Hi thanx for the details... Ok I know I am thick... and for some reason I cannot get my head around this, let me try to explain what I want to do then maybe you can tell me its possible and how it is possible.
I want to create a user that can be creative as he wants... allow him to create ANY databases he wants and delete them if he no longer needs them, but at that same time not be able to mess with ANY other privileges or anyone elses DBs. The only other way I can think of it to compare it to a windows situation. Lets say I'm in Windows and I start up MS Access... Now with me being a Windows user I can create any DB I want and do whatever I want to the DBs I've created (as long as its not in a read only folder) but I can't see or do anything to to the other peoples creations becuase I don't have permissions to do so. Am I going to have to, as root or another super user, create his DBs for him and then give him privileges to them? I just don't get how that sort of situation works in a production environment. But then again in a production environment you don't usually have people just creating DBs at will. Again sorry for my complete lack of understanding on this and stupidity, but my brain just will not wrap itself around this issue. Thanx for all the help so far, Ryan McDougall --- "Stefan Hinz, iConnect (Berlin)" <[EMAIL PROTECTED]> wrote: > Dear Ryan, > > have a look at the manual: > > http://www.mysql.com/documentation/mysql/bychapter/manual_MySQL_Database_Adm > inistration.html#User_Account_Management > > With the exception of Paul's book on MySQL, you probably won't find a better > explanation of the MySQL privilege system. > > > PLEASE I'M GOING CRAZY trying to figure this out... my book doesn't say > > anything about what EXACTLY a user can/can't touch with which privilages > > Just in short: > > Put this in my.cnf / my.ini: > > [mysqld] > safe-show-database > > This will prevent MySQL users to see databases to which they have no access > privilege. Starting with MySQL 4.0.5a, this have changed. Now, there is a > special privilege "show_database" which is set to "N" by default. > safe-show-database will still work, though. > > > grant select,insert,update,delete,create,drop > > on somedb.* to someusr@"%" identified by 'passwrd'; > > This means, someusr can access the somedb database and all its tables from > anywhere (%). someusr can create and drop tables, and might even drop > database somedb, but cannot add or drop any other databases. So this should > be exactly what you want. > > If applicable, you may want to restrict the access to something which is not > "%", but rather something like "192.168.%" (e. g. intranet users) or even > "62.115.92.78" (if your users have a static ip address). > > HTH! > -- > Stefan Hinz <[EMAIL PROTECTED]> > CEO / Geschäftsleitung iConnect GmbH <http://iConnect.de> > Heesestr. 6, 12169 Berlin (Germany) > Telefon: +49 30 7970948-0 Fax: +49 30 7970948-3 > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php
