circle-info
Webinar | The Great Database Exodus: Navigating Strategic Risk in the Post-Oracle MySQL Era
Register Nowarrow-up-right
search
Download MariaDBContact Us

System Users, Roles, Privileges

circle-exclamation

The PUBLIC role is created implicitly by GRANT statements and its creation is not logged, distinguishing it from standard system principals.

MariaDB automatically creates several users and roles for administrative and internal server functions.

hashtag
System Users

These user accounts are created by the mariadb-install-db script during the initial server setup.

hashtag
root@localhost

Creation

Created automatically by mariadb-install-db.

Purpose

Serves as the primary administrative account for initial server setup and management.

Management

It is highly recommended to secure this account immediately after installation. Standard security practices include setting a strong password, renaming the account, or removing it entirely in favor of other named administrative accounts.

hashtag
mariadb-sys@localhost

Creation

Created automatically by mariadb-install-db.

Purpose

A mandatory system user required for internal server operations, such as executing scheduled events.

Management

This user account is essential for server functionality and is protected;

it cannot be dropped.

hashtag
System Roles

These roles are built into the server and have special behaviors.

hashtag
The PUBLIC Role

The PUBLIC role is a special, built-in concept that represents every user on the server.

hashtag
Creation

The PUBLIC role is created implicitly by the server the first time a GRANT ... TO PUBLIC statement is executed. It is not created with CREATE ROLE.

hashtag
Purpose

It provides a convenient way to grant privileges server-wide without having to grant them to each user individually. Privileges granted to PUBLIC are inherited by all existing and future users.

hashtag
Management & Security:

  • Because the PUBLIC role is created implicitly, its creation is not written to the audit log or binary log as a standard DDL event. This is a critical detail for security auditing.

  • The PUBLIC role cannot be explicitly dropped with DROP ROLE.

  • To audit the privileges that apply to all users, you must check the grants for PUBLIC directly.

hashtag
Syntax Examples:

PreviousRoles OverviewNextAccount Locking

Last updated

Was this helpful?