I have a mysql user (I'll call) "user5" who only has "grant usage" (i.e. no privileges) in the output of "show grants", but can still do a select on database "app_db" (which is what I want, but I do understand how it has that privilege). There is no anonymous user. How can user5 be using its database with this configuration?
When logged in as user5:
mysql> show grants;
+--------------------------------------------------------------------------------------------------------------+
| Grants for user5@10.14.% |
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user5'@'10.14.%' IDENTIFIED BY PASSWORD '*long hash' |
+--------------------------------------------------------------------------------------------------------------+
When logged in as root, looking at the User table:
mysql> select User, Host, Select_priv from mysql.user;
+----------+---------------+-------------+
| User | Host | Select_priv |
+----------+---------------+-------------+
| root | localhost | Y |
| root | 127.0.0.1 | Y |
| root | 10.14.12.8 | Y |
| user5 | 10.14.% | N |
| (other named non-root users) |
+----------+---------------+-------------+
…yet, as user5, "select * from app_db.users" returns results.
Best Answer
Most likely, your user5 has database (i.e. schema) privileges, just not server-wide privileges. So look here.
or check in the data dictionary for the same:
if not anything, then maybe also check