Add new user with GRANT statement in MySQL database

There are 2 different ways to add users: by using the grant statement or by directly manipulating the MySQL authorization table. The better approach is to use the GRANT statement because they are more concise and seem to have fewer errors.

The following example shows how to install a new user using a MySQL client. These examples assume that permissions have been installed by default. This means that in order to change, you have to be in MySQL running on the same machine, you must be connected as a MySQL root user, and the root user must have Insert permissions and reload administrative privileges on the MySQL database. In addition, if you change the root password, you must specify it as the MySQL command below.

You can add a new user by issuing a GRANT statement:

shell> mysql --user=root mysql
mysql> GRANT ALL PRIVILEGES ON *.* TO monty@localhost
　　　IDENTIFIED BY 'something' WITH GRANT OPTION;
mysql> GRANT ALL PRIVILEGES ON *.* TO monty@"%"
　　　IDENTIFIED BY 'something' WITH GRANT OPTION;
mysql> GRANT RELOAD,PROCESS ON *.* TO admin@localhost;
mysql> GRANT USAGE ON *.* TO dummy@localhost;

These grant statements install 3 new users:

Monty: A complete superuser who can connect to a server from anywhere, but must use a password (' Something ' to do this.) Note that we must issue a grant statement to Monty@localhost and monty@ "%". If we add a localhost entry, an entry created by mysql_install_db for the localhost anonymous user entry when we connect from the local host is preferred, because it has a more specific host field value, so it's an earlier arrival in the user table order.

Admin: Users who can connect from localhost without a password and are granted reload and process management privileges. This allows the user to perform mysqladmin reload, mysqladmin refresh and mysqladmin flush-* commands, as well as Mysqladmin processlist. No permissions are granted to the database. They can authorize it later by issuing another grant statement.

Dummy: A user can connect without a password, but only from the local host. Global permissions are set to ' N '--usage permission type allows you to set a user without permission. It assumes that you will grant database-related permissions at a later time.

You can also add the same user access information directly by issuing an INSERT statement, and then tell the server to reload the authorization table again:

shell> mysql --user=root mysql
mysql> INSERT INTO user VALUES('localhost','monty',PASSWORD('something'),
　　　　'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')
mysql> INSERT INTO user VALUES('%','monty',PASSWORD('something'),
　　　　'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')
mysql> INSERT INTO user SET Host='localhost',User='admin',
　　　　 Reload_priv='Y', Process_priv='Y';
mysql> INSERT INTO user (Host,User,Password)
　　　　　　VALUES('localhost','dummy','');
mysql> FLUSH PRIVILEGES;

Depending on your MySQL version, for the above, you may have to use a different number of ' Y ' values (there are fewer rights columns in previous versions of 3.22.11). For admin users, the syntax for only more readable insert extensions with versions that start with 3.22.11.

Note that in order to set up a superuser, you simply create a user table entry with the permission field set to ' Y '. No entries for DB or host tables are required.

The permission columns in the user table are not explicitly set by the last INSERT statement (to the dummy user), so those columns are given the default value ' N '. This is the same thing that grant usage did.

The following example adds a user custom, who can connect localhost, server.domain, and whitehouse.gov from the host. He only wants to access the BankAccount database from the localhost, access the expenses database from whitehouse.gov, and access the customer database from all 3 hosts. He wants to use the password stupid from all 3 hosts.

To use the GRANT statement to set permissions for a user, run these commands:

shell> mysql --user=root mysql
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
　　　ON bankaccount.*
　　　TO custom@localhost
　　　IDENTIFIED BY 'stupid';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
　　　ON expenses.*
　　　TO custom@whitehouse.gov
　　　IDENTIFIED BY 'stupid';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
　　　ON customer.*
　　　TO custom@'%'
　　　IDENTIFIED BY 'stupid';

Set user permissions by directly modifying the authorization table to run these commands (note that flush privileges at the end):

shell> mysql--user=root mysql
mysql> INSERT into User (Host,user,password)
VALUES (' localhost ', ' Custom ', PASSWORD (' stupid '));
mysql> INSERT into User (Host,user,password)
VALUES (' Server.domain ', ' Custom ', Password (' stupid '));
Mysql> INSERT into User (Host,user,password)
VALUES (' whitehouse.gov ', ' Custom ', Password (' stupid '));
Mysql> INSERT into DB
(Host,db,user,select_priv,insert_priv,update_priv,delete_priv,
Create_priv,drop_ PRIV)
VALUES
(' localhost ', ' bankaccount ', ' Custom ', ' y ', ' y ', ' y ', ' y ', ' y ', ' y ');
Mysql> INSERT into DB
(Host,db,user,select_priv,insert_priv,update_priv,delete_priv,
Create_priv,drop_ PRIV)
VALUES
(' whitehouse.gov ', ' expenses ', ' custom ', ' y ', ' y ', ' y ', ' y ', ' y ', ' y ');
Mysql> INSERT into DB
(Host,db,user,select_priv,insert_priv,update_priv,delete_priv,
Create_priv,drop_ Priv
VALUES ('% ', ' customer ', ' Custom ', ' y ', ' y ', ' y ', ' y ', ' y ', ' y ');
mysql> FLUSH privileges;