Skip to main content

Delegation of authority

Delegation of authority solves the problem of centralized authorization. When you authorize a user, you can specify with admin/grant option to grant the user the authority to delegate the corresponding authority to other users. When you revoke the object or system authority of a user, the authorities delegated by the user are not revoked.

Delegation of authority

  • Delegation of authority failed

    1. Log in to seekdb as the root user.

    2. Create user A and grant the user the corresponding authority without the with grant option parameter.

      GRANT ALL PRIVILEGES ON *.* TO A IDENTIFIED BY '******';
      Query OK, 0 rows affected (0.034 sec)

    3. Log in as user A, create user B, and grant the same authority as that of user A to user B. An error is returned.

      GRANT ALL PRIVILEGES ON *.* TO 'B' IDENTIFIED BY '******';
      ERROR 1227 (42501): Access denied; you need (at least one of) the GRANT privilege(s) for this operation
      tip

      If you do not specify the with grant option parameter when you grant an authority to a user, the user cannot delegate the authority to other users.

  • Delegation of authority succeeded

    1. Log in to seekdb as the root user.

    2. Grant the corresponding authority to user A and specify the with grant option parameter. Example:

      GRANT ALL PRIVILEGES ON *.* TO A with grant option;

    3. Log in as user A, create user B, and grant the same authority as that of user A to user B. The grant succeeds.

      GRANT ALL PRIVILEGES ON *.* TO 'B' IDENTIFIED BY '******';
      Query OK, 0 rows affected (0.058 sec)

Contents

Edit this page