Grant users to create database with username - mysql

In phpmyadmin I want to grant users to create and delete databases but this access should be limited to a specific prefix.
My users have 3 different accounts on PhpMyAdmin: username_ro (for only reading), username_rw (for reading and writing) and username_admin (for creating other databases and tables into their account)
I want them to be able to create a database username_website but I don't want them to be able to create database theother_website. They should also be able to drop username_website but unable to drop theother_website
How can I do this with sql or PhpMyAdmin.
Thanks in advance.

With some trial and error I have found a solution. By doing this query I was able to create and drop database username_website but I wasn't able to create or drop database theother_clients
GRANT ALL PRIVILIGES
ON `username\_%`.*
TO 'username_admin'#'localhost';
PS. the query is a little edited. I changed the rights I actually gave with ALL PRIVILIGESand I changed the actual username with username.

Related

Prevent users from removing MySQL triggers set by different user

Im currently setting up a database system with a lot of different users, having access to only limited views, and tables of the database system.
Now I need to create several triggers as the root user, to prevent some actions. But all the users should be able to create a trigger for a database created for them and the tables within. This is working fine since every user has database-specific privileges. Sadly this does allow for some reason the user to delete triggers set by the root user on their database.
If I have database 'A' with table 'test'. I create a trigger as root user for database 'A' table 'test'. Now user 'someone' has privileges to create triggers for database 'A', but he should NOT be able to remove any trigger set by the root account on database 'A'. Sadly he can remove triggers created by root... anyone know how to fix this for MySQL?
Here is the privileges for the user for the specific database:
Now the query executed by the root user:
Result in with SHOW TRIGGERS executed by user 'someone' on database 'A':
Execution of DROP TRIGGER by user 'someone' on database 'A':
Why can the user remove this trigger? It's not created by him but root... Also for anyone asking, the query 'SELECT CURRENT_USER();' returns 'someone#localhost' and NOT 'root#localhost', i have activly switched accounts.
If you grant a user the TRIGGER privilege to create triggers on a given table, you grant them all the operations that privilege covers, which includes both create and drop
https://dev.mysql.com/doc/refman/8.0/en/drop-trigger.html says:
DROP TRIGGER requires the TRIGGER privilege for the table associated with the trigger.
It doesn't matter who defined the trigger. MySQL generally has no concept of ownership for database objects like tables or triggers.
You are going to have to think of a different design that does not require users to be disallowed this access.

MySQL - 'Drop User' vs 'delete from user'

I need to delete database access from some hosts. There are two options:
This option appears to be the best as I don't need to delete individual users
use mysql;
delete from user where host='myhost';
In second option below, I need to delete individual users.
drop user 'user1'#'myhost';
drop user 'user2'#'myhost';
drop user 'user3'#'myhost';
Any idea what is the difference between these options? Any pro and cons?
Thanks
When you use DROP USER Statement it removed one/more accounts + their accounts privileges.
When you use DELETE User it's just an SQL command which effects for table(s).
DROP is always more powerful than delete
Or You can use REVOKE to remove all permeation granted
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'user'#'myhost';
Privileges are
ALL PRIVILEGES – grants all privileges to the MySQL user
CREATE – allows the user to create databases and tables
DROP - allows the user to drop databases and tables
DELETE - allows the user to delete rows from specific MySQL table
INSERT - allows the user to insert rows into specific MySQL table
SELECT – allows the user to read the database
UPDATE - allows the user to update table rows
Read More about DROP USER Statement
Modifying the database tables requires a flush privileges call to refresh the cached data. Also, you have to make sure that you manually delete all user AND privileges (e.g., for tables, columns) manually.
Grant/drop user work immediately.
Cf. https://dev.mysql.com/doc/refman/8.0/en/privilege-changes.html

In My SQL i want user to restrict the Drop table and Drop database

In mysql i want trigger for drop table and alter table, like in sql server we have.
FOR DROP_TABLE, ALTER_TABLE triggers
Is there any thing which i can do for it? basically i want the functionality that user should not able to delete/alter the table, we can even achieve it by providing restrictive permissions, But we have application in which the customer purchased the sql server so they have root user login and then can do it, so if we add trigger then only i think we can restrict it,
Same thing i need to drop database, In SQL server we have
FOR DROP_DATABASE , DROP_TRIGGER ,ALTER_TRIGGER
Is there any way to do it in mysql
Thanks in advance
You could use the REVOKE command to remove the ALTER and DROP permissions for the user.
https://dba.stackexchange.com/questions/27372/blocking-drop-database-command

Permission to drop views but not drop tables

I want to create a user with permission to create and drop views but not drop tables or databases. This is so I can play around when testing my views without the risk of accidentally deleting a table.
There is a GRANT CREATE VIEW privilege but there doesn't appear to be a GRANT DROP VIEW counterpart. GRANT DROP apparently applies to databases, tables and views.
Is this possible in MySQL?
I've been researching this, too, and the answer appears to be No. You can restrict the DROP to only tables/views within one database (or a group of LIKE pattern-matched databases). This will make sure they cannot drop the entire database. Unfortunately, you cannot do pattern-matching on the table/view names. It's either all the tables/views (*) in those databases, or only explicity mentioned tables/views.

What database privileges does a Wordpress Blog really need?

I am setting up a few Wordpress blog sites. I have created a user in mysql that wordpress will use to access its database. The docs say to give this user all privileges on the database.
Does it really need full privileges? I expect not, so does anyone know the min set of privileges that it really needs?
I'm no Wordpress expert, but I would recommend it does actually have all privileges apart from GRANT. It will need to be able to create tables and insert/update etc. Several plugins use their own tables, which they create on the fly if they do not exist.
I grant:
ALTER
CREATE
CREATE TEMPORARY TABLES
DELETE
DROP
INDEX
INSERT
LOCK TABLES
SELECT
UPDATE
Hope that helps anyone else that looks into this.
grant select, insert, delete, update, create, drop, alter on myblog