MySQL Account Privileges - dummies

By Steve Suehring, Janet Valade

MySQL uses account privileges to specify who can do what. Anyone using a valid account can connect to the MySQL server, but he or she can do only those things that are allowed by the privileges for the account. For example, an account might be set up so that users can select data but can’t insert or update data.

Privileges can be granted for particular databases, tables, or columns. For instance, an account can allow the user to select data from all the tables in the database but insert data into only one table and update only a single column in a specific table.

The table lists some privileges that you might want to assign or remove. Other privileges are available, but they’re less commonly used.

MySQL Account Privileges
Privilege Description
ALL All privileges
ALTER Can alter the structure of tables
CREATE Can create new databases or tables
DELETE Can delete rows in tables
DROP Can drop databases or tables
FILE Can read and write files on the server
GRANT Can change the privileges on a MySQL account
INSERT Can insert new rows into tables
SELECT Can read data from tables
SHUTDOWN Can shut down the MySQL server
UPDATE Can change data in a table
USAGE No privileges

You probably don’t want to grant ALL because it includes privileges for administrative operations, such as shutting down the MySQL server — privileges that you don’t want anyone other than yourself to have.