MySQL permissions and privileges
Archive - Originally posted on "The Horse's Mouth" - 2005-12-20 06:53:41 - Graham EllisIn MySQL, users log in with a user name and password (the login also depends on their client computer's name or IP address which can be restricted). Each user account has a set of permissions which are set up to offer:
a) Global privileges over all databases managed by the current MySQL instance PLUS
b) Privileges over specific database(s) PLUS
c) Privileges over specific table(s) PLUS
d) Privileges over specific columns.
At the Global level, privileges range form "select_priv" which allows for data to be read (select commands) through to "shutdown_priv" which allows the user to shut down the MySQL service. Many of these are inappropriate "per database", "per table" or "Per column", so that although there are over 20 different privileges at a global level, there are only 4 at a column level.
Privileges are additive - in other words, a user has everything offered to him at the global level and then ADDS anything at lower levels.
On a typical ISP system, each account holder is given NO global rights and FULL rights over the database that bears his user name, or over all databases that start with his user name.