User Management & Privileges
Control who can access your database and what they can do with CREATE USER, GRANT, and REVOKE.
So far you have been working as a single all-powerful user. In production, you never give applications or users full access. Instead, you create specific users with only the permissions they need. This is the principle of least privilege, a cornerstone of database security.
Definition
MySQL user management controls who can access the database server and what they can do. CREATE USER creates accounts, GRANT assigns permissions, and REVOKE removes them.
Required step: User management requires administrative privileges. Some commands may not work in the playground. These are essential for real MySQL server administration.
Creating Users
A MySQL user is defined by a username and a host. The host determines where the user can connect from.
Create a user
CREATE USER 'app_user'@'localhost'
IDENTIFIED BY 'secure_password_123';Creates a user 'app_user' that can only connect from localhost (the same machine). The password is required.
Create a user for remote access
CREATE USER 'remote_user'@'192.168.1.%'
IDENTIFIED BY 'secure_password_123';Creates a user that can connect from any machine on the 192.168.1.x network. The % is a wildcard for the host IP.
Create a user for any host
CREATE USER 'admin'@'%'
IDENTIFIED BY 'secure_password_123';Creates a user that can connect from any machine. Use with caution. This is less secure than restricting the host.
Granting Privileges
Privileges control what a user can do. You can grant privileges on specific databases, tables, or globally.
Grant SELECT on a database
GRANT SELECT ON school.* TO 'app_user'@'localhost';Gives app_user read-only access to all tables in the school database. They can run SELECT but not INSERT, UPDATE, or DELETE.
Grant multiple privileges
GRANT SELECT, INSERT, UPDATE, DELETE
ON school.* TO 'app_user'@'localhost';Gives app_user full read/write access (but not DDL). They can query and modify data but cannot create or drop tables.
Grant all privileges on a database
GRANT ALL PRIVILEGES ON school.*
TO 'app_user'@'localhost';Gives app_user full control over the school database, including DDL (CREATE, ALTER, DROP). Use sparingly.
Grant global privileges
GRANT CREATE, ALTER, DROP ON *.*
TO 'admin'@'%';Gives the admin user global DDL privileges across all databases. This is very powerful and should only be given to database administrators.
Viewing and Revoking Privileges
Show grants for a user
SHOW GRANTS FOR 'app_user'@'localhost';Displays all privileges currently assigned to the user. Useful for auditing who has what access.
Revoke privileges
REVOKE INSERT, UPDATE ON school.*
FROM 'app_user'@'localhost';Removes INSERT and UPDATE privileges. The user retains SELECT and DELETE. You can revoke specific privileges without revoking everything.
Revoke all privileges
REVOKE ALL PRIVILEGES ON school.*
FROM 'app_user'@'localhost';Removes all privileges on the school database. The user still exists but cannot do anything on this database.
Dropping Users
Drop a user
DROP USER 'app_user'@'localhost';Removes the user and all their privileges. The user can no longer connect. This is permanent.
Drop if exists
DROP USER IF EXISTS 'app_user'@'localhost';Same as above but does not throw an error if the user does not exist. Safer in scripts.
Security rule:Principle of Least Privilege
Give each user only the minimum privileges they need to do their job. An application that only reads data should get SELECT only. A reporting tool might need SELECT and nothing else. Only database administrators should have CREATE, ALTER, and DROP.
Never give application users ALL PRIVILEGES. If the application is compromised, the attacker would have full control of your database.
FLUSH PRIVILEGES
After modifying grant tables directly with SQL (not through GRANT/REVOKE), you need to reload them for changes to take effect.
Reload privilege tables
FLUSH PRIVILEGES;Reloads the mysql.user and grant tables from disk. Only needed when you modify grant tables directly with INSERT, UPDATE, or DELETE. GRANT and REVOKE apply changes immediately.
Backing Up Your Database
Regular backups are essential. The mysqldump tool exports your database as SQL statements that can recreate the tables and data.
Back up a database
mysqldump -u root -p school > school_backup.sqlExports the entire school database to a SQL file. The file contains CREATE TABLE and INSERT statements. Use -u for username, -p for password prompt.
Restore from backup
mysql -u root -p school < school_backup.sqlImports the backup file into the school database. The SQL file recreates the tables and inserts all data.
Best practices:Backup Strategy
Automate backups. Use cron jobs or scheduled tasks to run mysqldump daily.
Store backups off-site. Keep copies on a different server or cloud storage.
Test restores regularly. A backup is useless if you cannot restore from it.
Use --single-transaction for InnoDB. This gives a consistent snapshot without locking tables.
MySQL Replication
Replication copies data from a master server to one or more replica servers in real time. It is used for load balancing, high availability, and disaster recovery.
Architecture:How Replication Works
Master server: Records all data changes in a binary log.
Replica server: Connects to the master and reads the binary log, then replays the changes.
The replica keeps a local copy of the master's data. Reads can be directed to the replica to reduce load on the master.
Basic replication setup
-- On the master:
CHANGE REPLICATION SOURCE TO
SOURCE_HOST='master_host',
SOURCE_USER='repl_user',
SOURCE_PASSWORD='password',
SOURCE_LOG_FILE='mysql-bin.000001',
SOURCE_LOG_POS=154;
-- On the replica:
START REPLICA;Configures the replica to connect to the master and start copying data. SHOW REPLICA STATUS on the replica shows the replication state.
What does GRANT SELECT ON school.* TO 'user'@'localhost' do?
Why should you restrict the host in CREATE USER?
Key Takeaways
- CREATE USER defines a username and restricts which hosts can connect.
- GRANT assigns specific privileges (SELECT, INSERT, etc.) on databases or tables.
- SHOW GRANTS displays a user's current privileges.
- REVOKE removes specific privileges without dropping the user.
- Follow the principle of least privilege. Give users only what they need.
- Never give application users ALL PRIVILEGES.
Ready to test your knowledge?
Take a Quiz