access denied for load data infile in MySQL
Master System Design with Codemia
Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.
Introduction
LOAD DATA INFILE is one of the fastest ways to import large CSV files into MySQL, but it is also tightly controlled for security. Access denied errors usually come from privilege, file-path policy, or local-infile settings rather than SQL syntax. The fastest fix is identifying import mode first, then validating server and client permissions in sequence.
Understand Server Mode Versus Local Mode
MySQL supports two related commands with different trust boundaries:
- '
LOAD DATA INFILE, where MySQL server reads a file from server filesystem.' - '
LOAD DATA LOCAL INFILE, where client uploads a local file to server.'
Server-side example:
Client-local example:
Using a client path with server mode is a common reason for immediate access errors.
Check Privileges for Server-Side Import
For LOAD DATA INFILE, user often needs global FILE privilege.
If missing and policy allows:
Use least privilege. In shared environments, broad FILE grants may not be acceptable.
Validate secure_file_priv
Many installations restrict server-readable import directory.
If value points to a directory, file must be placed there for server-side mode. Example path is often /var/lib/mysql-files/.
Ignoring this setting causes repeated access denied errors even with correct SQL command.
Enable Local Infile When Using Client Upload Mode
For LOCAL INFILE, both client and server settings may block operation.
Client CLI:
Server variable check:
If server disables it, update configuration according to your security policy.
Confirm OS-Level File Access and Format
Even with database privileges, import can fail if file permissions or format are wrong.
Useful checks:
Validate:
- Correct delimiter and quote format.
- Expected line endings.
- Character encoding alignment with table collation.
Format issues can surface as confusing import errors.
Safer Production Workflow
For high-impact tables, load into staging first.
Then run validation queries and merge into final table with controlled SQL. This reduces risk of partial bad imports in core tables.
Troubleshooting Order That Works
Use this sequence to reduce guesswork:
- Confirm command mode and file location alignment.
- Check grants for
FILEwhen using server-side mode. - Check
secure_file_privdirectory policy. - Check
local_infilesettings for local mode. - Verify filesystem permissions and file format.
- Review MySQL error log for specific denial details.
A structured order usually resolves issue faster than random config changes.
Common Pitfalls
- Using server-side
INFILEwith a client path. Fix by placing file on server allowed directory or switching toLOCALmode. - Assuming table privileges are enough for file import. Fix by checking
FILEprivilege requirements. - Ignoring
secure_file_privrestrictions. Fix by importing from permitted directory. - Enabling
LOCAL INFILEeverywhere without controls. Fix by applying policy-driven enablement and auditing. - Skipping file format validation before import. Fix by checking delimiter, line endings, and encoding first.
Summary
- Access denied errors for
LOAD DATA INFILEare usually policy or permission related. - Distinguish server-side and local-infile workflows before troubleshooting.
- Validate grants,
secure_file_priv, andlocal_infilein order. - Check filesystem permissions and CSV format details.
- Use staging imports and least privilege for safer bulk-load operations.

