Thanks, liuwt, for jumping into the fray. To clarify, we've never explicitly GRANTed to user "yada" any access to any db, yet when we log in as user "yada", we can "USE db-name" for any db in this installation. Even after saying:
"REVOKE all on <dbname>.* from yada;"
I receive this error:
"Error 1141: There is no such grant defined for user yada..."
Therefore, my followup question to you is, "How can I, in one fell swoop, do as you say, '...revoke all privileges [we] ever granted the user.' if we have never done any explicit GRANTs?" (At this point, we're not even worried about your step 2; we just want to prevent user yada from being able to "USE db-name". So far, I haven't seen anyone suggest how I can prevent yada from "USE db-name". Thanks to all.
Dave Hunt