Have a look at the Query
SELECT
md.host `Host`,
md.user `User`,
md.db `Database`,
REPLACE(RTRIM(CONCAT(
IF(md.Select_priv = 'Y', 'Select ', ''),
IF(md.Insert_priv = 'Y', 'Insert ', ''),
IF(md.Update_priv = 'Y', 'Update ', ''),
IF(md.Delete_priv = 'Y', 'Delete ', ''),
IF(md.Create_priv = 'Y', 'Create ', ''),
IF(md.Drop_priv = 'Y', 'Drop ', ''),
IF(md.Grant_priv = 'Y', 'Grant ', ''),
IF(md.References_priv = 'Y', 'References ', ''),
IF(md.Index_priv = 'Y', 'Index ', ''),
IF(md.Alter_priv = 'Y', 'Alter ', ''),
IF(md.Create_tmp_table_priv = 'Y', 'Create_tmp_table ', ''),
IF(md.Lock_tables_priv = 'Y', 'Lock_tables ', ''),
IF(md.Create_view_priv = 'Y', 'Create_view ', ''),
IF(md.Show_view_priv = 'Y', 'Show_view ', ''),
IF(md.Create_routine_priv = 'Y', 'Create_routine ', ''),
IF(md.Alter_routine_priv = 'Y', 'Alter_routine ', ''),
IF(md.Execute_priv = 'Y', 'Execute ', ''),
IF(md.Event_priv = 'Y', 'Event ', ''),
IF(md.Trigger_priv = 'Y', 'Trigger ', '')
)), ' ', ', ') AS `Privileges`
FROM
mysql.db md WHERE db='DB_NAME';
It may give result as you desired.
For Reference have a look at How to Get a List of Permissions of MySQL Users.
I don't see any option in pt-show-grants to do this kind of restriction. There are options for --only
and --ignore
specific users, but not tables. Nor is there an automatic option to ignore grants on nonexistant tables.
I also glanced in the code, and it doesn't seem to break out the tables to scan through them for any reason.
For what it's worth, I don't see any error when I try to grant to a non-existant table. I tested on Percona Server 5.6.16:
mysql> grant all on test.nonexist to 'user'@'%';
Query OK, 0 rows affected (0.00 sec)
$ pt-show-grants
. . .
GRANT ALL PRIVILEGES ON `test`.`nonexist` TO 'user'@'%';
Can you tell me anything else about your version of MySQL and the specific error that it produces when you try to run that grant script?
Re your comment:
The difference between ALL PRIVILEGES and specific privileges seems to be deliberate, according to Bug #10406 Grant all command does not give error though table does not exist.
If you use GRANT CREATE, SELECT ... ON test.notexist TO 'user'@'%'
then this works. As long as you include CREATE
privilege, then it permits the grant to the non-existant table.
Anyway, that's interesting trivia, but it doesn't address your original question.
This has been requested before, but never implemented. It was recorded as a "blueprint" (like a feature request) here: https://blueprints.launchpad.net/percona-toolkit/+spec/pt-show-grants-for-nonexistent-tables
Perhaps someone would like to implement a patch and contribute it to Percona Toolkit?
Best Answer
Nothing built-in. You have two options though:
Use
common_schema
's sql_show_grants view. For example, you can query:Or you can query for particular users, for example:
To install
common_schema
, follow the instructions here.Disclaimer: I am author of this tool.
Use Percona Toolkit's
pt-show-grants
, for example:In both cases you can ask for the
GRANT
command or theREVOKE
(opposite) command.The first case requires that you install a schema, the latter requires that you install PERL scripts + dependencies.