Security Question

General security “issue” that has me puzzled regarding user accounts/DB access. Let’s say I have a DB called mydb on a home network (192.168.0.x subnet), and I execute the following statements:

grant usage on . to ‘testuser’@‘%’;
grant all privileges on ‘mydb’ to ‘testuser’@‘%’;

grant usage on . to ‘testuser’@‘’;
grant all privileges on ‘mydb’ to ‘testuser’@‘’;

Does one statement take precedent over the other? The first two statements grant remote access to all hosts, whereas the second two grant it to a specific remote host.

I ask this because I’ve inherited multiple DBs with this scenario and, in my mind, if we have the ‘user’@‘%’ grant in there, then it’s silly to have all the others in there, and they should be removed, but I want to confirm that I understand the entries correctly, if that makes sense.

Any guidance would be greatly appreciated. Thanks!

Hi, my understanding is it works like this: if user from connects, then since there is a specific entry for that IP, it will be used instead of the more generic %.
Best to run a few tests to confirm though.