28

I have a number of users who are connecting to MySQL over a VPN, so we have grants along the lines of grant select on foo.* to user@ipaddress1 and so on.

This week, the IP used on the VPN changed to address2, so user@ipaddress1 grants no longer work.

What's the best way to handle updating the user and grant information in MySQL to reflect this change?

Note that the grants are a serious mess, because some users are excluded from particular columns in particular tables, so we've had to do grants around the excluded objects.

Manuel Jordan
  • 131
cjc
  • 25,114

3 Answers3

55

Apparently, the right way to do this is:

RENAME USER user@ipaddress1 TO user@ipaddress2;

For more details see the RENAME USER Statement section

This takes care of all the grants.

Manuel Jordan
  • 131
cjc
  • 25,114
5

Just update the host field in your MySQL user table:

update mysql.user set Host = 'newIP' where Host = 'oldIP';
flush privileges;
Alok Rajasukumaran
  • 105
jdw
  • 3,865
2

If you have a dedicated subnet for your VPN users the following syntax works well. 

GRANT ALL ... user_name@'192.168.1.%'
bahamat
  • 6,313
Tim Brigham
  • 15,585
  • That doesn't help with the existing users at a specific IP. We would still have to redo all the grants, even if we're using a range the next time through. – cjc Nov 10 '11 at 21:42
  • You can update the existing users with the same syntax. – Tim Brigham Nov 10 '11 at 21:45