I've found the overview contained in this article even more helpful than the actual MySQL documentation for describing the big picture of how MySQL privileges are granted or denied.
The gist of the overview article is that privileges are controlled by a series of increasingly finer-grained permissions tables in the mysql
database: mysql.user
, mysql.db
, mysql.host
, mysql.tables_priv
, mysql.columns_priv
, mysql.procs_priv
. The general rule is that a "Y" value for a privilege in a more fine-grained table overrules a "N" value in a more coarse-grained table. So the recommended strategy is to start by denying most privileges in the user
table (which gives the coarsest control), and then make only the specific overrides that you want in the more fine-grained tables.
In particular, there is a privilege called SHOW_DATABASES which is determined by the Show_db_priv
column in the mysql.user
table; you'll want to set this to "N" for the user in question (and as described above, you may want to set most other permissions in the user table to "N" as well) and then grant only the privileges that the user actually needs in the mysql.db
or mysql.tables_priv
table or whatever would be appropriate for your particular case.