|
Creating a Controluser
The following example assumes you want to use pma as the controluser and pmapass as the controlpass, but this is only an example: use something else in your file! Input these statements from the phpmyadmin SQL Query window or mysql command line client. Of course you have to replace localhost with the webserver's host if it's not the same as the MySQL server's one.
Then verify the user creation by issuing the following command.
|
Next, grant permissions to user pma created previously.
GRANT USAGE ON mysql.* TO 'pma'@'localhost' IDENTIFIED BY 'pmapass';
Then, grant the query permissions.
GRANT SELECT (
Host, User, Select_priv, Insert_priv, Update_priv, Delete_priv,
Create_priv, Drop_priv, Reload_priv, Shutdown_priv, Process_priv,
File_priv, Grant_priv, References_priv, Index_priv, Alter_priv,
Show_db_priv, Super_priv, Create_tmp_table_priv, Lock_tables_priv,
Execute_priv, Repl_slave_priv, Repl_client_priv
) ON mysql.user TO 'pma'@'localhost';
The following steps are more on the MySQL permission assignments.
GRANT SELECT ON mysql.db TO 'pma'@'localhost';
GRANT SELECT ON mysql.host TO 'pma'@'localhost';
GRANT SELECT (Host, Db, User, Table_name, Table_priv, Column_priv)
ON mysql.tables_priv TO 'pma'@'localhost';
If you want to use the many new relation and bookmark features issue the following MySQL command.
GRANT SELECT, INSERT, UPDATE, DELETE ON <pma_db>.* TO 'pma'@'localhost';
This of course requires that your phpmyadmin configuration storage be set up first.
Then each of the true users should be granted a set of privileges on a set of particular databases. Normally you shouldn't give global privileges to an ordinary user, unless you understand the impact of those privileges (for example, you are creating a superuser).
For example, to grant the user real_user with all privileges on the database user_base you can issue the following command.
GRANT ALL PRIVILEGES ON user_base.* TO 'real_user'@localhost IDENTIFIED BY 'real_password';
What the user may now do is controlled entirely by the MySQL user management system. With http or cookie authentication mode, you don't need to fill the user/password fields inside the $cfg['Servers'] array.