{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 Juvenile、少年° 的问题《Why is a “GRANT USAGE” created the first time I gr》','https://www.manongdao.com/q-260636.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I'm new to the admin side of DBMS and was setting up a new database tonight (using MySQL) when I noticed this. After granting a user a privilege for the first time, another grant is created that looks like
GRANT USAGE on *.* TO user IDENTIFIED BY PASSWORD password
The documentation says that the USAGE privilege means "no privileges," so I'm inferring thats grants work hierarchically and perhaps a user must have some kind of privilege for all databases, so this serves as a catch all?
I also dont understand why this line has an IDENTIFIED BY clause in it when the grant I created does not have one (mostly because I dont understand what purpose the IDENTIFIED BY clause serves).
Edit: Sorry for not stating this originally, the grants were
GRANT ALL PRIVILEGES ON database.* TO admin_user
GRANT SELECT, INSERT, UPDATE, DELETE ON database.* TO user
As you said, in MySQL
USAGEis synonymous with "no privileges". From the MySQL Reference Manual:USAGEis a way to tell MySQL that an account exists without conferring any real privileges to that account. They have merely permission to use MySQL, henceUSAGE. It corresponds to a row in the`mysql`.`user`table with no privileges set.The
IDENTIFIED BYclause indicates that a password is set for that user. How do we know a user is who they say they are? They identify themselves by sending the correct password for their account.A user's password is one of those global level account attributes that isn't tied to a specific database or table. It also lives in the
`mysql`.`user`table. If the user does not have any other privilegesON *.*, they are grantedUSAGE ON *.*and their password hash is displayed there. This is often a side effect of aCREATE USERstatement. When a user is created in that way, they initially have no privileges so they are merely grantedUSAGE.In addition mysql passwords when not using the
IDENTIFIED BYclause, may be blank values, if non-blank, they may be encrypted. But yesUSAGEis used to modify an account by granting simple resource limiters such asMAX_QUERIES_PER_HOUR, again this can be specified by also using the WITH clause, in conjuction withGRANT USAGE(no privileges added) orGRANT ALL, you can also specifyGRANT USAGEat the global level, database level, table level,etc....I was trying to find the meaning of
GRANT USAGE on *.* TOand found here. I can clarify thatGRANT USAGE on *.* TO user IDENTIFIED BY PASSWORD passwordwill be granted when you create the user with the following command (CREATE):When you grant privilege with
GRANT, new privilege s will be added on top of it.