Create new user in MySQL and give it full access to one database
For the folks in a hurry, here's how to set up a new MySQL user with full power over a specific database:
Replace 'username'
, 'host'
, 'new_password'
, and 'dbname'
with your actual information.
What privileges are you granting?
The keyword ALL PRIVILEGES
is like a power suit for your MySQL user. It includes standard operations (SELECT
, INSERT
, UPDATE
, DELETE
, etc.) but it's no "Infinity Gauntlet", the user cannot grant permissions to others themselves.
If you want to set specific table access, use yourDb.yourTable
instead of yourDb.*
. Also, don't forget to put database names, usernames, or hostnames in single quotes. It's like putting your dog on a leash; you don't want it biting strangers or running off!
Password security during setup
Sure, CREATE USER
can create a password, but real devs know password setting happens at the GRANT PRIVILEGES
show:
Worried about the eavesdroppers? Secure those credentials! Store them in the ~/.my.cnf
file; it's like the Fort Knox for credentials.
Terminal commands and shortcuts
Elevate your command-line game with this little trick:
Sprinkle some magic by creating shell commands like mysql-create-user
and mysql-drop-user
. It's like having your own wand for database operations!
Refresh your privileges
After the whole shebang of granting privileges, FLUSH PRIVILEGES;
comes to play. It's the bouncer ensuring the newly permitted user gets the proper access.
Fine-tuning the privileges
Sometimes you may not want a user to rain over your database. That’s when you handpick privileges like a chef choosing ingredients:
Wanna kick a user out? Use REVOKE
and lay down the law:
Look but don't touch, granting privileges rule
The GRANT OPTION
is a double-edged sword. It allows a user to grant access, but doesn't mean they should possess it. Let's avoid creating "Doctor Octopus" in our databases.
Working with unknown hosts
If you're unsure about the host, the wildcard %
can be used. However, exposing your database to all hosts is equivalent of leaving your house door open. It's a bad security practice.
Always go for a specific hostname or IP whenever possible.
Regular audits
Keep your finger on the pulse of access rights. Make regular check-ups of who’s got the keys to your kingdom. Your future self will thank you!
Was this article helpful?