28

I have a number of users who are connecting to MySQL over a VPN, so we have grants along the lines of grant select on foo.* to user@ipaddress1 and so on.

This week, the IP used on the VPN changed to address2, so user@ipaddress1 grants no longer work.

What's the best way to handle updating the user and grant information in MySQL to reflect this change?

Note that the grants are a serious mess, because some users are excluded from particular columns in particular tables, so we've had to do grants around the excluded objects.

Manuel Jordan
  • 131
  • 3
cjc
  • 24,916
  • 3
  • 51
  • 70

3 Answers3

54

Apparently, the right way to do this is:

RENAME USER user@ipaddress1 TO user@ipaddress2;

For more details see the RENAME USER Statement section

This takes care of all the grants.

Manuel Jordan
  • 131
  • 3
cjc
  • 24,916
  • 3
  • 51
  • 70
5

Just update the host field in your MySQL user table:

update mysql.user set Host = 'newIP' where Host = 'oldIP';
flush privileges;
Alok Rajasukumaran
  • 105
  • 4
jdw
  • 3,855
  • 2
  • 17
  • 21
2

If you have a dedicated subnet for your VPN users the following syntax works well. 

GRANT ALL ... user_name@'192.168.1.%'
bahamat
  • 6,263
  • 24
  • 28
Tim Brigham
  • 15,545
  • 10
  • 75
  • 115
  • That doesn't help with the existing users at a specific IP. We would still have to redo all the grants, even if we're using a range the next time through. – cjc Nov 10 '11 at 21:42
  • You can update the existing users with the same syntax. – Tim Brigham Nov 10 '11 at 21:45