basic database user creation help

melvyn

Nope, you simply type the same statement again, using a different password.

rhuian

Could someone please explain to me (specifically, cause I'm slow) how to create accounts for my users which let them change THEIR database adding deleting tables and what not but won't let them change anyone elses database adn won't let them add databases.

Thanks

Michael

melvyn

Which database?

rhuian

oops sorry

mysql .36

melvyn

GRANT SELECT,INSERT,UPDATE,DELETE,DROP,INDEX
ON databasename.*
TO 'username'@'hostname'
IDENTIFIED BY 'password';

Explanation:
-- You may consider FILE privileges also, but that gives at least read access to any file, on mysql can look at and thus compromises security big-time.
-- Obviously you don't want to grant RELOAD and SHUTDOWN privileges, since they are used for server-ops, which should only be the root and other administrators.
-- PROCESS you might grant, but it shows what is running and can kill processes.
-- REFERENCES is a bogus privilege, used for SQL-92 compatibility.

-- ON databasename.* defines, that the user only has those privileges, WITHIN that database's context. So he can't create a database and can't alter mysql grant tables.
-- TO is best used in the syntax described above (with the quotes) since that allows for alternate syntaxes, like:
'user'@'%' and 'user'@'192.168.0.1/255.255.255.0'

There's no need to do a FLUSH PRIVILEGES command, since GRANT updates user permissions dynamically, in contrary to alterations of the mysql grant tables, via INSERT/ALTER/DELETE SQL commands.

Hope this helps.

rhuian

Thanks! How do I grant more than one database to a user?

melvyn

retype the same lines, with a different database name 🙂.

There's currently no way to provide a list, other than wildcardpatterns, which may not be desirable.

rhuian

thanks. one more idoit question. How do I change a password? with update?