Re: restricting privileges on tables
Privileges can be manipulated individually, no matter that they're granted as a group. E.g. I have:
mysql> create database db1;
--------------
create database db1
--------------
Query OK, 1 row affected (0.00 sec)
mysql> GRANT USAGE ON *.* TO 'user'@'%' IDENTIFIED BY 'XXX';
--------------
GRANT USAGE ON *.* TO 'user'@'%' IDENTIFIED BY 'XXX'
--------------
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON db1.* to 'user'@'%';
--------------
GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON db1.* to 'user'@'%'
--------------
Query OK, 0 rows affected (0.00 sec)
mysql> revoke INSERT,UPDATE,DELETE ON db1.* FROM 'user'@'%';
--------------
revoke INSERT,UPDATE,DELETE ON db1.* FROM 'user'@'%'
--------------
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'user'@'%';
--------------
show grants for 'user'@'%'
--------------
+------------------------------------------------+
| Grants for user@% |
+------------------------------------------------+
| GRANT USAGE ON *.* TO 'user'@'%' |
| GRANT SELECT, EXECUTE ON `db1`.* TO 'user'@'%' |
+------------------------------------------------+
2 rows in set (0.00 sec)