Knowing which privileges a given account has is easy – just issue SHOW GRANTS FOR user@host. But what about when you need visibility into privileges from the other direction – which accounts can access specific data? If you’re a DBA – or perform DBA duties, regardless of your title – you may have been asked this question. It’s an important question to ask in an audit or compliance review – but it can be a difficult question to answer. This post will walk through how to assess this, but if you’re impatient and need answers to this question immediately, jump to the end – there’s a simple shortcut.
Things to consider
There are a few things you’ll want to consider about the implementation of the MySQL privilege system as you try to sort out who has access to certain data.
MySQL can restrict privileges based on operations – somebody who has …[Read more]