Specifications
widely needed by users. Security is always a trade off between usability and safety. You should
make your own decision when it comes to ALTER, but it is often granted to users.
In addition to the privileges listed in Table 8.1, a REFERENCES privilege exists that is currently
unused, and a GRANT privilege exists that is granted with WITH GRANT OPTION rather than in the
privileges list.
Table 8.2 shows the privileges suitable for use by administrative users.
TABLE 8.2 Privileges for Administrators
Privilege Description
RELOAD Allows an administrator to reload grant tables and flush privileges, hosts,
logs, and tables.
SHUTDOWN Allows an administrator to shut down the MySQL server.
PROCESS Allows an administrator to view server processes and kill them.
FILE Allows data to be read into tables from files, and vice versa.
It is possible to grant these privileges to nonadministrators, but extreme caution should be used
if you are considering doing so. The average user should have no need to use the RELOAD,
SHUTDOWN, and PROCESS privileges.
The FILE privilege is a bit different. It is useful for users because loading data from files can
save a lot of time re-entering data each time to get it into the database. However, file loading
can be used to load any file that the MySQL server can see, including databases belonging to
other users and, potentially, password files. Grant it with caution, or offer to load the data for
the user.
Two special privileges also exist, and these are shown in Table 8.3.
T
ABLE 8.3 Special Privileges
Privilege Description
ALL Grants all the privileges listed in Tables 8.1 and 8.2. You can also write
ALL PRIVILEGES instead of ALL.
USAGE Grants no privileges. This will create a user and allow her to log on, but it
won’t allow her to do anything. Usually you will go on to add more privi-
leges later.
Creating Your Web Database
C
HAPTER 8
8
CREATING YOUR
WEB DATABASE
191
11 7842 CH08 3/6/01 3:38 PM Page 191