbsp;&nbsp;&nbsp;does.&nbsp;Method&nbsp;#1:&nbsp;1.&nbsp;cd&nbsp;/var/lib&nbsp;#location&nbsp;where&nbsp;you'll&nbsp;want&nbsp;to&nbsp;run<br>
&nbsp;&nbsp;&nbsp;&nbsp;/usr/bin/mysql_install_db&nbsp;shell&nbsp;script&nbsp;from&nbsp;to&nbsp;get&nbsp;it&nbsp;to&nbsp;work.&nbsp;2.&nbsp;ln&nbsp;-s<br>
&nbsp;&nbsp;&nbsp;&nbsp;mysql&nbsp;data&nbsp;#&nbsp;soft&nbsp;links&nbsp;the&nbsp;"mysql"&nbsp;directory&nbsp;to&nbsp;"data",&nbsp;which&nbsp;is&nbsp;what<br>
&nbsp;&nbsp;&nbsp;&nbsp;mysql_install_db&nbsp;expects.&nbsp;Alternately,&nbsp;you&nbsp;can&nbsp;edit&nbsp;mysql_install_db&nbsp;and<br>
&nbsp;&nbsp;&nbsp;&nbsp;change&nbsp;all&nbsp;the&nbsp;"./data"&nbsp;references&nbsp;to&nbsp;"./mysql".&nbsp;3.&nbsp;Edit<br>
&nbsp;&nbsp;&nbsp;&nbsp;/usr/bin/mysql_install_db&nbsp;with&nbsp;your&nbsp;favorite&nbsp;text&nbsp;editor&nbsp;(vi,&nbsp;emacs,&nbsp;jot,<br>
&nbsp;&nbsp;&nbsp;&nbsp;pico,&nbsp;etc.)&nbsp;A)&nbsp;Copy&nbsp;the&nbsp;"INSERT&nbsp;INTO&nbsp;db&nbsp;VALUES<br>
&nbsp;&nbsp;&nbsp;&nbsp;('%','test\_%','','Y','Y','Y','Y','Y','Y');"&nbsp;and&nbsp;paste&nbsp;it&nbsp;immediately<br>
&nbsp;&nbsp;&nbsp;&nbsp;after&nbsp;itself.&nbsp;Chage&nbsp;the&nbsp;'test\_%'&nbsp;value&nbsp;to&nbsp;'keystone',&nbsp;or&nbsp;the&nbsp;value&nbsp;of<br>
&nbsp;&nbsp;&nbsp;&nbsp;$sys_dbname&nbsp;in&nbsp;keystone.conf.&nbsp;B)&nbsp;If&nbsp;you&nbsp;are&nbsp;running&nbsp;your&nbsp;keystone<br>
&nbsp;&nbsp;&nbsp;&nbsp;database&nbsp;with&nbsp;any&nbsp;user,&nbsp;you'll&nbsp;need&nbsp;to&nbsp;copy&nbsp;the&nbsp;"INSERT&nbsp;INTO&nbsp;user&nbsp;VALUES<br>
&nbsp;&nbsp;&nbsp;&nbsp;('localhost','root','','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');"&nbsp;line<br>
&nbsp;&nbsp;&nbsp;&nbsp;after&nbsp;itself&nbsp;and&nbsp;change&nbsp;'root'&nbsp;to&nbsp;the&nbsp;name&nbsp;of&nbsp;the&nbsp;keystone&nbsp;database&nbsp;user<br>
&nbsp;&nbsp;&nbsp;&nbsp;($sys_dbuser)&nbsp;in&nbsp;keystone.conf.&nbsp;#&nbsp;adds&nbsp;entries&nbsp;to&nbsp;the&nbsp;script&nbsp;to&nbsp;create<br>
&nbsp;&nbsp;&nbsp;&nbsp;grant&nbsp;tables&nbsp;for&nbsp;specific&nbsp;hosts&nbsp;and&nbsp;users.&nbsp;The&nbsp;user&nbsp;you&nbsp;set&nbsp;up&nbsp;has<br>
&nbsp;&nbsp;&nbsp;&nbsp;super-user&nbsp;access&nbsp;($sys_dbuser)&nbsp;--&nbsp;you&nbsp;may&nbsp;or&nbsp;may&nbsp;not&nbsp;want&nbsp;this.&nbsp;The<br>
&nbsp;&nbsp;&nbsp;&nbsp;layout&nbsp;of&nbsp;mysql_install_db&nbsp;is&nbsp;really&nbsp;very&nbsp;uncomplicated.&nbsp;4.<br>
&nbsp;&nbsp;&nbsp;&nbsp;/usr/bin/mysqladmin&nbsp;shutdown&nbsp;#&nbsp;ya&nbsp;gotta&nbsp;shut&nbsp;it&nbsp;down&nbsp;before&nbsp;you&nbsp;can<br>
&nbsp;&nbsp;&nbsp;&nbsp;reinstall&nbsp;the&nbsp;grant&nbsp;tables!&nbsp;5.&nbsp;rm&nbsp;-i&nbsp;/var/lib/mysql/mysql/*.IS?'&nbsp;and<br>
&nbsp;&nbsp;&nbsp;&nbsp;answer&nbsp;'Y'&nbsp;to&nbsp;the&nbsp;deletion&nbsp;questions.&nbsp;#&nbsp;nuke&nbsp;your&nbsp;current&nbsp;grant&nbsp;tables.<br>
&nbsp;&nbsp;&nbsp;&nbsp;This&nbsp;WILL&nbsp;NOT&nbsp;delete&nbsp;any&nbsp;other&nbsp;databases&nbsp;than&nbsp;your&nbsp;grant&nbsp;tables.&nbsp;6.<br>
&nbsp;&nbsp;&nbsp;&nbsp;/usr/bin/mysql_install_db&nbsp;#&nbsp;run&nbsp;the&nbsp;script&nbsp;you&nbsp;just&nbsp;edited&nbsp;to&nbsp;install<br>
&nbsp;&nbsp;&nbsp;&nbsp;your&nbsp;new&nbsp;grant&nbsp;tables.&nbsp;7.&nbsp;mysqladmin&nbsp;-u&nbsp;root&nbsp;password&nbsp;(new_password)&nbsp;#<br>
&nbsp;&nbsp;&nbsp;&nbsp;change&nbsp;the&nbsp;root&nbsp;MySQL&nbsp;password,&nbsp;or&nbsp;else&nbsp;anyone&nbsp;on&nbsp;localhost&nbsp;can&nbsp;login&nbsp;to<br>
&nbsp;&nbsp;&nbsp;&nbsp;MySQL&nbsp;as&nbsp;root&nbsp;and&nbsp;make&nbsp;changes.&nbsp;You&nbsp;can&nbsp;skip&nbsp;this&nbsp;step&nbsp;if&nbsp;you&nbsp;want<br>
&nbsp;&nbsp;&nbsp;&nbsp;keystone&nbsp;to&nbsp;connect&nbsp;as&nbsp;root&nbsp;with&nbsp;no&nbsp;password.&nbsp;8.&nbsp;mysqladmin&nbsp;-u<br>
&nbsp;&nbsp;&nbsp;&nbsp;(webserver_user_name)&nbsp;password&nbsp;(new_password)&nbsp;#&nbsp;change&nbsp;the&nbsp;password&nbsp;of<br>
&nbsp;&nbsp;&nbsp;&nbsp;the&nbsp;$sys_dbuser.&nbsp;Note&nbsp;that&nbsp;you&nbsp;will&nbsp;need&nbsp;to&nbsp;change&nbsp;the&nbsp;password&nbsp;in&nbsp;the<br>
&nbsp;&nbsp;&nbsp;&nbsp;keystone.conf&nbsp;file&nbsp;as&nbsp;well&nbsp;in&nbsp;$sys_dbpasswd,&nbsp;and&nbsp;if&nbsp;your&nbsp;permissions&nbsp;are<br>
&nbsp;&nbsp;&nbsp;&nbsp;set&nbsp;up&nbsp;incorrectly&nbsp;anybody&nbsp;can&nbsp;type&nbsp;the&nbsp;URL&nbsp;to&nbsp;your&nbsp;keystone.conf&nbsp;file<br>
&nbsp;&nbsp;&nbsp;&nbsp;and&nbsp;get&nbsp;the&nbsp;password.&nbsp;Not&nbsp;that&nbsp;this&nbsp;will&nbsp;help&nbsp;them&nbsp;much&nbsp;if&nbsp;your<br>
&nbsp;&nbsp;&nbsp;&nbsp;permissions&nbsp;are&nbsp;set&nbsp;to&nbsp;@localhost.&nbsp;Method&nbsp;#2:&nbsp;easier,&nbsp;but&nbsp;a&nbsp;pain<br>
&nbsp;&nbsp;&nbsp;&nbsp;reproducing&nbsp;if&nbsp;you&nbsp;have&nbsp;to&nbsp;delete&nbsp;your&nbsp;grant&nbsp;tables.&nbsp;This&nbsp;is&nbsp;the<br>
&nbsp;&nbsp;&nbsp;&nbsp;"recommended"&nbsp;method&nbsp;for&nbsp;altering&nbsp;grant&nbsp;tables&nbsp;in&nbsp;MySQL.&nbsp;I&nbsp;don't&nbsp;use&nbsp;it<br>
&nbsp;&nbsp;&nbsp;&nbsp;because&nbsp;I&nbsp;like&nbsp;the&nbsp;other&nbsp;way&nbsp;:)&nbsp;shell&#62;&nbsp;mysql&nbsp;--user=root&nbsp;keystone<br>
&nbsp;&nbsp;&nbsp;&nbsp;mysql&#62;&nbsp;GRANT<br>
&nbsp;&nbsp;&nbsp;&nbsp;SELECT,INSERT,UPDATE,DELETE,INDEX,ALTER,CREATE,DROP,RELOAD,SHUTDOWN,PROCESS,<br>
&nbsp;&nbsp;&nbsp;&nbsp;FILE,&nbsp;ON&nbsp;keystone.*&nbsp;TO&nbsp;&#60;$sys_dbuser&nbsp;name&#62;@localhost&nbsp;IDENTIFIED&nbsp;BY<br>
&nbsp;&nbsp;&nbsp;&nbsp;'(password)'&nbsp;WITH&nbsp;GRANT&nbsp;OPTION;&nbsp;OR&nbsp;mysql&#62;&nbsp;GRANT&nbsp;ALL&nbsp;PRIVILEGES&nbsp;ON<br>
&nbsp;&nbsp;&nbsp;&nbsp;keystone.*&nbsp;TO&nbsp;&#60;$sys_dbuser&nbsp;name&#62;@localhost&nbsp;IDENTIFIED&nbsp;BY<br>
&nbsp;&nbsp;&nbsp;&nbsp;'(password)'&nbsp;WITH&nbsp;GRANT&nbsp;OPTION;&nbsp;#&nbsp;this&nbsp;grants&nbsp;the&nbsp;required&nbsp;permissions&nbsp;to<br>
&nbsp;&nbsp;&nbsp;&nbsp;the&nbsp;keystone&nbsp;($sys_dbuser)&nbsp;account&nbsp;defined&nbsp;in&nbsp;keystone.conf.&nbsp;However,&nbsp;if<br>
&nbsp;&nbsp;&nbsp;&nbsp;you&nbsp;are&nbsp;runnning&nbsp;many&nbsp;different&nbsp;MySQL-based&nbsp;apps,&nbsp;as&nbsp;we&nbsp;are,&nbsp;it's<br>
&nbsp;&nbsp;&nbsp;&nbsp;generally&nbsp;better&nbsp;to&nbsp;edit&nbsp;the&nbsp;mysql_install_db&nbsp;script&nbsp;to&nbsp;be&nbsp;able&nbsp;to<br>
&nbsp;&nbsp;&nbsp;&nbsp;quickly&nbsp;reproduce&nbsp;your&nbsp;permissions&nbsp;structure&nbsp;again.&nbsp;Note&nbsp;that&nbsp;the&nbsp;FILE<br>
&nbsp;&nbsp;&nbsp;&nbsp;privelege&nbsp;and&nbsp;WITH&nbsp;GRANT&nbsp;OPTION&nbsp;may&nbsp;not&nbsp;be&nbsp;in&nbsp;your&nbsp;best&nbsp;interest&nbsp;to<br>
&nbsp;&nbsp;&nbsp;&nbsp;include.&nbsp;GRANT&nbsp;TABLE&nbsp;FIELDS&nbsp;EXPLANATION:&nbsp;Quick&nbsp;syntax&nbsp;summary:&nbsp;"%"&nbsp;in<br>
&nbsp;&nbsp;&nbsp;&nbsp;MySQL&nbsp;is&nbsp;a&nbsp;wildcard.&nbsp;I.E.,&nbsp;if&nbsp;you&nbsp;are&nbsp;defining&nbsp;your&nbsp;DB&nbsp;table&nbsp;and&nbsp;in&nbsp;the<br>
&nbsp;&nbsp;&nbsp;&nbsp;'host'&nbsp;field&nbsp;and&nbsp;enter&nbsp;'%',&nbsp;that&nbsp;means&nbsp;that&nbsp;any&nbsp;host&nbsp;can&nbsp;access&nbsp;that<br>
&nbsp;&nbsp;&nbsp;&nbsp;database.&nbsp;Of&nbsp;course,&nbsp;that&nbsp;host&nbsp;must&nbsp;also&nbsp;have&nbsp;a&nbsp;valid&nbsp;db&nbsp;user&nbsp;in&nbsp;order&nbsp;to<br>
&nbsp;&nbsp;&nbsp;&nbsp;do&nbsp;anything&nbsp;useful.&nbsp;'db'=name&nbsp;of&nbsp;database.&nbsp;In&nbsp;our&nbsp;case,&nbsp;it&nbsp;should&nbsp;be<br>
&nbsp;&nbsp;&nbsp;&nbsp;"keystone".&nbsp;"user"&nbsp;should&nbsp;be&nbsp;your&nbsp;"$sys_dbuser"&nbsp;defined&nbsp;in&nbsp;keystone.conf.<br>
&nbsp;&nbsp;&nbsp;&nbsp;Note&nbsp;that&nbsp;you&nbsp;CANNOT&nbsp;add&nbsp;or&nbsp;change&nbsp;a&nbsp;password&nbsp;by&nbsp;using&nbsp;the&nbsp;"INSERT&nbsp;INTO<br>
&nbsp;&nbsp;&nbsp;&nbsp;db&nbsp;(X)"&nbsp;command&nbsp;--&nbsp;you&nbsp;must&nbsp;change&nbsp;it&nbsp;with&nbsp;the&nbsp;mysql&nbsp;-u&nbsp;command&nbsp;as<br>
&nbsp;&nbsp;&nbsp;&nbsp;defined&nbsp;above.&nbsp;Passwords&nbsp;are&nbsp;stored&nbsp;encrypted&nbsp;in&nbsp;the&nbsp;MySQL&nbsp;database,&nbsp;and<br>
&nbsp;&nbsp;&nbsp;&nbsp;if&nbsp;you&nbsp;try&nbsp;to&nbsp;enter&nbsp;it&nbsp;directly&nbsp;into&nbsp;the&nbsp;table&nbsp;they&nbsp;will&nbsp;not&nbsp;match.<br>
&nbsp;&nbsp;&nbsp;&nbsp;TABLE:&nbsp;USER.&nbsp;Everything&nbsp;after&nbsp;"password"&nbsp;is&nbsp;a&nbsp;privelege&nbsp;granted&nbsp;(Y/N).<br>
&nbsp;&nbsp;&nbsp;&nbsp;This&nbsp;table&nbsp;controls&nbsp;individual&nbsp;user&nbsp;global&nbsp;access&nbsp;rights.<br>
&nbsp;&nbsp;&nbsp;&nbsp;'host','user','password','select','insert','update','delete','index','alter'<br>
&nbsp;&nbsp;&nbsp;&nbsp;,'create','drop','grant','reload','shutdown','process','file'&nbsp;TABLE:&nbsp;DB.<br>
&nbsp;&nbsp;&nbsp;&nbsp;This&nbsp;controls&nbsp;access&nbsp;of&nbsp;USERS&nbsp;to&nbsp;databases.<br>
&nbsp;&nbsp;&nbsp;&nbsp;'host','db','user','select','insert','update','delete','index','alter','crea<br>
&nbsp;&nbsp;&nbsp;&nbsp;te','drop','grant'&nbsp;TABLE:&nbsp;HOST.&nbsp;This&nbsp;controls&nbsp;which&nbsp;HOSTS&nbsp;are&nbsp;allowed<br>
&nbsp;&nbsp;&nbsp;&nbsp;what&nbsp;global&nbsp;access&nbsp;rights.&nbsp;Note&nbsp;that&nbsp;the&nbsp;HOST&nbsp;table,&nbsp;USER&nbsp;table,&nbsp;and&nbsp;DB<br>
&nbsp;&nbsp;&nbsp;&nbsp;table&nbsp;are&nbsp;very&nbsp;closely&nbsp;connected&nbsp;--&nbsp;if&nbsp;an&nbsp;authorized&nbsp;USER&nbsp;attempts&nbsp;an&nbsp;SQL<br>
&nbsp;&nbsp;&nbsp;&nbsp;request&nbsp;from&nbsp;an&nbsp;unauthorized&nbsp;HOST,&nbsp;she's&nbsp;denied.&nbsp;If&nbsp;a&nbsp;request&nbsp;from&nbsp;an<br>
&nbsp;&nbsp;&nbsp;&nbsp;authorized&nbsp;HOST&nbsp;is&nbsp;not&nbsp;an&nbsp;authorized&nbsp;USER,&nbsp;it&nbsp;is&nbsp;denied.&nbsp;If&nbsp;a&nbsp;globally<br>
&nbsp;&nbsp;&nbsp;&nbsp;authorized&nbsp;USER&nbsp;does&nbsp;not&nbsp;have&nbsp;rights&nbsp;to&nbsp;a&nbsp;certain&nbsp;DB,&nbsp;she's&nbsp;denied.&nbsp;Get<br>
&nbsp;&nbsp;&nbsp;&nbsp;the&nbsp;picture?<br>
&nbsp;&nbsp;&nbsp;&nbsp;'host','db','select','insert','update','delete','index','alter','create','dr<br>
&nbsp;&nbsp;&nbsp;&nbsp;op','grant'&nbsp;You&nbsp;should&nbsp;now&nbsp;have&nbsp;a&nbsp;working&nbsp;knowledge&nbsp;of&nbsp;MySQL&nbsp;grant<br>
&nbsp;&nbsp;&nbsp;&nbsp;tables.&nbsp;If&nbsp;there&nbsp;is&nbsp;anything&nbsp;I've&nbsp;left&nbsp;out&nbsp;of&nbsp;this&nbsp;answer&nbsp;that&nbsp;you&nbsp;feel<br>
&nbsp;&nbsp;&nbsp;&nbsp;is&nbsp;pertinent,&nbsp;or&nbsp;if&nbsp;my&nbsp;instructions&nbsp;don't&nbsp;work&nbsp;for&nbsp;you,&nbsp;please&nbsp;let&nbsp;me<br>
&nbsp;&nbsp;&nbsp;&nbsp;know&nbsp;and&nbsp;I'll&nbsp;re-post&nbsp;this&nbsp;letter&nbsp;again,&nbsp;corrected.&nbsp;I&nbsp;threw&nbsp;it&nbsp;together<br>
&nbsp;&nbsp;&nbsp;&nbsp;one&nbsp;night&nbsp;out&nbsp;of&nbsp;exasperation&nbsp;for&nbsp;all&nbsp;the&nbsp;newbies&nbsp;who&nbsp;don't&nbsp;know&nbsp;squat<br>
&nbsp;&nbsp;&nbsp;&nbsp;about&nbsp;MySQL&nbsp;yet,&nbsp;so&nbsp;it&nbsp;is&nbsp;almost&nbsp;guaranteed&nbsp;to&nbsp;have&nbsp;errors.&nbsp;Once&nbsp;again,<br>
&nbsp;&nbsp;&nbsp;&nbsp;you&nbsp;can't&nbsp;go&nbsp;wrong&nbsp;by&nbsp;reading&nbsp;section&nbsp;6&nbsp;of&nbsp;the&nbsp;MySQL&nbsp;manual.&nbsp;It&nbsp;is&nbsp;more<br>
&nbsp;&nbsp;&nbsp;&nbsp;detailed&nbsp;than&nbsp;I!&nbsp;http://www.mysql.com/Manual/manual.html.</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="dbdoc.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="patches.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>MySQL Bugzilla Database Introduction</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="database.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Useful Patches and Utilities for Bugzilla</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>