Database Reference
In-Depth Information
With those privileges, Lena should have what she needs to restore any of the data in the
rookery and birdwatchers databases.
User Account for Bulk Importing
The last administrative user weneed to create for Lena is admin_import . She'll use this
user account to import large data text files into our databases. This is covered in
Chapter15 . For this method of importing data, she'lluse the LOAD DATA INFILE
statement. That requires just the FILE privilege.
WARNING
The FILE privilege isa security risk because it has the ability to read data from any file on the server to
which MySQL has rights. This is why it is especially important that this privilege be given only to a user
account designated for importing files. The password for that user account should be given only to
someone who is trusted. You can restrict the directory from which files may be loaded with the se-
cure_file_priv variable. That will minimize the security risk to the filesystem. You can also revoke
this privilege when it's not in use and grant it again when needed to minimize risk to the databases.
The FILE privilege cannot be given for specific databases or components. It's a global
privilege. If we give it to the admin_import@localhost user account, it can import data in-
to any database — and it can export data from any database, including the mysql data-
base. So be careful who gets this privilege and never allow it with a remote host. Still, cre-
ate admin_import@localhost and give it this privilege by entering the following on the
server:
CREATE USER 'admin_import' @ 'localhost'
IDENTIFIED BY 'another_pwd_789' ;
GRANT FILE ON *.*
TO 'admin_import' @ 'localhost' ;
We have created all of Lena's administrative user accounts and set each one with the ne-
cessary privileges (no more and no less) for her to perform her duties related to our data-
bases. Let's create one more administrative user account, though, that may be of use to
you.
User Account to Grant Privileges
Another user account that youmight need is one for creating other users. You could use
root for that, but to continue the policy of using limited administrative user accounts for
separate functions, we should create a separate user account for user and privilege main-
Previous Page
Next Page
Learning MySQL and MariaDB
Search WWH ::




Custom Search
Home