简体   繁体   中英

How to revoke MySQL user privileges for one table?

When I have granted privileges to a user for some specific tables:

GRANT ALL PRIVILEGES ON table1.* TO 'user1'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON table2.* TO 'user1'@'localhost' IDENTIFIED BY 'password';

How do I revoke the privileges for this user, just for table1 ?

Google is your friend! http://dev.mysql.com/doc/refman/5.7/en/revoke.html


REVOKE ALL PRIVILEGES ON table1.* FROM 'user1'@'localhost';

To further explain this answer - I'll teach how to fish (rather than just give you a fish).

The MySQL documentation can look confusing at first - the "syntax" for REVOKE looks like this:

    priv_type [(column_list)]
      [, priv_type [(column_list)]] ...
    ON [object_type] priv_level
    FROM user [, user] ...

    FROM user [, user] ...

    FROM user [, user] ...

It means there are 3 "ways" of calling it:

  1. REVOKE priv_type ...

These three are separated by the blank lines in the MySQL doc page.

For each of these, there are "optional" parameters/settings/values. These are denoted by the square brackets, for example:

REVOKE priv_type [(column_list)] ...

The (column_list) is optional. You can supply it, but you don't have to.

( Updated note, Dec 2019:

The priv_type is what specifically lets us know we can specify ALL PRIVILEGES ; for we are told in the documentation linked above:

For details on the levels at which privileges exist, the permissible priv_type , priv_level , and object_type values , and the syntax for specifying users and passwords, see Section, “ GRANT Statement”.

Section states this:

Privileges Supported by MySQL

The following table summarizes the permissible priv_type privilege types that can be specified for the GRANT and REVOKE statements, and the levels at which each privilege can be granted.

  • ALL [PRIVILEGES] Grant all privileges at specified access

End update. )

Similarly you can chain these together - they've indented the next line to indicate this (and used ... to show you can continue repeating):

priv_type [(column_list)]
  [, priv_type [(column_list)]] ...    <-- indented, and note the "..."

More complicated examples exist in the MySQL documentation - like for CREATE TABLE you have lists of optional flags:


This {x|y|z} syntax indicates you must specify one of them (the {...} is non-optional, the [...] means everything inside is optional - so if you specify COLUMN_FORMAT , one of the three following flags is required ), the pipes ( | ) indicate you can only specify one of the list ( FIXED / DYNAMIC / DEFAULT ).

One final thing to say - be very aware of the MySQL documentation version . It's stated in several places on the website - personally I just look at the URL:


Note it says 5.7 in it. This means the documentation you're reading may not be applicable to any version other than MySQL 5.7. That's bitten me a lot of times ... usually when I'm under the gun trying to fix something in a panic! Always double-check it.

This is misleading. That statement is revoking permissions in one schema, not one table.

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

粤ICP备18138465号  © 2020-2024 STACKOOM.COM