How To Create New User and Set, Grant Permissions To User In MySQL and MariaDB?
MySQL provides ability to create and users from its shell. Security is important part of the database servers. In this tutorial we will examine how to create users and manage privileges in MySQL database server. We will specifically learn restrict user access to a database, database server, grant different type of privileges, print these privileges.
Login To MySQL Shell
In order to create user and manage privileges of this user we will login to the MySQL shell. MySQL shell provides ability to access databases, run SQL queries, administrative operations like create user, delete user, manage user privileges. We will use mysql command with the user name which is root in this case. We will provide the root user password too.
1 | $ sudo mysql -u root -p |
Login To MySQL Shell
Create New Database User
We will use CREATE USER command by providing the user name, host name and password. Host name is used to set whether the user can connect from given host. In this example we specify the localhost which means given user ismail can only connect from localhost to this database server. We also provide the password as SoS3cret..!
1 | > CREATE USER 'ismail'@'localhost' IDENTIFIED BY 'SoS3cret..!'; |
Create New User
As it is successfully created Query OK, 0 rows affected (0.01 sec) is printed.
Remove Existing Database User
If we do not need given database user we have to remove user because it may create security problems and unintended database access. We can remove existing database user with DROP USER command by providing the user name and access host name. In this example we will remove user ismail with localhost access.
1 | > DROP USER ismail@localhost; |
Remove Existing Database User
List Existing Database Users
After creating a database user we may want to check and list existing users in MySQL database. In this case we will use an SQL statement which will list content of the mysql database user table. user table in the mysql database holds database server users and related information like password etc. We will use SELECT User statement.
1 | > SELECT User FROM mysql.user; |
List Existing Database Users
Create New User with To Access Specific Database
We can specify a user only access to the specified databases. This will prevent the user access to other databases. We will use GRANT ALL PRIVILEGES command in this case by providing the database name, user name and host name. In the following example we will grant all privileges of database poftut to the user ismail .
1 | > GRANT ALL PRIVILEGES ON poftut . * TO 'ismail'@'localhost'; |
Create New User with To Access Specific Database
Write Changes To Database
Changes may be stored in cache which will not effect immediately. We can write these changes into the database server explicitly with the following command.
1 | > FLUSH PRIVILEGES; |
Write Changes To Database
Create New User with Access Location
We can also specify the access location for the given user and database. Up to now we have used the localhost which is a secure way where only local users can access. We can also provide access rights for specific network or host. In this example we will provide access from IP Address 192.168.1.10 .
1 | > GRANT ALL PRIVILEGES ON poftut . * TO 'ismail'@'192.168.1.10'; |
Show and List Given User Privileges
We may want to list granted privileges for the given user. We will use SHOW GRANTS FOR command for this operation. In this example we will list granted privileges for user ismail access from localhost.
1 | > SHOW GRANTS FOR ismail@localhost; |
Show and List Given User Privileges
