1

I'm creating a SAAS website, and every new account creation should have :

  • a new database created for it dynamically from my php code ,
  • a new MySQL user created dynamically from my PHP code and granted with privileges over the new database.

My question is: How can I create a MySQL user who have privileges to do these actions , ( create db, create users, grant privileges).

But It's important to note: I want this MySQL user to not be able to show or manipulate any other database not created by him.

Note: I have a server with WHM access.

Improve this question

2 Answers 2

Reset to default
3

To enable the new user called userguy to create other users on database db

create the user

CREATE USER 'userguy'@'%' IDENTIFIED BY 'password';

he needs reload on global rights

GRANT CREATE USER, RELOAD  ON *.* TO 'userguy'@'%';

then whatever rights you want to give him on db

GRANT EXECUTE, SELECT, SHOW VIEW, ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP, EVENT, INDEX, INSERT, REFERENCES, TRIGGER, UPDATE, LOCK TABLES  ON `db`.* TO 'userguy'@'%' WITH GRANT OPTION;

and flush at the end

FLUSH PRIVILEGES;

this should do the job.

UPDATE:
I am sorry, I have not read attentive the question (blame the coffee). If the user should also create new databases he also needs the global CREATE right, and for creating user for the DBs created by him he also needs CREATE USER 

GRANT CREATE, CREATE USER, SELECT, RELOAD  ON *.* TO 'userguy'@'%';

In my opinion there is no need for global GRANT privileges

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Nope, this user will not have the ability to create databases, so this answer is not correct.
@Shadow if you read the first row "To enable the new user called userguy to create other users on database db" ...
0

I have found the main answer to my problem in the following link: https://stackoverflow.com/a/13041542/9419598

By using : GRANT ALL PRIVILEGES ON testuser_% . * TO 'testuser'@'%';

this will allow the testuser to create databases starting with testuser_ and will have al priviledges over them

And he will not have privileges over other databases. And I can grant him the create user privilege

This does the stuff.

Improve this answer

1 Comment

CREATE, CREATE USER, SELECT, RELOAD is enough

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.