Database User Privilege Model Checklist

halfbrain_logo512adminJune 18, 2026
15 lượt xem

Database User Privilege Model Checklist

Database users should have only the permissions they need. A website user usually does not need full root access. Weak privilege design increases damage if the application is compromised.

Core principle

Separate administration from application access. Root or admin users manage the database server. Application users should access only the required database with limited privileges.

Checklist

  1. List database users.
  2. Identify which user belongs to each application.
  3. Check grants for each application user.
  4. Remove unused database users.
  5. Avoid using root in application configs.
  6. Limit user access to the required database only.
  7. Rotate passwords for unknown or old users.
  8. Document which app uses which user.
  9. Test application after privilege changes.
  10. Review privileges after every migration.

Reusable lesson

Privilege thinking applies to Linux users, WordPress users, database users, API keys, cloud IAM and automation service accounts.

Checklist Type Security
Level Intermediate
Risk Level High Risk
Estimated Time 45–90 minutes

When to Use This Checklist

Use this checklist when hardening database access for WordPress, apps, APIs, dashboards or automation services.

Required Tools

Database admin access, application config, database CLI, user inventory, backup, password manager

Before You Start

Before changing grants, back up the database and know which application depends on each database user.

Structured Checklist Steps

  1. List database users.
  2. Map users to apps.
  3. Check grants.
  4. Remove unused users.
  5. Avoid root app usage.
  6. Limit database scope.
  7. Rotate old passwords.
  8. Document ownership.
  9. Test applications.
  10. Review after migration.

Verification Steps

  1. No application uses root unnecessarily.
  2. Each database user has a known purpose.
  3. Unused users are removed or disabled.
  4. Application still works after privilege review.
  5. Privilege map is documented.
See also  Basic Firewall Checklist for Ubuntu VPS

Rollback Plan

If privilege tightening breaks an application, restore only the minimum missing privilege instead of giving full global admin access.

Common Mistakes

  • Using root in wp-config.php.
  • One database user for every application.
  • No grant review.
  • Keeping users from old projects.
  • Granting global privileges unnecessarily.

Related Commands

mysql -u root -p
SELECT user,host FROM mysql.user;
SHOW GRANTS FOR 'db_user'@'localhost';
CREATE USER 'app_user'@'localhost' IDENTIFIED BY 'strong_password';
GRANT SELECT,INSERT,UPDATE,DELETE ON app_db.* TO 'app_user'@'localhost';
FLUSH PRIVILEGES;

Share:

Disclaimer: The guides, checklists, commands, and examples on HalfBrain.net are provided for educational and operational reference only. Server environments, hosting providers, software versions, security settings, and WordPress configurations can vary, so you should always review commands before running them on your own system. We do our best to keep the content accurate and useful, but we cannot guarantee that every command, configuration, or recommendation will fit every environment. Always back up your website, database, and server configuration before making changes. HalfBrain.net is not responsible for data loss, downtime, security incidents, misconfiguration, or other issues that may result from applying the information on this website. Use the material at your own discretion.

halfbrain_logo512
admin

HalfBrain.net is a practical field notebook for people who want to self-operate websites, VPS servers, Linux systems, Docker stacks, Nginx configurations, DNS records, SSL certificates, and AI automation workflows. Our goal is simple: turn messy infrastructure problems into clear, repeatable checklists, commands, and operating procedures. We focus on practical execution, not theory for theory’s sake.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related articles: