MySQL 5.6 Reference Manual Including MySQL NDB Cluster 7.3-7.4 Reference Guide SHOW GRANTS Statement


This statement displays the privileges that are assigned to a MySQL user account, in the form of GRANT statements that must be executed to duplicate the privilege assignments.

SHOW GRANTS requires the SELECT privilege for the mysql system database, except to display privileges for the current user. For output that includes an IDENTIFIED BY PASSWORD clause displaying an account password hash value, the SUPER privilege is required to see the actual hash value. Otherwise, the value displays as <secret>.

To name the account for SHOW GRANTS, use the same format as for the GRANT statement (for example, 'jeffrey'@'localhost'):

mysql> SHOW GRANTS FOR 'jeffrey'@'localhost';
| Grants for jeffrey@localhost                                     |
| GRANT USAGE ON *.* TO `jeffrey`@`localhost`                      |
| GRANT SELECT, INSERT, UPDATE ON `db1`.* TO `jeffrey`@`localhost` |

The host part, if omitted, defaults to '%'. For additional information about specifying account names, see Section 6.2.4, “Specifying Account Names”.

To display the privileges granted to the current user (the account you are using to connect to the server), you can use any of the following statements:


If SHOW GRANTS FOR CURRENT_USER (or any equivalent syntax) is used in definer context, such as within a stored procedure that executes with definer rather than invoker privileges, the grants displayed are those of the definer and not the invoker.

SHOW GRANTS does not display privileges that are available to the named account but are granted to a different account. For example, if an anonymous account exists, the named account might be able to use its privileges, but SHOW GRANTS does not display them.