MySQL – Show Privileges
”;
The users in MySQL must have enough privileges to interact with the server. This is possible by assigning authentication details, like passwords to the users. In addition to this, operational or administrative privileges are granted separately if a user wants to interact with and operate on the data.
The MySQL SHOW Privileges
The MySQL SHOW PRIVILEGES Statement displays the list of privileges that are supported by the MYSQL server. The displayed list includes all static and currently registered dynamic privileges.
The information (returned list) contains three columns −
- Privilege − Name of the privilege
- Context − Name of the MySQL object for which the privilege is applicable.
- Comment − A string value describing the purpose of the privilege.
Syntax
Following is the syntax to list out all privileges in a MySQL Server −
SHOW PRIVILEGES;
Example
Following query lists out all the privileges supported by the MySQL server −
SHOW PRIVILEGES
Output
After executing the above code, we get the following output −
Privilege | Context | Comment |
---|---|---|
Alter | Tables | To alter the table |
Alter routine | Functions, Procedures | To alter or drop stored functions/procedures |
Create | Databases, Tables, Indexes | To create new databases and tables |
Create routine | Databases | To use CREATE FUNCTION/PROCEDURE |
Create role | Server Admin | To create new roles |
Create temporary tables | Databases | To use CREATE TEMPORARY TABLE |
Create view | Tables | To create new views |
Create user | Server Admin | To create new users |
Delete | Tables | To delete existing rows |
Drop | Databases, Tables | To drop databases, tables, and views |
Drop role | Server Admin | To drop roles |
Event | Server Admin | To create, alter, drop and execute events |
Execute | Functions, Procedures | To execute stored routines |
File | File access on server | To read and write files on the server |
Grant option | Databases, Tables, Funcs, Procedures | To give to other users those privileges you possess |
Index | Tables | To create or drop indexes |
Insert | Tables | To insert data into tables |
Lock tables | Databases | To use LOCK TABLES (together with SELECT privilege) |
Process | Server Admin | To view the plain text of currently executing queries |
Proxy | Server Admin | To make proxy user possible |
References | Databases,Tables | To have references on tables |
Reload | Server Admin | To reload or refresh tables, logs and privileges |
Replication client | Server Admin | To ask where the slave or master servers are |
Replication slave | Server Admin | To read binary log events from the master |
Select | Tables | To retrieve rows from table |
Show databases | Server Admin | To see all databases with SHOW DATABASES |
Show view | Tables | To see views with SHOW CREATE VIEW |
Shutdown | Server Admin | To shut down the server |
Super | Server Admin | To use KILL thread, SET GLOBAL, CHANGE MASTER, etc. |
Trigger | Tables | To use triggers |
Create tablespace | Server Admin | To create/alter/drop tablespaces |
Update | Tables | To update existing rows |
Usage | Server Admin | No privileges – allow connect only |
BINLOG_ENCRYPTION_ADMIN | Server Admin | |
AUDIT_ADMIN | Server Admin | |
ENCRYPTION_KEY_ADMIN | Server Admin | |
INNODB_REDO_LOG_ARCHIVE | Server Admin | |
APPLICATION_PASSWORD_ADMIN | Server Admin | |
SHOW_ROUTINE | Server Admin | |
BACKUP_ADMIN | Server Admin | |
BINLOG_ADMIN | Server Admin | |
CLONE_ADMIN | Server Admin | |
CONNECTION_ADMIN | Server Admin | |
SET_USER_ID | Server Admin | |
SERVICE_CONNECTION_ADMIN | Server Admin | |
GROUP_REPLICATION_ADMIN | Server Admin | |
REPLICATION_APPLIER | Server Admin | |
INNODB_REDO_LOG_ENABLE | Server Admin | |
PERSIST_RO_VARIABLES_ADMIN | Server Admin | |
TABLE_ENCRYPTION_ADMIN | Server Admin | |
ROLE_ADMIN | Server Admin | |
REPLICATION_SLAVE_ADMIN | Server Admin | |
SESSION_VARIABLES_ADMIN | Server Admin | |
RESOURCE_GROUP_ADMIN | Server Admin | |
RESOURCE_GROUP_USER | Server Admin | |
SYSTEM_USER | Server Admin | |
SYSTEM_VARIABLES_ADMIN | Server Admin | |
XA_RECOVER_ADMIN | Server Admin |
Listing Privileges Using a Client Program
Now, let us see how to retrieve/list all the privileges granted to the current MySQL user using a client program in programming languages like Java, PHP, Python, JavaScript, C++ etc.
Syntax
Following are the syntaxes −
To show all the privileges granted to an user, we need to pass the SHOW PRIVILEGES statement as a parameter to the query() function of the PHP mysqli library as −
$sql = "SHOW PRIVILEGES"; $mysqli->query($sql);
Following is the syntax to show all the privileges granted to the current user through a JavaScript program −
sql= "SHOW PRIVILEGES;" con.query(sql, function (err, result) { if (err) throw err; console.log(result); });
To show the privileges of the current user, we need to execute the SHOW PRIVILEGES statement using the JDBC executeQuery() function as −
String sql = "SHOW PRIVILEGES"; statement.executeQuery(sql);
Following is the syntax to show all the privileges granted to the current MySQL user through a Python program −
sql = f"SHOW GRANTS FOR ''{username_to_show}''@''localhost''"; cursorObj.execute(sql);
Example
Following are the programs −
$dbhost = ''localhost''; $dbuser = ''root''; $dbpass = ''password''; $mysqli = new mysqli($dbhost, $dbuser, $dbpass); if($mysqli->connect_errno ) { printf("Connect failed: %s
", $mysqli->connect_error); exit(); } //printf(''Connected successfully.
''); $sql = "SHOW PRIVILEGES"; if($result = $mysqli->query($sql)){ printf("PRIVILEGES found successfully...!"); printf("Lists are: "); while($row = mysqli_fetch_array($result)){ print_r($row); } } if($mysqli->error){ printf("Failed..!" , $mysqli->error); } $mysqli->close();
Output
The output obtained is as follows −
PRIVILEGES found successfully...!Lists are: Array ( [0] => Alter [Privilege] => Alter [1] => Tables [Context] => Tables [2] => To alter the table [Comment] => To alter the table ) Array ( [0] => Alter routine [Privilege] => Alter routine [1] => Functions,Procedures [Context] => Functions,Procedures [2] => To alter or drop stored functions/procedures [Comment] => To alter or drop stored functions/procedures ) Array ( [0] => Create [Privilege] => Create [1] => Databases,Tables,Indexes [Context] => Databases,Tables,Indexes [2] => To create new databases and tables [Comment] => To create new databases and tables ) Array ( [0] => Create routine [Privilege] => Create routine [1] => Databases [Context] => Databases [2] => To use CREATE FUNCTION/PROCEDURE [Comment] => To use CREATE FUNCTION/PROCEDURE ) Array ( [0] => Create role [Privilege] => Create role [1] => Server Admin [Context] => Server Admin [2] => To create new roles [Comment] => To create new roles ) .......... ( [0] => REPLICATION_SLAVE_ADMIN [Privilege] => REPLICATION_SLAVE_ADMIN [1] => Server Admin [Context] => Server Admin [2] => [Comment] => ) Array ( [0] => SENSITIVE_VARIABLES_OBSERVER [Privilege] => SENSITIVE_VARIABLES_OBSERVER [1] => Server Admin [Context] => Server Admin [2] => [Comment] => )
var mysql = require(''mysql2''); var con = mysql.createConnection({ host: "localhost", user: "root", password: "Nr5a0204@123" }); //Connecting to MySQL con.connect(function (err) { if (err) throw err; console.log("Connected!"); console.log("--------------------------"); sql = "SHOW PRIVILEGES"; con.query(sql, function(err, result){ if (err) throw err; console.log(result); }); });
Output
The output produced is as follows −
Connected! -------------------------- [ { Privilege: ''Alter'', Context: ''Tables'', Comment: ''To alter the table'' }, . . . { Privilege: ''TELEMETRY_LOG_ADMIN'', Context: ''Server Admin'', Comment: '''' } ]
import java.sql.Connection; import java.sql.DriverManager; import java.sql.ResultSet; import java.sql.Statement; public class ShowPriv { public static void main(String[] args) { String url = "jdbc:mysql://localhost:3306/TUTORIALS"; String user = "root"; String password = "password"; ResultSet rs; try { Class.forName("com.mysql.cj.jdbc.Driver"); Connection con = DriverManager.getConnection(url, user, password); Statement st = con.createStatement(); //System.out.println("Database connected successfully...!"); String sql = "SHOW PRIVILEGES"; rs = st.executeQuery(sql); System.out.println("All privileges: "); while(rs.next()) { String priv = rs.getNString(1); System.out.println(priv); } }catch(Exception e) { e.printStackTrace(); } } }
Output
The output obtained is as shown below −
All privileges: Alter Alter routine Create Create routine Create role Create temporary tables Create view Create user Delete Drop Drop role Event Execute File Grant option Index Insert Lock tables Process Proxy References Reload Replication client Replication slave Select Show databases Show view Shutdown Super
import mysql.connector # creating the connection object connection = mysql.connector.connect( host=''localhost'', user=''root'', password=''password'' ) username_to_show = ''newUser'' # Create a cursor object for the connection cursorObj = connection.cursor() cursorObj.execute(f"SHOW GRANTS FOR ''{username_to_show}''@''localhost''") privileges = cursorObj.fetchall() print(f"Privileges for user ''{username_to_show}'' are:") for grant in privileges: print(grant[0]) cursorObj.close() connection.close()
Output
Following is the output of the above code −
Privileges for user ''newUser'' are: GRANT USAGE ON *.* TO `newUser`@`localhost` GRANT SELECT, INSERT, UPDATE ON `your_database`.* TO `newUser`@`localhost`
”;