Step-by-Step: Setting Up User Accounts and Permissions in MariaDB/MySQL

2024-07-27
  • MariaDB/MySQL: Relational database management systems (RDBMS) used for storing and managing data.
  • Privileges: Permissions granted to users or accounts that control what actions they can perform on the database server and within specific databases.
  • mysql: The command-line tool or client program used to interact with the MariaDB/MySQL server.

Ownership vs. Privileges:

  • Unlike some file systems, MariaDB/MySQL doesn't have a concept of "ownership" for databases. Instead, it uses a more granular system of privileges.

Setting Privileges:

  1. Create a User Account:

    • Use the CREATE USER statement in mysql to create a user account with a username and password.
    • Example: CREATE USER 'new_user'@'localhost' IDENTIFIED BY 'strong_password';

  2. Grant Privileges:

    • Use the GRANT statement to assign specific privileges to the user account.
    • Privileges can be:
      • Global (server-wide): CREATE DATABASE, DROP DATABASE, GRANT OPTION, etc.
      • Database-specific: SELECT, INSERT, UPDATE, DELETE on specific databases or tables.
    • Example: GRANT SELECT, INSERT ON my_database.* TO 'new_user'@'localhost'; (Grants select and insert permissions on all tables in my_database to new_user from localhost)

  3. Revoke Privileges (Optional):

    • Use the REVOKE statement to remove previously granted privileges.
    • Example: REVOKE SELECT ON my_database.my_table FROM 'new_user'@'localhost';

Important Considerations:

  • The mysql user you use to execute these statements must have the GRANT OPTION privilege to grant privileges to others.
  • Be cautious when granting privileges, especially global ones, as they can give users a lot of power.
  • Use specific privileges instead of ALL PRIVILEGES for better security.

Additional Tips:

  • Consider using roles to group related privileges for easier management.
  • Regularly review and update user privileges to ensure they align with current needs.


CREATE USER 'new_user'@'localhost' IDENTIFIED BY 'strong_password';

This code creates a user named new_user who can connect from the local machine (localhost) and uses the password strong_password for authentication.

Granting Database-Specific Privileges:

GRANT SELECT, INSERT ON my_database.* TO 'new_user'@'localhost';

This code grants the new_user the ability to:

  • Select data (SELECT) from all tables (.*) within the database named my_database.
  • Insert data (INSERT) into all tables within my_database.

Granting Global Privileges (Use with Caution):

GRANT CREATE DATABASE, DROP DATABASE ON *.* TO 'admin_user'@'%';
  • Create databases (CREATE DATABASE) anywhere on the server (*.*).

Important: Be very cautious when granting global privileges, as it gives the user a significant amount of control over the database server.

Revoking Privileges:

REVOKE SELECT ON my_database.my_table FROM 'new_user'@'localhost';

This code removes the SELECT privilege for the table my_table within the my_database from the new_user.

Remember to replace placeholders like strong_password, my_database, and my_table with your specific values.



  • If you prefer a graphical user interface (GUI), tools like phpMyAdmin provide a user-friendly interface for creating users and managing privileges. These tools translate the underlying SQL statements into a point-and-click experience.

User Management Tools (for advanced users):

  • For more advanced scenarios or managing user privileges across multiple servers, you might explore tools like:
    • Ansible: Allows automation of user creation and privilege management through configuration files.
    • Puppet: Similar to Ansible, uses configuration management for automated user and privilege setup.

External Authentication Mechanisms:

  • For increased security, consider using external authentication mechanisms like:
    • LDAP (Lightweight Directory Access Protocol): Leverages existing user directories for centralized authentication.
    • Active Directory (Windows-specific): Integrates with Active Directory for user management.

Roles (MariaDB 10.1+):

  • MariaDB 10.1 introduced roles as a way to group related privileges. You can assign roles to users, simplifying privilege management.

Stored Procedures (for complex logic):

  • For very specific privilege control scenarios, you could create stored procedures that handle user creation and privilege assignments based on specific criteria.

While these approaches offer different interfaces or advanced control, they ultimately rely on the underlying CREATE USER and GRANT statements to manage user access in the database.

Choosing the Right Approach:

The best method depends on your specific context:

  • Simple user setup: Use CREATE USER and GRANT statements directly.
  • GUI preference: Use phpMyAdmin or similar tools.
  • Automation needs: Explore Ansible or Puppet.
  • Enhanced security: Consider external authentication.
  • Granular control (MariaDB 10.1+): Utilize roles.
  • Highly specific logic: Create stored procedures (advanced use case).

mysql privileges mariadb


Keeping Your Database Schema in Sync: Versioning with a Schema Changes Table

Create a table in your database specifically for tracking changes. This table might have columns like version_number (integer...

 
php mysql database Keeping Your Database Schema in Sync: Versioning with a Schema Changes Table

Visualize Your MySQL Database: Reverse Engineering and ER Diagrams

Here's a breakdown of how it works:Some popular tools for generating MySQL database diagrams include:MySQL Workbench: This free...

 
mysql database design Visualize Your MySQL Database: Reverse Engineering and ER Diagrams

Level Up Your MySQL Skills: Exploring Multiple Update Techniques

This is the most basic way. You write separate UPDATE statements for each update you want to perform. Here's an example:...

 
mysql sql update Level Up Your MySQL Skills: Exploring Multiple Update Techniques

Retrieving Your MySQL Username and Password

Understanding the Problem: When working with MySQL databases, you'll often need to know your username and password to connect...

 
mysql workbench Retrieving Your MySQL Username and Password

Managing Databases Across Development, Test, and Production Environments

Developers write scripts containing SQL statements to define the database schema (structure) and any data changes. These scripts are like instructions to modify the database...

 
mysql svn Managing Databases Across Development, Test, and Production Environments


mysql privileges mariadb

Optimizing Your MySQL Database: When to Store Binary Data
Optimizing Your MySQL Database: When to Store Binary Data

Binary data is information stored in a format computers understand directly. It consists of 0s and 1s, unlike text data that uses letters

Enforcing Data Integrity: Throwing Errors in MySQL Triggers

MySQL: A popular open-source relational database management system (RDBMS) used for storing and managing data.Database: A collection of structured data organized into tables

Bridging the Gap: Transferring Data Between SQL Server and MySQL

SSIS is a powerful tool for Extract, Transform, and Load (ETL) operations. It allows you to create a workflow to extract data from one source

Replacing Records in SQL Server 2005: Alternative Approaches to MySQL REPLACE INTO
Replacing Records in SQL Server 2005: Alternative Approaches to MySQL REPLACE INTO

SQL Server 2005 doesn't have a direct equivalent to REPLACE INTO. You need to achieve similar behavior using a two-step process:

When Does MySQL Slow Down? It Depends: Optimizing for Performance

Hardware: A beefier server with more RAM, faster CPU, and better storage (like SSDs) can handle much larger databases before slowing down