When mysqld starts, it reads all grant table contents into memory. The in-memory tables become effective for access control at that point.
If you modify the grant tables indirectly using account-management
statements such as GRANT
,
REVOKE
, or SET
PASSWORD
, the server notices these changes and loads the
grant tables into memory again immediately.
If you modify the grant tables directly using statements such as
INSERT
,
UPDATE
, or
DELETE
, your changes have no effect
on privilege checking until you either restart the server or tell
it to reload the tables. If you change the grant tables directly
but forget to reload them, your changes have no
effect until you restart the server. This may leave you
wondering why your changes do not seem to make any difference!
To tell the sever to reload the grant tables, perform a
flush-privileges operation. This can be done by issuing a
FLUSH PRIVILEGES
statement or by executing a mysqladmin
flush-privileges or mysqladmin reload
command.
When the server reloads the grant tables, privileges for each existing client connection are affected as follows:
Table and column privilege changes take effect with the client's next request.
Database privilege changes take effect the next time the
client executes a USE
statement.
db_name
Client applications may cache the database name; thus, this effect may not be visible to them without actually changing to a different database or flushing the privileges.
Global privileges and passwords are unaffected for a connected client. These changes take effect only for subsequent connections.
If the server is started with the
--skip-grant-tables
option, it does
not read the grant tables or implement any access control. Anyone
can connect and do anything. To cause a server thus started to
read the tables and enable access checking, flush the privileges.