SyntaxFix

[mysql] Why is a "GRANT USAGE" created the first time I grant a user privileges?

I'm new to the admin side of DBMS and was setting up a new database tonight (using MySQL) when I noticed this. After granting a user a privilege for the first time, another grant is created that looks like

GRANT USAGE on *.* TO user IDENTIFIED BY PASSWORD password

The documentation says that the USAGE privilege means "no privileges," so I'm inferring thats grants work hierarchically and perhaps a user must have some kind of privilege for all databases, so this serves as a catch all?

I also dont understand why this line has an IDENTIFIED BY clause in it when the grant I created does not have one (mostly because I dont understand what purpose the IDENTIFIED BY clause serves).

Edit: Sorry for not stating this originally, the grants were

GRANT ALL PRIVILEGES ON database.* TO admin_user
GRANT SELECT, INSERT, UPDATE, DELETE ON database.* TO user

This question is related to mysql database privileges grant

The answer is

As you said, in MySQL USAGE is synonymous with "no privileges". From the MySQL Reference Manual:

The USAGE privilege specifier stands for "no privileges." It is used at the global level with GRANT to modify account attributes such as resource limits or SSL characteristics without affecting existing account privileges.

USAGE is a way to tell MySQL that an account exists without conferring any real privileges to that account. They merely have permission to use the MySQL server, hence USAGE. It corresponds to a row in the `mysql`.`user` table with no privileges set.

The IDENTIFIED BY clause indicates that a password is set for that user. How do we know a user is who they say they are? They identify themselves by sending the correct password for their account.

A user's password is one of those global level account attributes that isn't tied to a specific database or table. It also lives in the `mysql`.`user` table. If the user does not have any other privileges ON *.*, they are granted USAGE ON *.* and their password hash is displayed there. This is often a side effect of a CREATE USER statement. When a user is created in that way, they initially have no privileges so they are merely granted USAGE.

I was trying to find the meaning of GRANT USAGE on *.* TO and found here. I can clarify that GRANT USAGE on *.* TO user IDENTIFIED BY PASSWORD password will be granted when you create the user with the following command (CREATE): 

CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';

When you grant privilege with GRANT, new privilege s will be added on top of it.

In addition mysql passwords when not using the IDENTIFIED BY clause, may be blank values, if non-blank, they may be encrypted. But yes USAGE is used to modify an account by granting simple resource limiters such as MAX_QUERIES_PER_HOUR, again this can be specified by also using the WITH clause, in conjuction with GRANT USAGE(no privileges added) or GRANT ALL, you can also specify GRANT USAGE at the global level, database level, table level,etc....

Source: Stackoverflow.com

Examples related to mysql

Implement specialization in ER diagram How to post query parameters with Axios? PHP with MySQL 8.0+ error: The server requested authentication method unknown to the client Loading class `com.mysql.jdbc.Driver'. This is deprecated. The new driver class is `com.mysql.cj.jdbc.Driver' phpMyAdmin - Error > Incorrect format parameter? Authentication plugin 'caching_sha2_password' is not supported How to resolve Unable to load authentication plugin 'caching_sha2_password' issue Connection Java-MySql : Public Key Retrieval is not allowed How to grant all privileges to root user in MySQL 8.0 MySQL 8.0 - Client does not support authentication protocol requested by server; consider upgrading MySQL client

Examples related to database

Implement specialization in ER diagram phpMyAdmin - Error > Incorrect format parameter? Authentication plugin 'caching_sha2_password' cannot be loaded Room - Schema export directory is not provided to the annotation processor so we cannot export the schema SQL Query Where Date = Today Minus 7 Days MySQL Error: : 'Access denied for user 'root'@'localhost' SQL Server date format yyyymmdd How to create a foreign key in phpmyadmin WooCommerce: Finding the products in database TypeError: tuple indices must be integers, not str

Examples related to privileges

Check Postgres access for a user Give all permissions to a user on a PostgreSQL database ORA-01950: no privileges on tablespace 'USERS' Getting ORA-01031: insufficient privileges while querying a table instead of ORA-00942: table or view does not exist Remove privileges from MySQL database Permission denied for relation How to view user privileges using windows cmd? Grant all on a specific schema in the db to a group role in PostgreSQL How to show all privileges from a user in oracle? What precisely does 'Run as administrator' do?

Examples related to grant

Postgresql: error "must be owner of relation" when changing a owner object Give all permissions to a user on a PostgreSQL database Remove privileges from MySQL database What GRANT USAGE ON SCHEMA exactly do? Permission denied for relation Grant SELECT on multiple tables oracle How to grant remote access to MySQL for a whole subnet? Grant all on a specific schema in the db to a group role in PostgreSQL grant remote access of MySQL database from any IP address Query grants for a table in postgres

Tags

Instance-methods Universal-binary Toplink Os.execl Dbx Mapnik Taskaffinity String-decoding Persist Ada 8051 Sametime Jar-signing Divide-and-conquer Infovis Symbolicate Django-fixtures Clarion Type-conversion Qfilesystemmodel Rapid-prototyping Widestring Graph-visualization Bulk-load Msgfmt Propertydescriptor Activemq-cpp Dbms-job B2b Rpy2 Vmime Udpclient Libharu Bindingsource Form-design Custom-events Vst Iso8583 Downloading-website-files 7zip Mysql-python Paas Adobe-reader Visiblox Rim-4.2 Golfscript Imagecreatefrompng Sdl Data-migration Test-suite Method-declaration Apple-touch-icon Assignment-operator Cgi-bin Concat-ws Date-parsing Auto-versioning Xml Urldecode Qfiledialog Jflow Image-segmentation Createfile Isinteger Openquery Markov-models Safe-browsing Shopping-cart Onupdate Svnkit Custom-server-controls Treemodel Firewatir Many-to-one Twebbrowser Migrating Precompiled-headers Object-comparison Export-to-xml Geronimo Uppercase Typed-arrays Sammy.js Amazon-simpledb Application-shutdown Oolong Member-initialization Gist Bootstrapping Django-shell Drools-flow Tuareg Scanning Setstate Openstep Ocl Team-explorer Clarity Mercurial-bigfiles Xhtml2