I'm starting to do maintenance on a web based system my company is taking over. It's quite large (at least for our standards). The designers of the system have created a database with two users, one with only SELECT
privileges and the other also has UPDATE
, DELETE
and INSERT
privileges.
I was wondering why they would have done this. Are SELECT
statements faster when the user who executes them only has SELECT
privileges? If not, what other reasons are there to do something like this?
Note; I can't contact the original developers at this moment, I know that would be an easy way to get an answer....
EDIT: based on the answers I have some other questions. The web-application is the only application that uses the database. No one else connects to the database. The programmers (there were only two) have full control over what the connected user does. They have defended well against injections in the code. Isn't the solution with two users just making things more complicated? Is this kind of "security" really necessary?
To answer your question privileges do not influence performance. They do influence what you can do to the database. The only performance impact privileges have are the check to see if you have the require privilege for the operation. This is not (or trivially impacted) by other privileges available to the user.
It is clear the implementers followed (at least partially) least privilege principles. This is good security practice. Given you have two ids, I assume they are for applications. Applications only need to read the data should use the user id with only Select privileges. Other applications should use the other user id.
Individual users not using the application should have their own user id with appropriate privileges.
If you have users or applications which need to update data but should not be able to remove data I would use a user id with only SELECT, INSERT, and UPDATE privileges.
Probably the wanted to do what permissions are for: grant one user read access and the other write access.
it could simply be for data security at the database user level. one user type is read only the other allows modification.
I dont know if there's any reason to do this to get performance, but there might be a security reason. The select user would be optimal for front-end and normal searches, while the update, delete and insert user would be good for back-end.
The select user is better for the public in case of SQL injection vulnerabilities... Other than that i cant answer you.