Grant user access to limited number of tables in MySQL
Solution 1:
Run them as two individual GRANT
statements:
GRANT SELECT ON testdb.fruits TO joe@localhost IDENTIFIED BY 'pass';
GRANT SELECT ON testdb.sports TO joe@localhost IDENTIFIED BY 'pass';
The MySQL GRANT syntax only permits one object in the priv_level
position:, though it may use a *
as a wildcard:
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
[WITH with_option ...]
object_type:
TABLE
| FUNCTION
| PROCEDURE
priv_level:
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
| db_name.routine_name
The part below does not appear to work on MySQL 5.5. How to "subtract" privileges in MySQL addresses why.
To grant SELECT
on all tables then selectively revoke, you could do:
GRANT SELECT ON testdb.* TO joe@localhost IDENTIFIED BY 'pass';
REVOKE ALL PRIVILEGES ON testdb.tblname FROM joe@localhost;
This seems to be an odd method though, and I think I would individually GRANT rather than individually REVOKE.
Solution 2:
You can use the mysql.tables_priv table directly:
INSERT INTO mysql.tables_priv (`Host`, `Db`, `User`, `Table_name`, `Grantor`, `Table_priv`)
VALUES
('%', DATABASE(), 'someuser', 'mytable1', CURRENT_USER, 'Select,Insert,Update,Delete'),
('%', DATABASE(), 'someuser', 'mytable2', CURRENT_USER, 'Select,Insert,Update,Delete')
After a manual update to these tables, you will need to explicitly run FLUSH PRIVILEGES
query to tell MySQL to update its permissions cache (not required when using GRANT
)