Level 8
Simply grant all privileges to the laravel user on the application's database.
Nov 11, 2014
8
Level 4
MySQL Database User GRANT permissions for Laravel?
I'm stuck deploying Laravel 4.2 to a CPanel installation. Using CPanel to make a database and user restricted to accessing the one database, I'm prompted to grant the user these permissions:
ALL PRIVILEGES
✓ ALTER
ALTER ROUTINE
✓ CREATE
CREATE ROUTINE
CREATE TEMPORARY TABLES
CREATE VIEW
✓ DELETE
✓ DROP
EVENT
EXECUTE
✓ INDEX
✓ INSERT
LOCK TABLES
REFERENCES
✓ SELECT
SHOW VIEW
TRIGGER
✓ UPDATE
I know I need to grant the user ALTER, CREATE, DELETE, DROP, INDEX, INSERT, SELECT, UPDATE ( as ✓ above) but should I give it other permissions? Do migrations and Eloquent need more than this? Or Less?
Level 20
For security reasons, i think you should only grant select, delete, update and insert to your app user in production.
Have another user who can do alter, create, drop and index when running migrations.
Yeah, 2 users, migrations are not always run in production everyday and this keeps more secure your database.
13 likes
Level 2
@uxweb This should be on official documentation. Thanks a lot.
1 like
Level 4
@uxweb - fantastic point. How do I configure a different database connection for Artisan CLI vs the HTTP app? I'm using Laravel 4.2
Level 20
Hey! @Glutnix, you can create a copy of the one you have and edit some params, something like:
// This is the default the app is going to use for insert, delete, update, select
'awsome' => array(
'driver' => 'mysql',
'host' => 'prod_server',
'port' => '3306',
'database' => 'prod_database',
'username' => 'app_user',
'password' => 'secret',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
// This is meant to be used only when migrations need to be executed
'migrate' => array(
'driver' => 'mysql',
'host' => 'prod_server',
'port' => '3306',
'database' => 'prod_database',
'username' => 'migrations_user',
'password' => 'secret',
'charset' => 'utf8',
'collation' => 'utf8_unicode_ci',
'prefix' => '',
),
As you can see both connections point to the same host and same database, but the username is different according to the security permissions granted to each one.
Now, when you are in artisan and want to migrate just do this:
php artisan migrate --database=migrate
That way will connect to the same server but with the user credentials that only let create, drop, alter, index.
For the general use of the app it will use the "awsome" connection if you set it to the default in your database.php configuration file as this:
'default' => 'awsome'
I know this is not the most elegant solution, but it will work without you to have to modify your connection credentials each time you want to run migrations on production server, you just have to add the --database=connection switch to the artisan migrate command.
Hope this helps! :)
8 likes
Level 4
That is perfect! Thanks so much @uxweb!
Level 20
My pleasure, glad i could help :)
Level 1
I know it has been 6 years, but this comment section still helped me. One additional thing that you will need: for Laravel 8 and maybe earlier versions, you will also need to grant REFERENCES to your migrations MySQL account.
4 likes
Please or to participate in this conversation.