That's a great idea (& one I was aware of - thanks) but that doesn't answer my question :-)

Unless you are implying that my assumption was correct (ie DELETE, INSERT, SELECT, and UPDATE
).

On 2/5/25 18:37, Reindl Harald (privat) wrote:
you can specifiy even two users to seperate read-only and writes

$rcmail_config['db_dsnw']                      = 'mysqli://roundcube_rw:*****@127.0.0.1:3306/roundcube_db';
$rcmail_config['db_dsnr']                      = 'mysqli://roundcube_ro:*****@127.0.0.1:3306/roundcube_db';

Am 02.05.25 um 10:00 schrieb Matthew J Black:
Hi All,

I am enquiring as to the *minimum* privileges required by the RoundCube user to access the backend SQL (MariaDB) Server.

Yes, I am aware that the Wiki says (on the Installation page) to use `GRANT ALL PRIVILEGES`, as do all of the On-Line Tutorials scattered across the Web. However, that is a *massive* security hole, especially if the backend server is *not* the same as the web server hosting RoundCube. Surely, for example, the RoundCube User does *not* need the ability to create other users or tables, drop the backend database, or grant privileges to other users.

Thus, I am enquiring what *are* the *minimum* privileges required?

I am going to assume - and please correct me if I am wrong - that the *required* privileges are:

  * DELETE, INSERT, SELECT, and UPDATE

If this information is available on-line, could someone please point me in the correct direction - if not, could one of the devs and/or one of the experienced RoundCube users please let me know this information - thank you.
--
PEREGRINE I.T. Pty Ltd Signature

==================================================

Matthew J BLACK
  M.Inf.Tech.(Data Comms)
  MBA
  B.Sc.
  MACS (Snr), CP, IP3P

When you want it done right – the first time!
Phone: +61 4 0411 0089
Email: matthew@peregrineit.net
Web: www.peregrineit.net

View Matthew J BLACK’s profile on LinkedIn

This Email is intended only for the addressee. Its use is limited to that intended by the author at the time and it is not to be distributed without the author’s consent. You must not use or disclose the contents of this Email, or add the sender’s Email address to any database, list, or mailing list unless you are expressly authorised to do so. Unless otherwise stated, PEREGRINE I.T. Pty Ltd accepts no liability for the contents of this Email except where subsequently confirmed in writing. The opinions expressed in this Email are those of the author and do not necessarily represent the views of PEREGRINE I.T. Pty Ltd. This Email is confidential and may be subject to a claim of legal privilege.

If you have received this Email in error, please notify the author and delete this message immediately.