MySQL Forums
Forum List  »  Newbie

Re: Creating a restricted user account
Posted by: Rick James
Date: July 22, 2012 10:01AM

GRANT ... @localhost -- only accessible from the same machine. That is, the user would have to first log into the machine to get access to mysql.

This is the 'best' non-localhost:
GRANT SELECT ON dbname.* TO 'user'@'11.22.33.44' IDENTIFIED BY 'password';
It restricts 'user', when connecting from one particular IP address, and allows him readonly access to all (*) tables in one database (dbname).

Variations on that are available.

%@'11.22.33.44' -- anyone at that IP -- possibly too "open"
'user'@% -- allowing him access from any other machine -- probably too open
ON *.* -- this allows access to `mysql`, where the GRANT tables exist; not good.
GRANT ALL PRIVILEGES -- much too open.
GRANT SELECT, INSERT, ... -- selective permissions -- possibly not useful because of the clumsy granularity.

Options: ReplyQuote


Subject
Written By
Posted
Re: Creating a restricted user account
July 22, 2012 10:01AM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.