The primary function of the MySQL privilege system is to authenticate a user who connects from a given host and to associate that user with privileges on a database such as SELECT, INSERT, UPDATE, and DELETE.
Information about user privileges is stored in the user, db, host, tables_priv, columns_priv, and procs_priv tables in the mysql database (that is, in the database named mysql). The MySQL server reads the contents of these tables when it starts.
MySQL access control involves two stages when you run a client program that connects to the server:
- Stage 1: The server checks whether it should allow you to connect.
- Stage 2: Assuming that you can connect, the server checks each statement you issue to determine whether you have sufficient privileges to perform it. For examples: Create table privilege, Drop table privilege or Alter table privilege.
The server uses the user, db, and host tables in the mysql database at both stages of access control
See also: Setting Privileges.