When talking about MariaDB Server – Privileges, people use grant all
and assign a full set of privileges to *.*
– to all databases on the database server. This is not very smart so, that is why we assigned a full set of privileges to a single database only.
OS Version: Ubuntu Os 18.04.3 (LTS) x64
MariaDB Version: 10.1.44
To understand what we are working with, let’s login to MariaDB Server:
bluegrid-edu:~# mysql
Now, let’s run following command to list out all privileges:
MariaDB [(none)]> show privileges;
Here is the privileges list with context for each and short description:
Privilege | Context | Comment |
Alter | Tables | To alter the table |
Alter routine | Functions, Procedures | To alter or drop stored functions/procedures |
Create | Databases, Tables, Indexes | To create new databases and tables |
Create routine | Databases | To use CREATE FUNCTION/PROCEDURE |
Create temporary tables | Databases | To use CREATE TEMPORARY TABLE |
Create view | Tables | To create new views |
Create user | Server Admin | To create new users |
Delete | Tables | To delete existing rows |
Drop | Databases, Tables | To drop databases, tables, and views |
Event | Server Admin | To create, alter, drop and execute events |
Execute | Functions, Procedures | To execute stored routines |
File | File access on the server | To read and write files on the server |
Grant option | Databases,Tables,Functions,Procedures | To give to other users those privileges you possess |
Index | Tables | To create or drop indexes |
Insert | Tables | To insert data into tables |
Lock tables | Databases | To use LOCK TABLES (together with SELECT privilege) |
Process | Server Admin | To view the plain text of currently executing queries |
Proxy | Server Admin | To make proxy user possible |
References | Databases, Tables | To have references on tables |
Reload | Server Admin | To reload or refresh tables, logs, and privileges |
Replication client | Server Admin | To ask where the slave or master servers are |
Replication slave | Server Admin | To read binary log events from the master |
Select | Tables | To retrieve rows from a table |
Show databases | Server Admin | To see all databases with SHOW DATABASES |
Show view | Tables | To see views with SHOW CREATE VIEW |
Shutdown | Server Admin | To shut down the server |
Super | Server Admin | To use KILL thread, SET GLOBAL, CHANGE MASTER, etc. |
Trigger | Tables | To use triggers |
Create tablespace | Server Admin | To create/alter/drop tablespaces |
Update | Tables | To update existing rows |
Usage | Server Admin | No privileges – allow connect only |
To exercise the use of privileges let’s create a user called “tester” and allow it to only create tables in the database “testdb”:
Create test user “tester”:
MariaDB [(none)]> create user [email protected] identified by 'tester';
Create test database:
MariaDB [(none)]> create database testdb;
Grant create a privilege to user “tester” on database “testdb”:
MariaDB [(none)]> grant create on testdb.* to [email protected];
Reload privileges:
MariaDB [(none)]> flush privileges;
Let’s test our privileges by creating a database and then deleting it. We should be able to create it but delete command should fail:
- Select database
MariaDB [testdb]> use testdb;
- Create command
MariaDB [testdb]> create table test (id int, name char(255));
- Delete command
MariaDB [testdb]> drop table testdb;
Mission accomplished!
Let’s see how we can assign multiple privileges to a single user:
MariaDB [(none)]> grant create, drop on testdb.* to [email protected];
Now we can test it by creating and deleting table:
- Create command
MariaDB [testdb]> create table test (id int, name char(255));
- Drop command
MariaDB [testdb]> drop table test;
Voila! We have successfully created and deleted the table.
By looking at the table above you can use any privilege list per your use case and apply it as shown in the example.
Related article: How to install WordPress on Ubuntu OS Server