Hey.
Yes, you can define privileges all the way down to individual columns.
You can read all about the specifics in the manual.
(12.5.1.3. GRANT Syntax)
But it basically goes like this:
-
-- Global. Applies to all databases, all tables, all columns
-
GRANT ALL ON *.* ...
-
-
-- Database specific. Applies to all tables in that database.
-
GRANT ALL ON myDb.* ...
-
-
-- Tables specific. Applies to all columns in that table.
-
GRANT ALL ON myDb.myTable ...
-
-
-- Column specific. Applies only to the specified columns
-
GRANT
-
SELECT (col1, col2),
-
INSERT (col2)
-
UPDATE (col1)
-
ON myDb.myTable ...
Database specific privileges are stored in the
'mysql.db' and
'mysql.host' tables. Table specific in the
'mysql.tables_priv' table and column specific in the
'mysql.columns_priv' table.
You can use them to see which users have access to what commands on which database. If you have root access, you can also edit those tables to modify them.
Remember! Do not modify the
mysql tables, though, unless you have backed up the database! In case something goes wrong :)