734

I want to create a new user in MySQL and give it full access only to one database, say dbTest, that I create with a command like create database dbTest;. What would be the MySQL commands to do that?

Braiam
  • 1
  • 11
  • 47
  • 78
jimgh
  • 7,357
  • 3
  • 16
  • 3

9 Answers9

907

Try this to create the user:

CREATE USER 'user'@'hostname';

Try this to give it access to the database dbTest:

GRANT ALL PRIVILEGES ON dbTest.* To 'user'@'hostname' IDENTIFIED BY 'password';

If you are running the code/site accessing MySQL on the same machine, hostname would be localhost.

Now, the break down.

GRANT - This is the command used to create users and grant rights to databases, tables, etc.

ALL PRIVILEGES - This tells it the user will have all standard privileges. This does not include the privilege to use the GRANT command however.

dbtest.* - This instructions MySQL to apply these rights for use in the entire dbtest database. You can replace the * with specific table names or store routines if you wish.

TO 'user'@'hostname' - 'user' is the username of the user account you are creating. Note: You must have the single quotes in there. 'hostname' tells MySQL what hosts the user can connect from. If you only want it from the same machine, use localhost

IDENTIFIED BY 'password' - As you would have guessed, this sets the password for that user.

Flimm
  • 136,138
  • 45
  • 251
  • 267
Dan McGrath
  • 41,220
  • 11
  • 99
  • 130
  • 93
    If you're allowing network access and want a connection from any host you can change 'hostname' to '%'. For example, ... TO 'dbuser'@'%' IDENTIFIED... '%' is the host wildcard. – physicsmichael Nov 12 '09 at 06:49
  • 23
    Don't forget to flush privileges when you're working on users and tables! :-) – corsiKa Apr 17 '12 at 21:42
  • Is there any official way to create a user w/o granting some privileges? To me this seems like calling `sudo apt-get install vim` to create a linux account for someone. – puk Apr 24 '12 at 04:12
  • @DanMcGrath is there a way to just give permissions to all users? or i have to insert the user and grant permissions to each one of them? – Washu May 27 '13 at 17:03
  • That command works for me , but i m getting one problem that "information_schema" table is also visible to that user, how to hide that table – Awais Usmani Feb 20 '14 at 12:22
  • 36
    This worked for me: CREATE USER 'user1'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON db_database1.* To 'user1'@'localhost' IDENTIFIED BY 'password'; FLUSH PRIVILEGES; – Mohamad Fakih Mar 27 '14 at 07:02
  • 7
    @DanMcGrath : Is IDENTIFIED BY 'password' clause mandatory, if the user already exists and has a password? – nanosoft Mar 22 '15 at 20:11
  • For me, 'user'@'hostname' did not work, but 'user'@hostname did (no quotes on host) on 5.5.49-MariaDB. – crafter May 23 '16 at 08:03
  • 13
    Using GRANT to create a new user will be removed in future releases of MySQL (it is deprecated at the time of writing this). In the future it will have to be done with two calls, CREATE USER then GRANT. – Darren Felton Jun 30 '16 at 12:04
  • 2
    The answer is deprecated in mysql8 – Pavel Niedoba Nov 11 '19 at 14:24
  • In MySQL 8.0.21 you can only run "GRANT ALL PRIVILEGES ON dbTest.* To 'user'@'hostname';". If you want to set user password you can use other queries like "ALTER USER 'user'@'hostname' IDENTIFIED BY 'your_password';" – Wibisono Indrawan Sep 18 '20 at 08:49
440

Syntax

To create user in MySQL/MariaDB 5.7.6 and higher, use CREATE USER syntax:

CREATE USER 'new_user'@'localhost' IDENTIFIED BY 'new_password';

then to grant all access to the database (e.g. my_db), use GRANT Syntax, e.g.

GRANT ALL ON my_db.* TO 'new_user'@'localhost';

Where ALL (priv_type) can be replaced with specific privilege such as SELECT, INSERT, UPDATE, ALTER, etc.

Then to reload newly assigned permissions run:

FLUSH PRIVILEGES;

Executing

To run above commands, you need to run mysql command and type them into prompt, then logout by quit command or Ctrl-D.

To run from shell, use -e parameter (replace SELECT 1 with one of above commands):

$ mysql -e "SELECT 1"

or print statement from the standard input:

$ echo "FOO STATEMENT" | mysql

If you've got Access denied with above, specify -u (for user) and -p (for password) parameters, or for long-term access set your credentials in ~/.my.cnf, e.g.

[client]
user=root
password=root

Shell integration

For people not familiar with MySQL syntax, here are handy shell functions which are easy to remember and use (to use them, you need to load the shell functions included further down).

Here is example:

$ mysql-create-user admin mypass
| CREATE USER 'admin'@'localhost' IDENTIFIED BY 'mypass'

$ mysql-create-db foo
| CREATE DATABASE IF NOT EXISTS foo

$ mysql-grant-db admin foo
| GRANT ALL ON foo.* TO 'admin'@'localhost'
| FLUSH PRIVILEGES

$ mysql-show-grants admin
| SHOW GRANTS FOR 'admin'@'localhost'
| Grants for admin@localhost                                                                                   
| GRANT USAGE ON *.* TO 'admin'@'localhost' IDENTIFIED BY PASSWORD '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4' |
| GRANT ALL PRIVILEGES ON `foo`.* TO 'admin'@'localhost'

$ mysql-drop-user admin
| DROP USER 'admin'@'localhost'

$ mysql-drop-db foo
| DROP DATABASE IF EXISTS foo

To use above commands, you need to copy&paste the following functions into your rc file (e.g. .bash_profile) and reload your shell or source the file. In this case just type source .bash_profile:

# Create user in MySQL/MariaDB.
mysql-create-user() {
  [ -z "$2" ] && { echo "Usage: mysql-create-user (user) (password)"; return; }
  mysql -ve "CREATE USER '$1'@'localhost' IDENTIFIED BY '$2'"
}

# Delete user from MySQL/MariaDB
mysql-drop-user() {
  [ -z "$1" ] && { echo "Usage: mysql-drop-user (user)"; return; }
  mysql -ve "DROP USER '$1'@'localhost';"
}

# Create new database in MySQL/MariaDB.
mysql-create-db() {
  [ -z "$1" ] && { echo "Usage: mysql-create-db (db_name)"; return; }
  mysql -ve "CREATE DATABASE IF NOT EXISTS $1"
}

# Drop database in MySQL/MariaDB.
mysql-drop-db() {
  [ -z "$1" ] && { echo "Usage: mysql-drop-db (db_name)"; return; }
  mysql -ve "DROP DATABASE IF EXISTS $1"
}

# Grant all permissions for user for given database.
mysql-grant-db() {
  [ -z "$2" ] && { echo "Usage: mysql-grand-db (user) (database)"; return; }
  mysql -ve "GRANT ALL ON $2.* TO '$1'@'localhost'"
  mysql -ve "FLUSH PRIVILEGES"
}

# Show current user permissions.
mysql-show-grants() {
  [ -z "$1" ] && { echo "Usage: mysql-show-grants (user)"; return; }
  mysql -ve "SHOW GRANTS FOR '$1'@'localhost'"
}

Note: If you prefer to not leave trace (such as passwords) in your Bash history, check: How to prevent commands to show up in bash history?

kenorb
  • 155,785
  • 88
  • 678
  • 743
  • 1
    Do you need to create the user and grant privileges separately? I've found that the grant command seems to create the user itself, at least looking in the mysql.user table it looks that way. – Tim Jan 03 '17 at 06:36
  • @CreativityKills Will work with the password if you add them into your `~/.my.cnf` as suggested above. – kenorb Feb 26 '17 at 17:55
  • leaving traces of the password in shell history is not a great idea – dmirkitanov Mar 29 '19 at 08:31
  • 1
    @dmirkitanov You can prevent that by adding a space, see: [How to prevent commands to show up in bash history?](https://stackoverflow.com/q/6475524/55075) – kenorb Mar 29 '19 at 11:06
  • use this if you want to grant for all DB's `GRANT ALL ON *.* TO 'new_user'@'localhost';` don't forget to run `FLUSH PRIVILEGES;` – Ravi Soni Apr 08 '22 at 09:47
65

To create a user and grant all privileges on a database.

Log in to MySQL:

mysql -u root

Now create and grant

GRANT ALL PRIVILEGES ON dbTest.* To 'user'@'hostname' IDENTIFIED BY 'password';

Anonymous user (for local testing only)

Alternately, if you just want to grant full unrestricted access to a database (e.g. on your local machine for a test instance, you can grant access to the anonymous user, like so:

GRANT ALL PRIVILEGES ON dbTest.* To ''@'hostname'

Be aware

This is fine for junk data in development. Don't do this with anything you care about.

superluminary
  • 47,086
  • 25
  • 151
  • 148
  • 3
    You can create an anonymous user like that, but don't! There is no good reason to have a user with full privileges and no password, but it might well ruin you day/year/business/job one day if someone gets access to your server who shouldn't have. Why make anything else easier for them? – Luke Cousins Sep 10 '14 at 19:17
  • 3
    If someone has gained remote access to my macbook, I have more things to worry about than the contents of my development database. I should re-iterate, this is for local testing only, don't do this with real data. – superluminary Sep 11 '14 at 10:14
  • 4
    Exactly, with all those other things to worry about, don't worry about the contents of your dev database as well. Your dev database might (probably will) have snippets of live database data (e.g. for replicating a bug) which every effort should be made to keep secure. There is simply no need to have database access without a password. It doesn't even save time. Not worth the potential hassle. – Luke Cousins Sep 11 '14 at 19:48
  • 2
    Perhaps. In my case it's junk data, I'll live with the risk. – superluminary Sep 12 '14 at 13:16
19
$ mysql -u root -p -e "grant all privileges on dbTest.* to
`{user}`@`{host}` identified by '{long-password}'; flush privileges;"

ignore -p option, if mysql user has no password or just press "[Enter]" button to by-pass. strings surrounded with curly braces need to replaced with actual values.

S.K. Venkat
  • 1,749
  • 2
  • 23
  • 35
13

You can create new users using the CREATE USER statement, and give rights to them using GRANT.

candiru
  • 4,424
  • 2
  • 22
  • 16
11

To me this worked.

CREATE USER 'spowner'@'localhost' IDENTIFIED BY '1234'; 
GRANT ALL PRIVILEGES ON test.* To 'spowner'@'localhost'; 
FLUSH PRIVILEGES;

where

  • spowner : user name
  • 1234 : password of spowner
  • test : database 'spowner' has access right to
Park JongBum
  • 1,245
  • 1
  • 16
  • 27
4

The below command will work if you want create a new user give him all the access to a specific database(not all databases in your Mysql) on your localhost.

GRANT ALL PRIVILEGES ON test_database.* TO 'user'@'localhost' IDENTIFIED BY 'password';

This will grant all privileges to one database test_database (in your case dbTest) to that user on localhost.

Check what permissions that above command issued to that user by running the below command.

SHOW GRANTS FOR 'user'@'localhost'

Just in case, if you want to limit the user access to only one single table

GRANT ALL ON mydb.table_name TO 'someuser'@'host';
Community
  • 1
  • 1
Prabhakar
  • 6,458
  • 2
  • 40
  • 51
  • Syntax error & a typo in your first line, the "PRIVILEGES ON 'test_datase'" shouldn't have quotes, should have the the ".*" after it, eg, test_datase.*, and is a typo, should be "test_database". – Brettins Sep 19 '16 at 23:08
1

In case the host part is omitted it defaults to the wildcard symbol %, allowing all hosts.

CREATE USER 'service-api';

GRANT ALL PRIVILEGES ON the_db.* TO 'service-api' IDENTIFIED BY 'the_password'

SELECT * FROM mysql.user;
SHOW GRANTS FOR 'service-api'
dummyDev
  • 421
  • 2
  • 8
-2

Experienced this issue when trying to create a database on MyQL using MySQL Workbench running on a Windows machine.

The commands below worked on a Linux machine MySQL CLI:

CREATE USER 'my_user'@'%' IDENTIFIED BY 'fgj7dyfgteh';
CREATE DATABASE my-database ;
USE my-database ;
GRANT ALL PRIVILEGES ON 'my-database'.* TO 'my_user'@'%' IDENTIFIED BY 'my-password' ;

But did not work on MySQL Workbench running on a Windows machine. I had to use the commands below instead. Take note of how the

`

symbol and the

'

were used in the commands:

CREATE DATABASE `my-database` ;
USE `my-database` ;
GRANT ALL PRIVILEGES ON `my-database`.`*` TO `my_user`@`%` IDENTIFIED BY 'my-password' ;

OR

CREATE SCHEMA `my-database` ;
USE `my-database` ;
GRANT ALL PRIVILEGES ON `my-database`.`*` TO `my_user`@`%` IDENTIFIED BY 'my-password' ;
Promise Preston
  • 24,334
  • 12
  • 145
  • 143