A MySQL database has a default, root user that is able to do anything on the server and to the databases created on the server. This includes dropping (deleting) entire databases.
In this tutorial:
Required knowledge:
SELECT users
You can see the users on a MySQL server at any time using the statement:
SELECT user FROM mysql.user;
CREATE USER
The basic syntax is as follows:
CREATE USER [IF NOT EXISTS] 'username'@'hostname' IDENTIFIED BY 'password';
The hostname is the name of the host from which the user connects to the MySQL Server. If left blank, the user can connect from any host.
IF NOT EXISTS is optional and self-explanatory.
Example: CREATE USER IF NOT EXISTS 'eric'@'localhost' IDENTIFIED BY 'halfab33';
If the username and hostname contains special characters, such as spaces or hyphens, you need to enclose the username and hostname separately in quotes.
GRANT
You can grant privileges to a user for all databases on the server, one database, or only certain tables in a database.
The basic syntax is as follows:
GRANT PRIVILEGE ON database.table TO 'username'@'host';
Example:
GRANT CREATE ON testdb.countries TO 'eric'@'localhost';
GRANT CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES, RELOAD ON *.* TO 'eric@'localhost' WITH GRANT OPTION;
One, or a comma-separated list, of privileges can be specified from CREATE, ALTER, DROP, INSERT, UPDATE, DELETE, SELECT, REFERENCES, RELOAD.
Or you can be brave and make the user “Superman”!
GRANT ALL PRIVILEGES ON *.* TO 'eric'@'localhost' WITH GRANT OPTION;
Giving only the minimum privileges necessary to a user is always best.
FLUSH PRIVILEGES
FLUSH PRIVILEGES;
Re-reads the privileges from the grant tables in the mysql system schema. As part of this operation, the server reads the global_grants table containing dynamic privilege assignments and registers any unregistered privileges found there.
SHOW
SHOW GRANTS FOR 'username'@'host';
REVOKE
Remove privileges from a user:
REVOKE type_of_permission ON database_name.table_name FROM 'username'@'host';
DROP USER
The basic syntax is as follows:
DROP USER 'username'@'localhost';
Example: DROP USER 'eric'@'localhost';
MySQL Workbench GUI
MySQL Workbench offers the convenience of a GUI to perform all these tasks: [2]
- Select Users and Privileges
- The Users and Privileges tab opens
- Select a user
- View the Details for the selected user’s account
- Click Add Account to add a new user
- Delete the selected user account
- Apply changes if made
References:
- Sverdlov, E. (2024) How To Create a New User and Grant Permissions in MySQL, DigitalOcean. DigitalOcean. Available at: https://www.digitalocean.com/community/tutorials/how-to-create-a-new-user-and-grant-permissions-in-mysql (Accessed: 8 June 2024).
- Dot Net Tutorials Rout, P. (2021) Create new user using MySQL Workbench. Available at: https://dotnettutorials.net/lesson/create-new-user-using-mysql-workbench/ (Accessed: 9 June 2024).
- MySQL Tutorial. (2023) Revoking Privileges from Users Using MySQL REVOKE. Available at: https://www.mysqltutorial.org/mysql-administration/mysql-revoke/ (Accessed: 9 June 2024).
- MySQL 8.4 Reference Manual. (no date) 15.7.8.3 FLUSH Statement. Available at: https://dev.mysql.com/doc/refman/8.4/en/flush.html (Accessed: 9 June 2024).
- MySQL Tutorial. (2023) How to Change MySQL User Password. Available at: https://www.mysqltutorial.org/mysql-administration/change-mysql-user-password/ (Accessed: 18 June 2024).