Managing Users and Privileges
The ‘User Manager’ tool, which can be accessed from the main menu option ‘Tools’, can be used to add / edit / delete database users and manage their access rights on the database server.
Database Users
Each database user is identified by its user name and hostname. It is possible for one user name to have multiple host names, which allows the same user to be setup with different access rights depending on the host from where the database connection is initiated.
The hostnames ‘%’, ‘localhost’ and ‘127.0.0.1’ represent special hostnames. For all other hosts, you can specify either the ip address or the machine name of the host.
For example, If you would like to create a user called ‘manager’ that should be allowed access from any host, the host should be set to ‘%’ (without the quotes).
The host name ‘localhost’ and ‘127.0.0.1’ represents the local machine on which the database server resides. For root / admin users, this is the default host name so that the database access by the root is restricted to the server machine for security reasons.
Access Rights
Each database user has a set of ‘Global’ rights and specific access right to each database on the server and its objects. Privilege is a complimentary word for the access rights given to a user.
The global privileges enable a user to access all databases with that particular privileges on the server. For example, a user with the global ‘select’ privilege will be able to perform select queries on all tables in all databases. Similarly, a user with the global privilege of ‘Super’ is able to perform everything that a root user can. For complete details of each global privilege and its meaning, please refer to the mysql documentation.
Database privileges are normally assigned to users created for accessing a particular database on the server. Similar to the set of global privileges, there is a set of privileges per database that can be assigned to the user. For example, a user can be granted full read access to a database, but denied access to any changes by giving the user ‘select’ privilege on that database.
To see the complete list and the meaning of each database privilege, please refer to the mysql documentation.