Look at the Database Layer

When you create a database table, you are doing under the alias you assume when logging in to the db client program. This alias the hold ALL permissions for the dattabase, table, and whatever you create.

All permissions include all privileges, ie

Please refer to the mysql documentation, particularly figure 6.2 for full scope of ALL.

That is a hell of a lot of permissions for programs that really just need to have select permission in order to display some content. What do we do about that?

Just to remind you, once rights are granted, they can only be taken away by the revoke declaration such as in

revoke insert on table17 from nobody;

In this way, and only in this way, you can be sure that even if you have security breaches in your authentication, the database is vulnetrable only as far as the programs' permissions.