MySQL Users and Privileges

 Check MySQL User Privileges

 

If you are running a multi-user MySQL database, handy commands that show a list of all existing MySQL users and their privileges may be on your cheat sheet. To find out all MySQL users and the permissions granted to each user, log in to your MySQL server, and run the following MySQL commands.

 

To get a list of MySQL users:

     mysql> select user,host from mysql.user;

 

User Host
root %
root 127.0.0.1
root localhost

3 rows in set (0.01 sec)

 

The above output shows a list of existing MySQL accounts. Note that a MySQL account has two components: user and host. This allows the same user to use different MySQL accounts depending on which host they are connecting from. “%” is a wildcard character interpreted as “any” host.

 

To find the privilege(s) granted to a particular MySQL account:

     mysql> show grants for ‘root’@'%’;

 

Grants for root@%
GRANT ALL PRIVILEGES ON *.* TO ‘root’@’%’ ….

1 row in set (0.00 sec)

 

As above, when you specify a particular MySQL account to check for privileges, use an account name constructed by user name and host name concatenated by “@”.

 

Create a New User

     CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';

But at this point newuser has no permissions to do anything with the databases. In fact, if newuser even tries to login (with the password, password), they will not be able to reach the MySQL shell.

Therefore, the first thing to do is to provide the user with access to the information they will need.

     GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';

The asterisks in this command refer to the database and table (respectively) that they can access—this specific command allows to the user to read, edit, execute and perform all tasks across all the databases and tables.

Once you have finalized the permissions that you want to set up for your new users, always be sure to reload all the privileges.

     FLUSH PRIVILEGES;

Your changes will now be in effect.

How To Grant Different User Permissions

Here is a short list of other common possible permissions that users can enjoy.

ALL PRIVILEGES- as we saw previously, this would allow a MySQL user all access to a designated database (or if no database is selected, across the system)

ALL [PRIVILEGES] Sets all simple privileges except GRANT OPTION
ALTER Enables use of ALTER TABLE
INDEX Enables use of CREATE INDEX and DROP INDEX
RELOAD Enables use of FLUSH
SHOW DATABASES SHOW DATABASES shows all databases
   
CREATE allows them to create new tables or databases
DROP allows them to them to delete tables or databases
DELETE allows them to delete rows from tables
INSERT allows them to insert rows into tables
SELECT allows them to use the Select command to read through databases
UPDATE allow them to update table rows
GRANT OPTION allows them to grant or remove other users’ privileges

 

 

To provide a specific user with a permission, you can use this framework:

     GRANT [type of permission] ON [database name].[table name] TO ‘[username]’@'localhost’;

If you want to give them access to any database or to any table, make sure to put an asterisk (*) in the place of the database name or table name.

Each time you update or change a permission be sure to use the Flush Privileges command.

Invoke Privileges

If you need to revoke a permission, the structure is almost identical to granting it:

    REVOKE [type of permission] ON [database name].[table name] FROM ‘[username]’@‘localhost’;

Just as you can delete databases with DROP, you can use DROP to delete a user altogether:

 

     DROP USER ‘demo’@‘localhost’;

To test out your new user, log out by typing

quit

and log back in with this command in terminal:

     mysql -u [username]-p

Leave a Comment

Your email address will not be published. Required fields are marked *