There are many reasons why you usually wouldn't allow a user to access or even process a raw query directly within a web app - even administrators. Recently I had a need to do just this. In my particular case, my need for accessing the database directly was for ease of use of creating and saving reports. This allowed those who know a little SQL to write there own reports with some 'magic' tools to automatically replace up to four placeholder values with input variables. No sensitive information is stored in this particular database, or at least, no sensitive information that an administrator of my app should not be able to access... this simplifies permissions for me. I opted to create a single MySQL read only user for this purpose. This at least stops someone from accidentally truncating a table or being tempted to insert and delete records directly (me included).