webmin>server>mysql>user permission should be set to none. Instead go to database permissions and set the user permissions there. That way the permissions are just for that database and not global. Logical really, just not obvious.
However, I would recommend that a database user is a standard user of the virtual website (which means they also get email, even if you don’t use it). Only those users get recreated in a virtualmin backup and restore. Plus you set the database password in the virtual server, edit database, password. Then that too gets recreated in backup/restore.