I want to have a MySQL user that will only able to create a new user+database(+password) combinations - without being the mysql root user for obvious security concerns.
My idea is to have a secure user (INSERT
privileges only) that will modify the mysql
table directly, but I don't know if there are consequences.
To be clear, I want to create a user that will only be able to generate users+database+password combinations using an automated script that will run using that user. I want that user to operate on the least permissions as possible.
What are my other options?
You can do it using the normal GRANT system in MySQL. But the user you're using will need all the same access they're trying to GRANT. You can only do GRANTs with the same permissions or less than your current user.
Don't start messing around with the system tables, it's not necessary.