MySQL

How to Set Up a User with Data-Only Privileges

Set up a MySQL user with data-only privileges (SELECT, INSERT, UPDATE, DELETE) on Nobregas Panel. Perfect for web apps and CMS platforms.

3 min read 9 views Updated Mar 17, 2026
Also available in: English Deutsch Español Français Italiano Nederlands Português Română

Most web applications only need to read and write data — they never create tables, drop indexes, or manage stored procedures. By granting only SELECT, INSERT, UPDATE, and DELETE, you give your application exactly the permissions it needs and nothing more.

Why Data-Only Privileges Are Ideal for Applications

A standard web application performs four data operations:

  • SELECT — Read rows from tables (loading pages, fetching records).
  • INSERT — Add new rows (user registrations, form submissions).
  • UPDATE — Modify existing rows (editing profiles, updating settings).
  • DELETE — Remove rows (deleting posts, clearing sessions).

These four privileges cover virtually every query a CMS, e-commerce platform, or custom web app will ever run. Granting additional structure or admin privileges creates unnecessary risk.

Method 1: During User Creation

  1. Log in at mysql.nobregas.org.
  2. Go to Database Users > click Create User.
  3. Enter the username, password, and host.
  4. Select the target database from the Grant to Database dropdown.
  5. The Privileges section appears with ALL PRIVILEGES checked.
  6. Uncheck ALL PRIVILEGES to reveal individual checkboxes.
  7. Under Data, check: SELECT, INSERT, UPDATE, DELETE.
  8. Leave all Structure and Administration checkboxes unchecked.
  9. Click Create User.

Method 2: Via Manage (Existing User)

  1. Go to Database Users and click Manage on the user.
  2. In the Add Database Access section, select the database.
  3. Uncheck ALL PRIVILEGES.
  4. Check only SELECT, INSERT, UPDATE, DELETE.
  5. Click Add Grant.

Method 3: Downgrading an Existing Grant

If a user currently has ALL PRIVILEGES and you want to restrict to data-only:

  1. Click Manage on the user.
  2. Find the database in Current Grants and click Edit.
  3. Uncheck ALL PRIVILEGES.
  4. Check only SELECT, INSERT, UPDATE, DELETE.
  5. Click Save Changes.

What This User Can Do

Operation Example Query Allowed?
Read data SELECT * FROM users Yes
Add rows INSERT INTO orders (...) Yes
Edit rows UPDATE products SET price = 9.99 Yes
Remove rows DELETE FROM sessions WHERE expired = 1 Yes
Create table CREATE TABLE logs (...) No
Drop table DROP TABLE users No
Alter structure ALTER TABLE users ADD COLUMN age INT No

When to Use This Setup

  • WordPress, Joomla, Laravel, Django — These frameworks only need CRUD operations after initial setup.
  • E-commerce stores — WooCommerce, PrestaShop, and similar platforms.
  • Custom APIs — REST or GraphQL backends that read and write data.
  • Shared hosting environments — Limit blast radius if credentials leak.

Security Benefit

If an attacker gains access to a data-only user, they cannot:

  • Drop or truncate your tables.
  • Alter your table structure.
  • Create triggers or stored procedures.
  • Cause irreversible structural damage.

Your data may still be at risk, but your database schema stays intact — making recovery significantly easier.

Tagged: Nobregas panel data-only privileges CRUD user SELECT INSERT UPDATE DELETE MySQL application user limited privileges web app user

Was this article helpful?

Related Articles

How to Whitelist an IP Address for Remote MySQL Access

Whitelist an IP address for remote MySQL access on Nobregas Panel. Allow external servers and local machines to connect securely.

MySQL vs MariaDB: Key Differences You Need to Know

MySQL and MariaDB share the same roots but differ in performance, licensing, JSON handling, and storage engines. Learn which is right for your project.

How to Remove a Whitelisted IP Address

Remove a whitelisted IP address from the Nobregas MySQL Panel to revoke remote access. Keep your whitelist clean and your databases secure.

How to Navigate the Dashboard and Understand Your Plan Limits

Learn how to use the Nobregas MySQL Panel dashboard. Understand your stats cards, plan limits, feature availability, and recent activity at a glance.