MySQL is a relational database management system, used for storing data in form of tables and records. You can insert, modify or retrieve data using SQL statements or programming languages. It allows us to create new users and grant permissions on tables of the database. As a good practice always use a separate user for all databases. This will ensure that the application can’t access other applications’ databases.
The purpose of this tutorial is to create a new user in the MySQL server and grant permissions to databases. This tutorial includes instructions to create users, and grant permission on all tables of specific databases or all tables of all databases.
Before We Begin
You must have a running MySQL server with administrative privilege account access. Login to the MySQL server with superuser or root account access. This will allow you to create new users and grant permissions to databases.
Firstly, connect to MySQL server to perform further instructions.
1. Create a New User in MySQL
Login to the MySQL server with a root user with shell access and create a new user named “rahul”. The below statement will allow accessing MySQL server to user rahul from the localhost only.
CREATE USER 'rahul'@'localhost' IDENTIFIED BY 'password';
Now assign the privileges to the specific database. The below command will allow all privileges on database “mydb” to user rahul.
GRANT ALL ON mydb.* TO 'rahul'@'localhost';
To grant all privileges on all databases, use below query:
GRANT ALL ON *.* TO 'rahul'@'localhost';
After creating or making any changes, make sure to reload privileges with the below SQL query.
2. Create MySQL User with Remote Access
To allow any user to connect to MySQL server from the remote system. You need to specify the hostname or IP address of the remote system. You can also use “%” as a wildcard character.
- For example, to create a MySQL user-accessible from specific IP only (eg: 192.168.1.10)
CREATE USER 'rahul'@'192.168.1.10' IDENTIFIED BY 'password';
- To create a MySQL user for a network range (eg: 192.168.1.0/24)
CREATE USER 'rahul'@'192.168.1.0/24' IDENTIFIED BY 'password';
- You can also create MySQL user account accessible from any host. In that case use “%” as wildcard character.
CREATE USER 'rahul'@'%' IDENTIFIED BY 'password';
3. Grant Permissions to Specific User
Please find below list of frequently used privileges in MySQL user. Visit here to get full list of privileges for MySQL user.
- ALL [PRIVILEGES] – Grant all privileges to user.
- CREATE – Grant user to create new databases and tables.
- DROP – Grant user to delete (drop) databases and tables.
- DELETE – Grant user to delete rows from tables.
- ALTER – Grant user to modify table structure.
- INSERT – Grant user to insert (add) rows into tables.
- SELECT – Grant user to run select command to read data from tables.
- UPDATE – Grant user to update data in tables.
- EXECUTE – Grant user to execute stored routines.
- FILE – Grant user to access file on server host.
- GRANT OPTION – Grant user to grant or remove other users’ privileges.
Here, you can specify privileges separated by a comma in place of ALL. For example to allow CREATE, DELETE, INSERT, and UPDATE access to ‘rahul’@’localhost’ on database mydb.
GRANT CREATE,DELETE,INSERT,UPDATE ON mydb.* TO 'rahul'@'localhost';
4. Revoke User Permissions in MySQL
Use the REVOKE statement to remove any specific privilege from the user. For example to remove the DELETE privilege from user ‘rahul’@’localhost’ on mydb database.
- To remove the specific permission from database, use query like:
REVOKE DELETE ON mydb.* TO 'rahul'@'localhost';
- To remove all permission of a user on a database, use query like:
REVOKE ALL ON mydb.* TO 'rahul'@'localhost';
- Even you can revoke permissions on all databases for the specific user.
REVOKE ALL ON *.* TO 'rahul'@'localhost';
After revoking the permission, you must run FLUSH PRIVILEGES; query to apply changes.
5. Drop User in MySQL
Use MySQL DROP statement to delete an existing user from server. For example to delete user ‘rahul’@’localhost’, execute the following query:
DROP USER 'rahul'@'localhost';
In this tutorial, you have learned to create a new user and grant permissions to the MySQL server. Also provided the instructions to change or revoke permissions of any MySQL user.