How The Privilege System Works
- When connecting to a MySQL server, identity is determined by the connecting client host and the username specified.
- MySQL considers both the hostname and username in identifying because there is little reason to assume that a given username belongs to the same person everywhere on the Internet.
- When requests are issued after connecting, the system grants privileges according to the identity and the type of request.
- When a client program connects to the server, MySQL access control involves two stages.
- The server checks whether it should allow the connection.
- Assuming a connection, the server checks each statement issued to determine whether there are sufficient privileges to perform it.
- The server uses the
user, db, and host tables in the mysql database at both stages of access control.
- In addition to the
user, db, and host grant tables, the server may also consult the tables_priv and columns_priv tables for requests that involve tables.
- Access control decisions are based on the in-memory copies of the grant tables.
- The server stores privilege information in the grant tables of the
mysql database.
- The MySQL server reads the contents of these tables into memory when it starts.
What do the user, db, and host tables look like?
© 2007 John Michael Pierobon
Notes
![[OUTLINE]](../images/index.gif)
![[PREVIOUS]](../images/back.gif)
![[NEXT PAGE]](../images/next.gif)
![[CHAPTER 4]](../images/up.gif)