Database Reference
In-Depth Information
With those privileges, Lena should have what she needs to restore any of the data in the
rookery
and
birdwatchers
databases.
User Account for Bulk Importing
The last administrative user weneed to create for Lena is
admin_import
. She'll use this
user account to import large data text files into our databases. This is covered in
statement. That requires just the
FILE
privilege.
WARNING
The
FILE
privilege isa security risk because it has the ability to read data from any file on the server to
which MySQL has rights. This is why it is especially important that this privilege be given only to a user
account designated for importing files. The password for that user account should be given only to
someone who is trusted. You can restrict the directory from which files may be loaded with the
se-
cure_file_priv
variable. That will minimize the security risk to the filesystem. You can also revoke
this privilege when it's not in use and grant it again when needed to minimize risk to the databases.
The
FILE
privilege cannot be given for specific databases or components. It's a global
privilege. If we give it to the
admin_import@localhost
user account, it can import data in-
to any database — and it can export data from any database, including the
mysql
data-
base. So be careful who gets this privilege and never allow it with a remote host. Still, cre-
ate
admin_import@localhost
and give it this privilege by entering the following on the
server:
CREATE
USER
'admin_import'
@
'localhost'
IDENTIFIED
BY
'another_pwd_789'
;
GRANT
FILE
ON
*.*
TO
'admin_import'
@
'localhost'
;
We have created all of Lena's administrative user accounts and set each one with the ne-
cessary privileges (no more and no less) for her to perform her duties related to our data-
bases. Let's create one more administrative user account, though, that may be of use to
you.
User Account to Grant Privileges
Another user account that youmight need is one for creating other users. You could use
root
for that, but to continue the policy of using limited administrative user accounts for
separate functions, we should create a separate user account for user and privilege main-