Let MySQL users create databases, but allow access to only their own databases

Question

I want to have multiple a MySQL users to be able to issue commands like

CREATE DATABASE dbTest;

But I also want each of these users to be able to see and access only their own databases.

All I could find was how to either create the databases by a DBA and grant the privileges on this database to the specific user:

GRANT ALL PRIVILEGES ON dbTest.* TO 'user';

or grant privileges on all databases to a user:

GRANT ALL PRIVILEGES ON *.* TO 'user';

But neither is what I want, because it needs to scale and be secure.

Answer 1

You can use

GRANT ALL PRIVILEGES ON `testuser\_%` .  * TO 'testuser'@'%';

to grant the user testuser privileges on all databases with names beginning with testuser_.

EDIT: I'm not sure if this user is now also allowed to create databases.

Answer 2

Create a stored procedure that is defined by the admin user and invokes with the admin user privileges by using SQL SECURITY DEFINER. In the stored procedure,

• Create the database.
• Set the privileges on the database so only the current user has access.
• Execute FLUSH PRIVILEGES to reload the privileges from the grant tables.

Use USER() to get the current user login details.

Find out more about SQL SECURITY DEFINER.