Use the SHOW GRANTS statement to show privileges of a user in MySQL
This article describes how to use the SHOW GRANTS statement to list the privileges granted to a user or role.
Sometimes, you need to see the privileges a user has been granted to review.
MySQL allows you to use the SHOW GRANTS statement to show the privileges granted to a user account or a role.
MySQL SHOW GRANTS Syntax
The following is the basic syntax of the SHOW GRANTS statement :
SHOW GRANTS
[FOR {user | role}
[USING role [, role] ...]]
Here:
- You should specify the user account or the role after the
FORkeyword to show the privileges previously granted to the user account or the role. If theFORclause is omitted,SHOW GRANTSwill return the privileges of the current user. - You should use the
USINGclause to check privileges related to the user’s role. The role you specify in theUSINGclause must have been granted to the user beforehand.
In addition to displaying the privileges and roles of the current user, to execute SHOW GRANTSthe statement, you need to have privileges mysql on the system database .SELECT
MySQL SHOW GRANTS Examples
There are some examples for the usage of MySQL SHOW GRANTS statements here.
Show the privileges granted to a specified user
This example demonstrates the complete steps to create a user, grant privileges, and view privileges.
-
Create a new database using
CREATE DATABASE, namedsqlizdb:CREATE DATABASE sqlizdb; -
USE sqlizdb; -
Create a new table named
sqlizdbin the database :test_tableCREATE TABLE test_table( id int AUTO_INCREMENT PRIMARY KEY, txt varchar(100) NOT NULL ); -
Create a new user named
sqliz@'%':CREATE user sqliz@'%' IDENTIFIED by 'SqLiZ9879123!'; -
Show the privileges for
sqliz@'%':SHOW GRANTS FOR sqliz@'%';+-----------------------------------+ | Grants for sqliz@% | +-----------------------------------+ | GRANT USAGE ON *.* TO `sqliz`@`%` | +-----------------------------------+GRANT USAGEmeans no authority. By default, when a new user is created, he has no privileges. -
Grant all privileges on the
sqlizdbdatabase to the usersqliz@'%':GRANT ALL PRIVILEGES ON sqlizdb.* TO sqliz@'%'; -
Finally, show the privileges granted to the user
sqliz@'%':SHOW GRANTS FOR sqliz@'%';+----------------------------------------------------+ | Grants for sqliz@% | +----------------------------------------------------+ | GRANT USAGE ON *.* TO `sqliz`@`%` | | GRANT ALL PRIVILEGES ON `sqlizdb`.* TO `sqliz`@`%` | +----------------------------------------------------+
Show the privileges granted to the current user
The following statement uses the SHOW GRANTS statement to show the privileges granted to the current user:
SHOW GRANTS;
It is equivalent to the following statement:
SHOW GRANTS FOR CURRENT_USER;
or
SHOW GRANTS FOR CURRENT_USER();
Both CURRENT_USER and CURRENT_USER() return the current user.
Show privileges granted to roles
This example demonstrates the complete steps to create a role, grant privileges to the role, and view privileges of the role.
-
Create a new role named
write_role@'%'using the following statement:CREATE ROLE write_role@'%'; -
Show privileges granted to the role
write_role@'%'using the following statement:SHOW GRANTS FOR write_role@'%';+----------------------------------------+ | Grants for write_role@% | +----------------------------------------+ | GRANT USAGE ON *.* TO `write_role`@`%` | +----------------------------------------+ -
Grant
SELECT,INSERT,UPDATE, andDELETEprivileges on the databasesqlizdbto the rolewrite_role@'%'using the following statement:GRANT SELECT, INSERT, UPDATE, DELETE ON sqlizdb.* TO write_role@'%'; -
Show privileges granted to the role
write_role@'%'using the following statement:SHOW GRANTS FOR write_role@'%';+-------------------------------------------------------------------------+ | Grants for write_role@% | +-------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO `write_role`@`%` | | GRANT SELECT, INSERT, UPDATE, DELETE ON `sqlizdb`.* TO `write_role`@`%` | +-------------------------------------------------------------------------+
D) Show the privileges associated with the role of the user
This example demonstrates the detailed steps for creating a new user, assigning role to a user, and displaying privileges.
-
Create a new user named
sqliz2@'%'using the following statement:CREATE user sqliz2@'%' IDENTIFIED by 'SqLiZ9879123!'; -
Grant
EXECUTEprivileges to the usersqliz2@'%'using the following statement:GRANT EXECUTE ON sqlizdb.* TO sqliz2@'%'; -
Grant the role
write_role@'%'to the usersqliz2@'%'using the following statement:GRANT write_role@'%' TO sqliz2@'%'; -
Show the privileges granted to the user
sqliz2@'%':SHOW GRANTS FOR sqliz2@'%';+----------------------------------------------+ | Grants for sqliz2@% | +----------------------------------------------+ | GRANT USAGE ON *.* TO `sqliz2`@`%` | | GRANT EXECUTE ON `sqlizdb`.* TO `sqliz2`@`%` | | GRANT `write_role`@`%` TO `sqliz2`@`%` | +----------------------------------------------+ -
Use the
USINGclause in theSHOW GRANTSstatement to show the privileges associated with thewrite_role@'%'role for the usersqliz2@'%':SHOW GRANTS FOR sqliz2@'%' USING write_role@'%';+------------------------------------------------------------------------------+ | Grants for sqliz2@% | +------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO `sqliz2`@`%` | | GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON `sqlizdb`.* TO `sqliz2`@`%` | | GRANT `write_role`@`%` TO `sqliz2`@`%` | +------------------------------------------------------------------------------+
Conclusion
In MySQL, you can use the SHOW GRANTS statement to show the privileges granted to a user or a role.