mysqlgrants --version (return code: 0)
MySQL Utilities mysqlgrants version 1.6.1 License type: GPLv2
mysqlgrants --help (return code: 0)
MySQL Utilities mysqlgrants version 1.6.1 License type: GPLv2 Usage: mysqlgrants --server=user:pass@host:port \ [<db_name>[.<obj_name>]] mysqlgrants - display grants per object Options: --version show program's version number and exit --help display a help message and exit --license display program's license and exit --server=SERVER connection information for the server in the form: <user>[:<password>]@<host>[:<port>][:<socket>] or <login-path>[:<port>][:<socket>] or <config- path>[<[group]>]. --ssl-ca=SSL_CA The path to a file that contains a list of trusted SSL CAs. --ssl-cert=SSL_CERT The name of the SSL certificate file to use for establishing a secure connection. --ssl-key=SSL_KEY The name of the SSL key file to use for establishing a secure connection. --ssl=SSL Specifies if the server connection requires use of SSL. If an encrypted connection cannot be established, the connection attempt fails. By default 0 (SSL not required). -v, --verbose control how much information is displayed. e.g., -v = verbose, -vv = more verbose, -vvv = debug --show=SHOW_MODE Controls the content of the report. If the value USERS is specified, the report shows only the list of users with any kind of grant over the object. If USER_GRANTS is specified the reports shows each user along with her list of privileges for each object. Finally, specifying RAW the utility returns each user along with the list of SQL grant statements that have influence over the specific object. Default is USER_GRANTS. --privileges=PRIVILEGES Minimum set of privileges that a user must have for any given object. Unless a user has all the privileges listed for a specific object, she will not appear in the list of users with privileges for that specific object. To list multiple privileges, use a comma- separated list. Introduction ------------ The mysqlgrants utility is designed to display the users who have access to a list of objects and/or databases. It can also display the privileges grouped by user and the raw GRANT statements. Furthermore, if the user specifies a list of privileges, the utility shall display those users who have all of the privileges listed (they are AND conditions). In order to use the utility, you need to specify at least one object to check. To specify several objects at once, you should list each object as a separate argument for the utility, using full qualified names as shown by the following examples: # Get the list of users with their respective privileges for the 'db1' # database and 'db1'.'table1' table. $ mysqlgrants --server=root:pass@host1:3306 \ --show=user_grants db1 db1.table1 # Get the list of users with both SELECT and UPDATE privileges on the 'db1' # database and 'db1'.'table1' table. $ mysqlgrants --server=root:pass@host1:3306 \ --show=users --privileges=SELECT,UPDATE db1 db1.table1 # Get the list of users that have at least the TRIGGER and DROP privileges # for database 'db1' and 'db1'.'table1' table and show the list of SQL GRANT # statements that grant them those privileges. $ mysqlgrants --server=root:pass@host1:3306 \ --show=raw --privileges=TRIGGER,DROP db1 db1.table1 Helpful Hints ------------- - To use the --show=users option you need to specify at least one privilege using the --privilege option. - You can list the users that have specific privileges using the option --privileges. The user must have all privileges listed in order to be included in the result. - If you specify some privileges on the --privileges option that are not valid for all the specified objects, any that do not apply are not included in the list. For example, the SELECT privilege will be ignored for stored routines and the EXECUTE privilege will be ignored for tables but both will be taken into account for databases.