MySQL is the most popular open-source relational database management system. MySQL server allows us to create numerous user accounts and grant appropriate privileges so that the users can access and manage databases.
This tutorial describes how to create MySQL user accounts and grant privileges.
Before you Begin
We are assuming that you already have MySQL or MariaDB server installed on your system.
All commands are executed inside the MySQL shell as root or administrative user. The minimum privileges required to create user accounts and define their privileges are CREATE USER
and GRANT
.
To access the MySQL shell type the following command and enter your MySQL root user password when prompted:
mysql -u root -p
If you haven’t set a password for your MySQL root user, you can omit the -p
switch.
Create a new MySQL User Account
A user account in MySQL consists of a user name and hostname parts.
To create a new MySQL user account, run the following command:
CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'user_password';
newuser
with your intended new user name, and placeholder value user_password
with the user password.In the command above the hostname, part is set to localhost
, which means that the user will be able to connect to the MySQL server only from the localhost (i.e from the system where MySQL Server runs).
To grant access from another host, change the hostname part (localhost
) with the remote machine IP. For example, to grant access from a machine with IP 10.8.0.5
you would run:
CREATE USER 'newuser'@'10.8.0.5' IDENTIFIED BY 'user_password';
To create a user that can connect from any host, use the '%'
wildcard as a host part:
CREATE USER 'newuser'@'%' IDENTIFIED BY 'user_password';
Grant Privileges to a MySQL User Account
There are multiple types of privileges that can be granted to a user account. You can find a full list of privileges supported by MySQL here.
The most commonly used privileges are:
ALL PRIVILEGES
– Grants all privileges to a user account.CREATE
– The user account is allowed to create databases and tables.DROP
- The user account is allowed to drop databases and tables.DELETE
- The user account is allowed to delete rows from a specific table.INSERT
- The user account is allowed to insert rows into a specific table.SELECT
– The user account is allowed to read a database.UPDATE
- The user account is allowed to update table rows.
To grant specific privileges to a user account, you can use the following syntax:
GRANT permission1, permission2 ON database_name.table_name TO 'database_user'@'localhost';
Here are some examples:
Grand all privileges to a user account over a specific database:
GRANT ALL PRIVILEGES ON database_name.* TO 'database_user'@'localhost';
Grand all privileges to a user account on all databases:
GRANT ALL PRIVILEGES ON *.* TO 'database_user'@'localhost';
Grand all privileges to a user account over a specific table from a database:
GRANT ALL PRIVILEGES ON database_name.table_name TO 'database_user'@'localhost';
Grant multiple privileges to a user account over a specific database:
GRANT SELECT, INSERT, DELETE ON database_name.* TO database_user@'localhost';
Display MySQL User Account Privileges
To find the privilege(s) granted to a specific MySQL user account, use the SHOW
GRANTS
statement:
SHOW GRANTS FOR 'database_user'@'localhost';
+---------------------------------------------------------------------------+
| Grants for database_user@localhost |
+---------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'database_user'@'localhost' |
| GRANT ALL PRIVILEGES ON `database_name`.* TO 'database_user'@'localhost' |
+---------------------------------------------------------------------------+
2 rows in set (0.00 sec)
Revoke Privileges from a MySQL User Account
The syntax to revoke one or more privileges from a user account is almost identical as when granting privileges.
For example, to revoke all privileges from a user account over a specific database, use the following command:
REVOKE ALL PRIVILEGES ON database_name.* FROM 'database_user'@'localhost';
Remove an Existing MySQL User Account
To delete a MySQL user account use the DROP USER
statement:
DROP USER 'user'@'localhost'
The command above will remove the user account and its privileges.
Conclusion
This tutorial covers only the basics, but it should be a good starting for anyone who wants to learn how to create new MySQL user accounts and grant privileges.
0 Comments
CAN FEEDBACK
Emoji