When organizing things helps to simplify life.
In the previous article, we start to explore dynamic
privileges and the interaction with static ones. We also saw how
to remove SUPER privilege from a DBA account.
What we did was go by subtraction. But in real life, we should
act differently. We should ADD only what is really needed for the
account to work correctly.
Adding privilege one by one, and for each user is problematic
given the level of interaction they may have, and also prone to
Instead, we can use ROLES to group, assign, and revoke the
correct privileges in a much easier way.
This is becoming even more important in MySQL with the advent of
What should we do to correctly use ROLES? Well first of all
design. …[Read more]