>I Have a question relating to setting up users for our customers on a shared
>server environment. I can not find this answer in the documentation so I am
>trying here.
>
>Is it standard practice to give the user of the database (site owner) one
>set of permissions which I figure should be:
>
>select, insert, update,delete, create, drop On database to user@localhost
I would include "alter" and "index" in this list. You can accomplish
the equivalent of alter with drop and create but alter can be a
LOT easier to work with. Alter can be used to subvert table and
column privileges but here it seems that only per-database privileges
are used.
I would also include "references" if it actually did anything.
Essentially, the owner of a database gets all the per-database
privileges on his own database. You would probably NOT want to
give privileges such as reload, shutdown, process, and file, as
these aren't limited to one database.
>and create one for them to put into their php pages that call the database
>from the website (which would be the one their visitors are using)? like an
>IUSER_ but for mysql?
>
>If so, what should the bare minimum permissions be for this username. I
>think insert, update, delete and select, but I am not sure.
The bare minimum is: select .
Some pages read the database only and make no changes in it.
Normal privileges for a web page that uses the data but does not
alter the schema (no temporary tables) would be: select, insert,
update, delete, on one specific database. You might not want to
grant "delete" if the changed data is handled like a log and you
don't want the web page ever deleting previously logged data. If
you don't want the site owner constantly asking for changes in the
setup, you'd probably give the web-page login the "delete" privilege.
Gordon L. Burditt
---------------------------------------------------------------------
Before posting, please check:
http://www.mysql.com/manual.php (the manual)
http://lists.mysql.com/ (the list archive)
To request this thread, e-mail <[EMAIL PROTECTED]>
To unsubscribe, e-mail <[EMAIL PROTECTED]>
Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
