# User Accounts and Privileges

## User Account Basics

- Restricting to specific databases
In order to limit the lena_stankoska@lena_stanoska_home user account to the rookery databse, we would have to do something like this:

```sql
GRANT SELECT ON rookery.* TO 'lena_stankoska'@;lena_stankoska_home';

SHOW GRANTS FOR 'lena_stankoska'@'lena_stankoska_home';
```

### Administrative User Accounts

Earlier, I mentioned that we need to create three administrative accounts for Lena to use in performing her duties as a database administrator from the localhost: admin_backup, admin_restore, and admin_import. These are common administrative user accounts that you may need to create and use. You'll use them in examples and exercises in Chapter 14 and Chapter 15. In this section, we'll create these administrative user accounts and loook at the privileges needed for them, as well as another one for granting privileges to other user accounts.


## User Account for Making Backups

The admin_backup user account will be used with the mysqldump utility to make backups of the rookery and birdwatchers databases. This is covered in Chapter 14. Just a few privileges are needed to accomplish these tasks:

- At a minimum, it will need the SELECT privilege to read our two databases. You should limit an administrative account to the databases it needs to backup. In particular, you should not let it have SELECT privileges for the mysql database, because that contains user passwords.
- To lock the tablees when making a backup, the LOCK TABLES privilieges is required. 
- If a database contains views and triggers, which we didn't cover in this book, the user account will need the SHOW VIEW and TRIGGER privileges, respectively.

### User Account for Restoring Backups

Although you could create one administrative user account for both making backups and restoring them, you might want to use separate user accounts for those tasks. The main reason is that the task of making backups is usually one handled by scripts that run automatically. But the task of restoring data is generally run manually and can overwrite or destroy data on a live server. You might not want the user account with those privileges to be the same one for which you use in a script containing its password. For our examples in this chapter, let's give the admin_restore@localhost user account the privileges needed for restoring data to our databases:

### User Account to Grant Privileges

## User Roles

# Backing up and Restoring Database

- mysqldump 
It's included with both servers and it costs you nothing. You probably already have it installed on your server. Best of all, it doesn't require you to shut down MySQL services to make a backup, although you might restrict access to the backup utility for better consistency of data. There are other backup utilities, some with a GUI and some that are more comprehensive. You can learn about other types of backups and tools in the book MySQL Troubleshooting. 

# Backing Up all databases

The simplest way to make a backup is to dump all of the databases with all of the tables and their data. You can do this easily with mysqldump. Try executing something like the following at the command line on your server, using the administrative user you created in Ch13.

```sql
mysqldump --user=admin_backup \
    --password --lock-all-tables
    --all-databases > /datal/backups/all-dbs.sql
```

```
When making backups of InnoDB or other transactional tables with mysqldump, it’s best to include the --single-transaction option. This will keep the data more consistent. It won’t change between the tables until the dump is finished. However, that option will cancel the --lock-tables option. This means that a backup of MyISAM tables in the same database could be inconsistent. You can avoid this po‐ tential problem by either using the same storage engine for all of the tables in a database, or making separate backups of InnoDB tables and MyISAM tables.
``` 

Then you can attempt to merge the old and new data together. Depending on the situation, you might be able to do this by changing the INSERT . to a REPLACE statement. Another method would be to remove the DROP TABLE statement and change the anme of CREATE TABLE statement that follows to create a new table name. We'll cover such techniques later in this chapter in ~/

 The IF EXISTS option ensures that a restore will drop the table only if it exist. If this statement was omitted, a restore would probably try to run the statement when the table didn't exist, and thus generate an error that could abort the restore.
 
After the DROP TABLE statement, there are more conditional SQL statements for variables related to the table and the client. These are followed by the CREATE TABLE statement, which matches the results of a SHOW CREATE TABLE statement for the table. This section ends by returning the variable changed to its previous setting.

Now the bird_families table is ready for the data. The nex set of entries in the dump file are:

After the comment appears a LOCK TABLES statement to lock the bird_families table. It includes the WRITE option so that the data in the table cannot be changed during the restoration of the table. Users can't read the table either. Another thought may have occurred to you noew: mysqldump is write-locking tables one at a time, as needed. That may be what you want, making other tables available for reading and writing when they're not being dumped. However, this may cause a problem with the consistency of the data.

For example, suppose during backup is at the ping where is has preserved the contents of the humans table but not the bird_sightings table in the birdwatchers databse. At this poiint, you decided to delete someone from the humans table along with entries in the bird_sightings table. If you were later to restore the entire birdwatchers database, you would have an entries in the bird_sightings table for a person who isn't listed in the humans table.

If a database isn't very active, the previous scenario is unlikely. However, if you want to be assured of the consistency of your data, when executing the mysqldump utility, you could add the --lock-tables option. This locks all tables in a database before backing it up, and leaves them locked until the backup of the database is completed.