Understanding MariaDB Permissions: Can a User Really Install Plugins?

2. (insert_priv='y') or (delete_priv='y') or (insert_priv='y' and delete_priv='y'): This condition filters the results based on user privileges. It checks for three scenarios:

   • (insert_priv='y'): This checks if the user has the INSERT privilege on the mysql database.

In essence, this code retrieves a list of users and their hostnames (machines they can connect from) who have either INSERT or DELETE privileges on the mysql database. These privileges wouldn't necessarily grant the ability to install plugins, though they do indicate a level of permission on the database.

REVOKE INSERT, DELETE ON mysql.* FROM username@hostname;

This code revokes both INSERT and DELETE privileges on the entire mysql database from a specific user (username) connecting from a specific host (hostname). Remember to replace username and hostname with the actual values for the user you want to restrict.

Granting a user with limited privileges:

GRANT SELECT, SHOW ON *.* TO restricted_user@localhost;

This code creates a user named restricted_user who can only connect from localhost (the same machine where MariaDB is running) and has limited privileges. It grants them only the ability to SELECT data and view the database structure using SHOW statements. This effectively restricts them from installing plugins as they lack the necessary permissions.

Important Note:

• Be cautious when revoking privileges, especially on administrative accounts. Ensure you understand the impact on user functionality before making changes.

1. Using MariaDB plugin management tools:

2. Modifying the server configuration file:

3. File system permissions:

4. Using a security context (OS-level):