Creating a read-only database user account for MySQL

book

Article ID: 179529

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

 

Resolution

Creating a read-only database user account for MySQL

Collectors that use a database sensor require that you create a read-only database user account so that the collector can query for events.

See Installing collectors that use a database sensor.

To create a read-only database user account for MySQL

  1. At a UNIX prompt, run the MySQL command-line program, and log in as an administrator by typing the following command:

    mysql -u root -p

  2. Type the password for the root account.

  3. At the mysql prompt, do one of the following steps:

    • To give the user access to the database from any host, type the following command:

      grant select on database_name.* to 'read-only_user_name'@'%' identified by 'password';

    • If the collector will be installed on the same host as the database, type the following command:

      grant select on database_name.* to 'read-only_user_name' identified by 'password';

      This command gives the user read-only access to the database from the local host only.

    • If you know the host name or IP address of the host that the collector is will be installed on, type the following command:

      grant select on database_name.* to 'read-only_user_name'@'host_name or IP_address' identified by 'password';

      The host name must be resolvable by DNS or by the local hosts file.

  4. At the mysql prompt, type the following command:

    flush privileges;

  5. Type quit.

    The following is a list of example commands and confirmation messages:

    mysql> grant select on dbname.* to 'readonlyuser'@'%' identified 
    
    by 'pogo$23';
    Query OK, 0 rows affected (0.11 sec)
    mysql> flush privileges;
    Query OK, 0 rows affected (0.00 sec)
    mysql> quit