Question
I have a website and a mysql db with 5 tables. One of them includes around 500 user emails. I am outsourcing the development of new features and I would like to block the access to the developer to the table that includes the user emails. The developer will have access to the whole database because he needs to add new tables, but I would like to stop him from accessing the user emails table.
Is there any way to do it?
Solution
MySQL has GRANT/REVOKE statements to limit the access right to some tables based on the user that is connected.
You will probably have to create a new user in your DB an REVOKE the unnecessary rights on the table(s) you want to lock for that user.
Here is the full list of privileges supported by MySQL: http://dev.mysql.com/doc/refman/5.0/en/grant.html#grant-privileges
OTHER TIPS
use REVOKE Priveleges to that user http://dev.mysql.com/doc/refman/5.0/en/revoke.html
https://stackoverflow.com/questions/18144824
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianREVOKE ALL PRIVILEGES ON db.emails FROM 'user'@'host';
I think there isn't a way you can restrict user to access some tables but you can restrict him to use only insert and update commands and not select command
CREATE USER 'test_user'@'localhost' IDENTIFIED BY 'password';
GRANT INSERT, UPDATE ON `secure_login`.* TO 'test_user'@'localhost';
My advice is to copy your application to a development environment, replacing the emails with loremipsum. This is the professional (and only reliable) way of fixing this problem. It also allows scaling.
Otherwise, just get over it and make sure you have a strict non-disclosure agreement.
