Open in app

Sign in

Write

Sign in

How to Create a New User and Grant Privileges in MySQL

It's All in the Data, Folks
3 min readMay 23, 2023

In this article, we will discuss how to grant different levels of permissions to third parties and provide access to created tables in MySQL. Setting up a user account is the first step because you cannot perform any action without it.

How to Create a Regular User in MySQL

To add a user to MySQL, you must have privileges to create users. The query syntax is as follows:

CREATE USER [IF NOT EXISTS]
  user [auth_option] [, user [auth_option]] …
  DEFAULT ROLE role [, role ] …
  [REQUIRE {NONE | tls_option [[AND] tls_option] …}]
  [WITH resource_option [resource_option] …]
  [password_option | lock_option] …
  [COMMENT 'comment_string' | ATTRIBUTE 'json_object']

The [square brackets] indicate optional parameters.

Field description:

  • If [IF NOT EXISTS] is specified, the query will not be interrupted if an error occurs.
  • User: the name of the account. It consists of a user name and hostname (‘user_name’@’host_name’). The ‘host_name’ part is optional (specifies the hostname from which the connection can be established; % means “all possible hosts”). If we want to create a remote connection user in MySQL, we can specify a domain name, IP address, or subnet address. An account name consisting only of a username can be written as ‘user_name’@’%’. Such an account will be accessible from any host. It is also possible to create an anonymous user: ‘’@’localhost.
  • [auth_option] is an optional value that specifies how the account is authenticated (password, lock properties, etc.)
  • DEFAULT ROLE specifies the role of the user.
  • If REQUIRE {NONE | tls_option [[AND] tls_option] …} is specified, it checks the X.509 certificate in addition to the ordinary authentication.
  • WITH allows you to set a limit on the use of server resources. For example, limit the number of requests, updates, or connections to the server.
  • password_option is for password management parameters: validity period, reuse restriction, and failed-login attempts tracking.
  • COMMENT…| ATTRIBUTE allows adding user comments or attributes in JSON format (cannot be used simultaneously).

Granting Privileges

Creating users and granting them privileges to the database in MySQL is the first thing you should do. To grant privileges or assign a role (a named set of privileges), use the GRANT operator. But you cannot do both at the same time.

To grant privileges, you must have privileges yourself.

The syntax for defining an account’s role:

GRANT role [, role] …
  TO user_or_role [, user_or_role] …
  [WITH ADMIN OPTION]

Field description:

  • role: the role we are granting.
  • user_or_role: account’s name or role.
  • If WITH ADMIN OPTION is specified, it is possible to grant the role to someone else from the account with this role. Example:
GRANT 'role1', 'role2' TO 'user1'@'localhost', 'user2'@'localhost';

The syntax for adding privileges:

GRANT
  priv_type
  ON [object_type] priv_level
  TO user_or_role

Field description:

  • The priv_type is the privilege type. There are many of them: to create tables, update, populate, or delete them; to create roles, users, and indexes; to administer backups and accounts without passwords, and much more.
  • object_type specifies the next object’s type (TABLE, FUNCTION, or PROCEDURE).
  • priv_level specifies the privilege level.

Privileges can be:

  • Global: these privileges apply to all databases on the server. The syntax:

ON *.*

GRANT SELECT, INSERT ON *.* TO 'user_name'@'localhost';
  • For databases: apply to all objects in the specified database and create or delete tables. Example:
GRANT SELECT, INSERT ON mydb.* TO 'user_name'@'localhost';
  • For tables: apply to all columns in a table, like to insert or update records. Example:
GRANT SELECT, INSERT ON mydb.mytable TO 'user_name'@'localhost';
  • For columns: apply to certain columns (insert, view, update data). In the example, the privilege is followed by the column name in parentheses:
GRANT SELECT (col1), INSERT (col1, col2) ON mydb.mytbl TO 'user_name'@'localhost';

There are also subroutine and proxy user privileges.

If you grant all privileges to the account, you can create a “superuser”:

GRANT ALL ON *.* TO 'user_name'@'localhost';

To revoke the roles or privileges of an account, use REVOKE.

REVOKE INSERT ON *.* FROM 'user_name'@'localhost';

We revoke the user’s privilege to insert data into tables at the global level.

To remove a user, use DROP:

DROP USER 'user_name'@'localhost';

In conclusion, creating a new user and assigning privileges in MySQL is crucial for managing your database. With these tips, you can easily create a new user account and assign privileges to it and ensure that your data is secure and accessible only to authorized users.

Sql
MySQL
Database

--

--

It's All in the Data, Folks

Written by It's All in the Data, Folks

20 Followers

CEO & Founder of Valiotti Analytics, also the Driving Force of Cyprus Data Community and Data Science PhD | Master of Analytics @ US Georgia Tech (in progress)

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams