[RESOLVED] Granting SQL privileges to users

robkir

What is the best mix of privileges to grant a user who is interfacing with a SQL table? Insert, update, create, and select seem logical.

Other choices are references, alter, grant, index, execute, drop create view, show view, lock tables, trigger, create routine, alter routine, event, create temporary tables and delete. Is there any reason to grant these?

Thanks,
robkir

Weedpacket

Grant them the minimum they need to do their job.

NogDog

I would think that most (all?) "normal" page requests would only need select, insert, and update privileges. You might possibly need delete, but often what is functionally a deletion is really an update on the DB side (e.g. changing some status indicator field in the table row). And consider that you could have more than one DB user for an app/database, perhaps having non-logged-in users connect with a DB user who only has select permissions, while logged-in users might connect with one that also has insert/update, and an admin user might connect with a DB user with even more privileges.

robkir

NogDog;11043151 wrote:
I would think that most (all?) "normal" page requests would only need select, insert, and update privileges. You might possibly need delete, but often what is functionally a deletion is really an update on the DB side (e.g. changing some status indicator field in the table row). And consider that you could have more than one DB user for an app/database, perhaps having non-logged-in users connect with a DB user who only has select permissions, while logged-in users might connect with one that also has insert/update, and an admin user might connect with a DB user with even more privileges.

Thanks guys for the info. Looks like I've been giving out a few more permissions than I should. I'll narrow it down.

robkir