A database user’s privileges determine what it’s allowed to do — read data, change it, delete tables, and so on. Setting these correctly matters both for your application to work and for security. Here’s how to manage MySQL user privileges in cPanel.
Why privileges exist
Not every part of an application needs full control over the database. Privileges let you grant exactly what’s needed and nothing more. For most web apps like WordPress, the connecting user needs broad access, but the principle of granting the minimum necessary is a sound security habit, especially for custom setups.
Viewing and setting privileges
- In cPanel, open MySQL Databases.
- Scroll to the Current Databases section, where each database lists its assigned users.
- Click a username next to a database to open the privileges screen.
- Tick the privileges you want to grant, then save.
What the common privileges mean
- SELECT: read data. Needed to display content.
- INSERT: add new rows.
- UPDATE: change existing rows.
- DELETE: remove rows.
- CREATE / ALTER / DROP: create, modify or delete whole tables — powerful, used during installs and updates.
- ALL PRIVILEGES: everything above. This is what most web apps need to function fully.
The practical default for web apps
Applications like WordPress genuinely need broad privileges — they create tables during installation, alter them during updates, and read and write constantly. For these, granting ALL PRIVILEGES on their own database is the correct, expected setup. The security comes from each app having its own dedicated database and user, so a problem in one is contained.
The security principle: one app, one user, one database
The most important security practice isn’t withholding privileges from a legitimate app — it’s isolation. Give each application its own database and its own user. That way, if one application is ever compromised, the attacker can only reach that one database, not everything you host. Sharing a single powerful user across many apps is the risk to avoid.
Troubleshooting privilege problems
If an app reports it can’t connect or can’t write, missing privileges are a common cause — often after a migration where the user got recreated but not fully re-linked to the database. Reassign the user to the database with ALL PRIVILEGES and the problem usually clears. Our guide on the “error establishing a database connection” covers this in more depth.
For most people, “one app, one database, one user with all privileges on it” is all you need to remember. If you’re building something more complex and want to lock privileges down precisely, we’re happy to advise.