# Simple users of the application (aka customers) CREATE USER 'user'@'localhost' IDENTIFIED BY 'userPasswd'; CREATE USER 'user'@'%' IDENTIFIED BY 'userPasswd'; # Users can access, add and update rows for all the tables GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'localhost'; GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'%'; # except the columns that indicate whether a restaurant/food/drink/diet is approved or not REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'localhost'; REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'%'; REVOKE SELECT, INSERT, UPDATE (food_is_approved) ON flavours_without_borders.food FROM 'user'@'localhost'; REVOKE SELECT, INSERT, UPDATE (food_is_approved) ON flavours_without_borders.food FROM 'user'@'%'; REVOKE SELECT, INSERT, UPDATE (drink_is_approved) ON flavours_without_borders.drink FROM 'user'@'localhost'; REVOKE SELECT, INSERT, UPDATE (drink_is_approved) ON flavours_without_borders.drink FROM 'user'@'%'; REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'localhost'; REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'%'; # Moderators CREATE USER 'moderator'@'localhost' IDENTIFIED BY 'moderatorPasswd'; CREATE USER 'moderator'@'%' IDENTIFIED BY 'moderatorPasswd'; # Mods have elevated privileges GRANT SELECT, INSERT, UPDATE, DELETE ON flavours_without_borders.* TO 'moderator'@'localhost'; GRANT SELECT, INSERT, UPDATE, DELETE ON flavours_without_borders.* TO 'moderator'@'%'; # Owners of restaurants or other stuff (cooks etc.) CREATE USER 'owner'@'localhost' IDENTIFIED BY 'ownerPasswd'; CREATE USER 'owner'@'%' IDENTIFIED BY 'ownerPasswd'; # Owners can access, add and update rows for all the tables GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'localhost'; GRANT SELECT, INSERT, UPDATE ON flavours_without_borders.* TO 'user'@'%'; # except the columns that indicate whether a restaurant/diet is approved or not REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'localhost'; REVOKE SELECT, INSERT, UPDATE (restaurant_is_approved) ON flavours_without_borders.restaurant FROM 'user'@'%'; REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'localhost'; REVOKE SELECT, INSERT, UPDATE (diet_is_approved) ON flavours_without_borders.diet FROM 'user'@'%'; # They can however view and alter the columns that indicate whether a food/drink is approved or not!