Managing users and their permissions is an integral part of MySQL database administration. Properly creating user accounts and assigning privileges ensures both security and efficient operations. In this guide, I’ll walk you through creating users in MySQL, granting privileges, and following best practices to safeguard your database.
Step 1: Connecting to the MySQL Server
First, connect to your MySQL server using an account with administrative privileges, such as root
.
mysql -u root -p
You’ll be prompted to enter the root user’s password to access the MySQL command-line interface.
Step 2: Creating a New User
The CREATE USER
statement is used to create a new MySQL user. Here’s the syntax:
CREATE USER 'username'@'host' IDENTIFIED BY 'password';
'username'
: The name of the new user.'host'
: The host from which the user can connect (e.g.,'localhost'
for local connections or'%'
for any host).'password'
: A strong password for the new user.
Example:
CREATE USER 'john'@'localhost' IDENTIFIED BY 'SecurePass123!';
Step 3: Granting Privileges to the User
After creating the user, assign privileges with the GRANT
statement. The syntax is as follows:
GRANT privilege_type ON database_name.table_name TO 'username'@'host';
privilege_type
: The type of permission to grant (e.g.,SELECT
,INSERT
,UPDATE
,ALL PRIVILEGES
).database_name.table_name
: The database and table the privileges apply to. Use*.*
for all databases and tables.
Examples
Grant all privileges on all databases and tables:
GRANT ALL PRIVILEGES ON *.* TO 'john'@'localhost';
Grant specific privileges on a single database:
GRANT SELECT, INSERT ON sales_db.* TO 'john'@'localhost';
Apply changes immediately:
FLUSH PRIVILEGES;
Step 4: Verifying User Privileges
To check what privileges have been granted to a user, use the SHOW GRANTS
command:
SHOW GRANTS FOR 'username'@'host';
Example:
mysql> SHOW GRANTS FOR 'john'@'localhost';
+-------------------------------------------------------------+
| Grants for john@localhost |
+-------------------------------------------------------------+
| GRANT SELECT, INSERT ON sales_db.* TO 'john'@'localhost' |
+-------------------------------------------------------------+
This output lists all permissions for the specified user.
Step 5: Revoking Privileges
If you need to remove privileges from a user, use the REVOKE
statement:
REVOKE privilege_type ON database_name.table_name FROM 'username'@'host';
Example: Revoke the INSERT
privilege on sales_db
:
REVOKE INSERT ON sales_db.* FROM 'john'@'localhost';
Step 6: Deleting a User
To remove a user account entirely, use the DROP USER
statement:
DROP USER 'username'@'host';
Example:
DROP USER 'john'@'localhost';
Download Examples
Best Practices for Managing MySQL Users
- Use Strong Passwords: Ensure all user accounts have unique, strong passwords to prevent unauthorized access.
- Grant Minimal Privileges: Follow the principle of least privilege by assigning only the permissions necessary for each user’s role.
- Regularly Audit Users: Periodically review user accounts and their privileges with the
SHOW GRANTS
command. - Monitor Connections: Use MySQL logs to track login attempts and detect unauthorized access.
Reference Links
- MySQL 8.0 Documentation: CREATE USER Syntax
- MySQL 8.0 Documentation: GRANT Syntax
- MySQL 8.0 Documentation: SHOW GRANTS Syntax
- MySQL 8.0 Documentation: REVOKE Syntax
- MySQL 8.0 Documentation: DROP USER Syntax