Security Question

ultrapain · May 10, 2023, 5:40pm

General security “issue” that has me puzzled regarding user accounts/DB access. Let’s say I have a DB called mydb on a home network (192.168.0.x subnet), and I execute the following statements:

grant usage on . to ‘testuser’@‘%’;
grant all privileges on ‘mydb’ to ‘testuser’@‘%’;

grant usage on . to ‘testuser’@‘192.168.14.50’;
grant all privileges on ‘mydb’ to ‘testuser’@‘192.168.14.50’;

Does one statement take precedent over the other? The first two statements grant remote access to all hosts, whereas the second two grant it to a specific remote host.

I ask this because I’ve inherited multiple DBs with this scenario and, in my mind, if we have the ‘user’@‘%’ grant in there, then it’s silly to have all the others in there, and they should be removed, but I want to confirm that I understand the entries correctly, if that makes sense.

Any guidance would be greatly appreciated. Thanks!

Ivan_Groenewold · May 15, 2023, 11:00am

Hi, my understanding is it works like this: if user from 192.168.14.50 connects, then since there is a specific entry for that IP, it will be used instead of the more generic %.
Best to run a few tests to confirm though.

Topic		Replies	Views
Give remote user MySQL root access , How ? Other MySQL® Questions	2	8523	March 25, 2013
MySql root privileges issue Other MySQL® Questions	13	7768	September 20, 2013
Percona 5.6 server tcp connection Percona Server for MySQL 5.6	1	581	December 21, 2015
Can't grant privileges to user Percona XtraDB Cluster 5.x mysql , percona	5	2375	February 19, 2021
Authentication plugin with ldap and proxy user Other MySQL® Questions	0	840	November 17, 2015

Security Question

Related topics