I have two users:
user1 : all privleges, no grant option.
user2 : all privleges, with grant option.
user1 , connect to database and change password of user2 .
How can I prevent this?
The GRANT
privilege isn't related to passwords. It determines if user is able to change permissions for others.
In Set Password we can read:
Setting the password for a named account (with a FOR clause) requires the
UPDATE
privilege for themysql
system schema . Setting the password for yourself (for a nonanonymous account with no FOR clause) requires no special privileges.
The recommend way to change passwords is the ALTER USER
statement but that documentation section basically states the same:
In most cases,
ALTER USER
requires the globalCREATE USER
privilege, or theUPDATE
privilege for themysql
system schema .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.