If you use MySQL or Microsoft SQL Server, you can manage permissions for database users through the Plesk UI, such as the permissions to perform operations on table structure and data.
For MySQL these permissions are Select, Insert, Create, Drop and so on, and for Microsoft SQL Server these permissions are database-level roles such as db_ddladmin, db_datawriter, and so on.
To help you assign permissions, Plesk uses templates of permission sets called roles. On creation, each database user account is granted the default set of permissions. This set of permissions corresponds to the Read and Write role.
Other supported roles are Read Only and Write Only. In addition, MySQL allows the Custom role with user-defined sets of privileges.
To modify the permissions of a MySQL database user:
1. Go to Websites & Domains > Databases > User Management and click the database user name.
By default, newly created database users have the Read and Write role. You can view and change the privileges included in this role.
2. To allow read access or write access only, select the corresponding role (Read Only or Write Only).
3. To add or remove privileges from the role already selected for the user, select or clear the corresponding checkboxes (Select, Insert, Update, and so on).
Note that if you modify the set of privileges, the role becomes Custom.
To modify the permissions of a SQL Server database user:
1. Go to Websites & Domains > Databases > User Management and click the database user name.
By default, newly created database users have the Read and Write role.
2. To allow read access or write access only, select the corresponding role (Read Only or Write Only).
The default sets of permissions on Microsoft SQL Server are the following:
Permission | Read and Write | Read Only | Write Only |
db_backupoperator | ➕ | ➕ | ➕ |
db_datareader | ➕ | ➕ | ➖ |
db_datawriter | ➕ | ➖ | ➕ |
db_ddladmin | ➕ | ➖ | ➕ |
Automatic Changes in User Roles
The hosting provider can add or remove permissions that are granted with different roles.
On MySQL, these modifications do not affect permissions of existing database users. The only thing that changes is their role in Plesk – it will change to Custom because their permissions no longer correspond to their previous role (Read and Write, Read Only, or Write Only).
On Microsoft SQL Server, permissions (database-level roles) of existing users are changed in accordance with the changes made by the hosting provider.
The hosting provider can permanently deny some permissions for all MySQL database users, for example, the permission to delete objects. In this case, this permission is not displayed in Plesk.
On Microsoft SQL Server, if the permission is excluded from all Plesk roles, it is denied for all users.