How To Create a New User and Grant Permissions in MySQL

MySQL is an open-source database management system that is often used as part of the LAMP stack (Linux, Apache, MySQL, and PHP). In this guide, we will show you how to create a new MySQL user and grant them the necessary permissions to perform various actions.

To begin, log in to the MySQL prompt as the root user:

1
mysql -u root -p

To create a new user, use the CREATE USER statement in the following format:

1
CREATE USER 'username'@'host' IDENTIFIED WITH authentication_plugin BY 'password';

Replace username with the desired username and host with the hostname where the user will connect from. If the user will only be accessing the database locally, you can use localhost or 0.0.0.0. It is also possible to specify a specific netmask, such as 192.168.1.%, to allow access from a specific range of IP addresses.

If you are planning to use the database with a PHP application (such as phpMyAdmin), you may want to create a user that authenticates with the mysql_native_password plugin instead of the default caching_sha2_password plugin due to a known issue with some versions of PHP. To do this, use the following CREATE USER statement:

1
CREATE USER 'app'@'host' IDENTIFIED WITH mysql_native_password BY 'password';

If you have already created a user with the caching_sha2_password plugin, you can use the ALTER USER statement to change the authentication method:

1
ALTER USER 'app'@'host' IDENTIFIED WITH mysql_native_password BY 'password';

To grant a user privileges, use the following syntax:

1
GRANT PRIVILEGE ON database.table TO 'app'@'host';

The available privileges include ALL PRIVILEGES, which allows full server administration, and various privileges for specific contexts such as tables, routines, and databases. You can also use ALL to grant all privileges within a specific context.

For example, to grant all privileges on a database called mydatabase to the user app@localhost, use the following command:

1
GRANT ALL PRIVILEGES ON mydatabase.* TO 'app'@'localhost';

You can also grant specific privileges rather than all privileges. For example, to grant the SELECT, INSERT, and UPDATE privileges on a table called mytable in the mydatabase database to the user app@localhost, use the following command:

1
GRANT SELECT, INSERT, UPDATE ON mydatabase.mytable TO 'app'@'localhost';

Once you have granted the desired privileges to the user, don’t forget to flush the privileges to apply the changes:

1
FLUSH PRIVILEGES;

Summary of Available Privileges

PrivilegeContext
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_allServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_alterTables
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_alter-routineStored routines
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_createDatabases, tables, or indexes
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_create-roleServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_create-routineStored routines
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_create-tablespaceServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_create-temporary-tablesTables
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_create-userServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_create-viewViews
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_deleteTables
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_dropDatabases, tables, or views
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_drop-roleServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_eventDatabases
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_executeStored routines
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_fileFile access on server host
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_grant-optionDatabases, tables, or stored routines
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_indexTables
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_insertTables or columns
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_lock-tablesDatabases
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_processServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_proxyServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_referencesDatabases or tables
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_reloadServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_replication-clientServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_replication-slaveServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_selectTables or columns
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_show-databasesServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_show-viewViews
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_shutdownServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_superServer administration
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_triggerTables
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_updateTables or columns
https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_usageServer administration

Revoke a permission

1
REVOKE type_of_permission ON database_name.table_name FROM 'app'@'host';

Delete a user

1
DROP USER 'app'@'host';

That’s it! You have now successfully created a new MySQL user and granted them the necessary permissions.