A MySQL role is a named collection of privileges. Like user accounts, roles can have privileges granted to and revoked from them. A user account can be granted roles, which grants to the account the role privileges. Earlier, you created separate users for reads, writes, and administration. For write privilege, you have granted INSERT, DELETE, and UPDATE to the user. Instead, you can grant those privileges to a role and then assign the user to that role. By this way, you can avoid granting privileges individually to possibly many user accounts.
- Creating roles:
mysql> CREATE ROLE 'app_read_only', 'app_writes', 'app_developer';Query OK, 0 rows affected (0.01 sec)
- Assigning privileges to the roles using the GRANT ...