Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Grant a user permission to only view a MySQL view and nothing else

This question was originally using MySQL 5.1.44, but is applicable to MySQL 8.0+ too.

Let's say I have a table with records inserted by different users of my application. How can I give a specific user access to only see his/her records in that table? I've thought about creating a VIEW with his/her records, but I don't know how to create a MySQL user that can only see that VIEW.

So, is it possible to create a MySQL user that only has access to a single VIEW? Can this user also be made so they read-only access to that VIEW?

Thanks!

PS: What I call users in my example are really subsidiary offices that want to access their records with their own applications.

like image 792
Nelson Avatar asked Jun 24 '10 09:06

Nelson


People also ask

Is it possible to specify privileges per table in MySQL?

You can create a user with table level permissions in MySQL by performing the following: Connect to MySQL as a user with the Create_user_priv and Grant_priv. Determine which users have these privileges by running the following query. Your user will already need the SELECT privilege on MySQL.

How do I grant specific privileges in MySQL?

To grant a privilege with GRANT , you must have the GRANT OPTION privilege, and you must have the privileges that you are granting. (Alternatively, if you have the UPDATE privilege for the grant tables in the mysql system schema, you can grant any account any privilege.)

How do I give a MySQL user a read only access?

At the mysql prompt, do one of the following steps: To give the user access to the database from any host, type the following command: grant select on database_name. * to 'read-only_user_name'@'%' identified by 'password';


2 Answers

GRANT SELECT ON database1.view1 TO 'someuser'@'somehost';

like image 177
Naktibalda Avatar answered Sep 23 '22 02:09

Naktibalda


Besides

GRANT SELECT ON <database_name>.<view_name> TO <user>@<host> 

it's better to also do

GRANT SHOW VIEW ON <database_name>.<view_name> TO <user>@<host> 

so that a lot of SQL UI tool can get the view definition and work appropriately for the view.

like image 24
Dexin Wang Avatar answered Sep 23 '22 02:09

Dexin Wang