Chapter 1: Basics of SQL8

❯

Chapter 2: Querying Data10

❯

Chapter 3: SQL Joins6

❯

Chapter 4: Intermediate SQL6

❯

Chapter 5: Advanced SQL7

❯

Chapter 6: Database Design5

❯

Chapter 7: Optimization3

❯

Chapter 8: Security2

❯

Chapter 9: Advanced Querying4

❯

Chapter 10: Integrations4

❯

SQL User Management and Permissions - Controlling Access to Your Database

Security

⬅ Previous TopicSQL Injection and Security

Next Topic ⮕SQL Common Table Expressions

Introduction

Imagine a school where everyone had keys to every room — from classrooms to the principal’s office. It would be chaos. The same goes for databases. User management and permissions allow you to assign just the right access to each user — no more, no less — ensuring both security and accountability.

Why User Management Matters

Protect sensitive data (like student marks)
Enforce roles (teacher vs admin vs auditor)
Track and log who did what

Creating a New User

-- Syntax (MySQL):
CREATE USER 'teacher1'@'localhost' IDENTIFIED BY 'SecurePass@123';

This creates a user named teacher1 who can connect from the local machine.

Granting Permissions

Give read-only access to students table:

GRANT SELECT ON school.students TO 'teacher1'@'localhost';

Give full access to marks table:

GRANT SELECT, INSERT, UPDATE ON school.marks TO 'teacher1'@'localhost';

Apply changes:

FLUSH PRIVILEGES;

Viewing User Privileges

SHOW GRANTS FOR 'teacher1'@'localhost';

GRANT SELECT ON school.students TO 'teacher1'@'localhost';
GRANT SELECT, INSERT, UPDATE ON school.marks TO 'teacher1'@'localhost';

Revoking Permissions

REVOKE INSERT, UPDATE ON school.marks FROM 'teacher1'@'localhost';

This removes data modification rights but retains read-only access.

Dropping a User

DROP USER 'teacher1'@'localhost';

This permanently removes the user from the system.

Permission Scope Explained

Permission	Description
SELECT	Read rows
INSERT	Add new rows
UPDATE	Modify existing rows
DELETE	Remove rows
ALL	Full access to a table or DB

Real-World School Use Cases

Teachers: Read/write access to marks, no access to admin tables
Principal: Full access to all tables
Auditors: Read-only access to financial and academic data
IT Admins: ALL privileges + permission to create/drop users

Security Best Practices

Never use root for applications
Create separate users for read vs write operations
Change default passwords immediately
Use REVOKE when permissions are no longer needed
Review SHOW GRANTS regularly

Summary

Just like in a school, not everyone needs access to every file cabinet. Managing SQL users and their permissions helps enforce clear boundaries. Done right, it protects your data, clarifies roles, and supports system stability.

QUIZ

Question 1:Which SQL command is used to give a specific user access to a table?

GRANT
ALLOW
ENABLE
ACCESS

Question 2:The REVOKE statement is used to remove privileges that were previously granted to a user.

True
False

Question 3:Which of the following are valid privileges you can grant in SQL?

SELECT
INSERT
EXECUTE
DROP USER

Question 4:In a school database, which command would allow a user 'staff_admin' to insert new rows into the 'students' table?

GRANT INSERT ON students TO staff_admin;

ALLOW INSERT INTO students TO staff_admin;

GIVE INSERT PRIVILEGES TO staff_admin ON students;

```
ADD staff_admin INSERT INTO students;
```

Question 5:Every user in a database automatically has permission to delete records from every table.

True
False

Question 6:Which are benefits of using roles instead of assigning permissions individually?

Simplifies permission management
Reduces the risk of human error
Improves performance of SQL queries
Enables centralized control of privileges