grant file on just one database

Question

I want to allow LOAD DATA command for the john mysql user. So I logged into mysql terminal as root and issued the following statement:

grant file on johndat         


        

Answer 1

You can't grant FILE privileges on just a single database. That logically doesn't make any sense. Consider what the docs say:

The FILE privilege gives you permission to read and write files on the server host using the LOAD DATA INFILE and SELECT ... INTO OUTFILE statements and the LOAD_FILE() function. A user who has the FILE privilege can read any file on the server host that is either world-readable or readable by the MySQL server. (This implies the user can read any file in any database directory, because the server can access any of those files.)

Thus, the FILE privilege is a global privilege. It affects all files on the server and allows access only to global commands (e.g. LOAD DATA INFILE, etc...), not scoped to any database. The only way to grant FILE privileges is on all databases, using this syntax:

GRANT FILE ON *.* TO 'john'@'localhost';

Answer 2

with the FILE privilege, you give a user access to the filesystem that the mysql server can access. Because of this, it's useless to limit it to a specific database, as the user will be able to access all databases on filesystem level. This is because it can only be set on .