Introduction

MySQL is a database application for Linux and part of the popular LAMP stack (Linux, Apache, MySQL, PHP). A MySQL installation includes options of managing through a root user or specific user accounts.

For security reasons, it is generally better to create and handle data as specific users.

In this tutorial, learn how to create new MySQL user accounts and managing their permissions and privileges.

create mysql user accounts and grant privileges

Prerequisites

  • A Linux server with MySQL or MariaDB installed and running
  • Access to the MySQL root user credentials
  • Access to a terminal window/command line (Ctrl-Alt-T / Ctrl-Alt-F2)

How to Create a New MySQL User Account

1. Before you can create a new MySQL user, you need to open a terminal window and launch the MySQL shell as the root user. To do so, enter the following command:

sudo mysql –u root –p

2. Type in the root password for this account and press Enter.

entering root password on MySQL

The prompt should change to show that you are in the mysql> shell.

3 . Next, create a new MySQL user with:

CREATE USER username IDENTIFIED BY password;

Replace username and password with a username and password of your choice.

Alternatively, you can set up a user by specifying the machine hosting the database.

  • If you are working on the machine with MySQL, use username@localhost to define the user.
  • If you are connecting remotely, use username@ip_address, and replace ip_address with the actual address of the remote system hosting MySQL.

Therefore the command will be:

CREATE USER ‘username’@’localhost’ IDENTIFIED BY ‘password’;

or

CREATE USER ‘username’@’ip_address’ IDENTIFIED BY ‘password’;

Lastly, you can also create a user that can connect from any machine with the command:

CREATE USER ‘username’@’%’ IDENTIFIED BY ‘password’;

Note: Make sure you use a strong and complex password, especially if you are setting up a user who can connect from any machine.


How to Grant Permissions in MySQL

Before logging in with a new account, make sure you have set the permissions for the user.

Permissions are actions that the user is allowed to perform in the database. Depending on how much authority you want your user to have, you can grant them one, several or all of the following privileges:

  • All Privileges: The user account has full access to the database
  • Insert: The user can insert rows into tables
  • Delete:The user can remove rows from tables
  • Create: The user can create entirely new tables and databases
  • Drop: The user can drop (remove) entire tables and databases
  • Select: The user gets access to the select command, to read information in the databases
  • Update: The user can update table rows
  • Grant Option: The user can modify other user account privileges

The basic syntax used to grant privileges to a user account is:

GRANT permission_type ON database.table TO ‘username’@’localhost’;

For example, to grant insert privileges to a MySQL user you would run the command:

GRANT INSERT ON *.* TO ‘username’@’localhost’;

You can replace the privilege level according to your needs. Run the command for each privilege you wish to grant.

If you want to limit the user’s access to a specific database, name that database before the dot. Likewise, you can restrict a user’s access to a particular table by naming it after the dot, as in the command below:

GRANT INSERT *database_name.table_name* TO ‘username’@’localhost’;

MySQL User Management

This section will help you list the privileges held by a user account, take privileges away from a user, and completely delete a user account. It will also show you how to log out of the root MySQL user account, and log back in under the account you’ve just created.

How to List MySQL User Account-Privileges

To display all the current privileges held by a user:

SHOW GRANTS username

Note: Refer to our article to learn how to list MySQL database users.


Grant All Privileges MySQL User Account

If you want to grant all privileges to a user account on all databases use the command:

GRANT ALL PRIVILEGES ON *.* TO 'database_user'@'localhost';

However, you can also grant all privileges to a user account on a specific database with the following command:

GRANT ALL PRIVILEGES ON database_name.* TO 'database_user'@'localhost';

Additionally, to grant all privileges to a user account over a specific table from a database type:

GRANT ALL PRIVILEGES ON database_name.table_name TO 'database_user'@'localhost';

Revoke Privileges MySQL User Account

To take back privileges from a specific user, use the REVOKE command. It works similar to the GRANT command, its basic syntax being:

REVOKE permission_type ON database.table TO ‘username’@’localhost’;

Remove an Entire User Account

To delete a MySQL user account use the command:

DROP USER ‘username’@’localhost’

Conclusion

You should now be able to create, modify, delete users and grant permissions in a MySQL database.

To improve security and limit accidental damage it is better to use a regular user instead of a root user in a production environment. You can also secure your database by limiting users only to the privileges required for their jobs.