DEV Community

Cover image for How To Create User Account With Privileges Second Only to The 'root' Account in RDS MariaDB?
mrboogiej
mrboogiej

Posted on • Edited on

How To Create User Account With Privileges Second Only to The 'root' Account in RDS MariaDB?

Account Privileges:

①Privileged Account > ②Standard Account(DML+DDL) > ③Standard Account(DDL) > ④Standard Account(DML) > ⑤Standard Account(Read-Only)
Image description

① How to create privileged account?

Create on the console.

Or you can create via openAPI, we will discuss in another article.

② How to create standard account with DDL+DML privileges?

See example as below:
The given example will create a user named 'normal3' with DDL and DML privileges on DB 'test3' and it is allowed to access from anywhere.

create user IF NOT EXISTS normal3@'%' identified by 'Passw@rd!';
show grants for normal3;
_// The user will only have USAGE privilege after created. So you would need to grant process, replication slave and replication client on *.* to new user account._
GRANT PROCESS, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'normal3'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `test3`.* TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`help_keyword` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`time_zone_name` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`help_category` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`help_relation` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`time_zone_leap_second` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`slow_log` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`time_zone_transition_type` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`func` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`general_log` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`proc` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`time_zone` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`help_topic` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`time_zone_transition` TO 'normal3'@'%';
GRANT SELECT ON `mysql`.`event` TO 'normal3'@'%';
Enter fullscreen mode Exit fullscreen mode

③ How to create standard account with DDL privileges?

create user IF NOT EXISTS normal6@'%' identified by 'Passw@rd!';
GRANT PROCESS, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'normal6'@'%';
GRANT CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE ON `sampledb`.* TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`help_keyword` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`time_zone_name` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`help_category` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`help_relation` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`time_zone_leap_second` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`slow_log` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`time_zone_transition_type` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`func` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`general_log` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`proc` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`time_zone` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`help_topic` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`time_zone_transition` TO 'normal6'@'%';
GRANT SELECT ON `mysql`.`event` TO 'normal6'@'%';
Enter fullscreen mode Exit fullscreen mode

④ How to create standard account with DML privileges?

create user IF NOT EXISTS normal5@'%' identified by 'Passw@rd!';
GRANT PROCESS, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'normal5'@'%';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, SHOW VIEW, EVENT, TRIGGER ON `sampledb`.* TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`help_keyword` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`time_zone_name` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`help_category` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`help_relation` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`time_zone_leap_second` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`slow_log` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`time_zone_transition_type` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`func` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`general_log` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`proc` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`time_zone` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`help_topic` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`time_zone_transition` TO 'normal5'@'%';
GRANT SELECT ON `mysql`.`event` TO 'normal5'@'%';
Enter fullscreen mode Exit fullscreen mode

⑤ How to create standard account with Read-Only privileges?

create user IF NOT EXISTS normal4@'%' identified by 'Passw@rd!';
GRANT PROCESS, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'normal4'@'%';
GRANT SELECT, LOCK TABLES, SHOW VIEW ON `test4`.* TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`help_keyword` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`time_zone_name` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`help_category` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`help_relation` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`time_zone_leap_second` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`slow_log` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`time_zone_transition_type` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`func` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`general_log` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`proc` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`time_zone` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`help_topic` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`time_zone_transition` TO 'normal4'@'%';
GRANT SELECT ON `mysql`.`event` TO 'normal4'@'%';
Enter fullscreen mode Exit fullscreen mode

Top comments (0)