MySQL: Adding Users To MySQL


This document describes how to add a new user account to MySQL.


The minimal MySQL account will need the following SQL commands run to create the account, assign a password and grant access to a database.

Note that MySQL has a multi-tiered method of granting access to aspects of the database. The user's access is applied, followed by the database/user's access. It is usually a good policy to avoid granting the user any access, then enabling small amounts of access based on the database/user record. Here is typical example:

INSERT INTO user VALUES ('%', 'user', password('password'),
'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N',
'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N', 'N',
'N', '', '', '', '', 0, 0, 0);
INSERT INTO db VALUES ('%', 'user', 'user',
'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'N', 'N', 'Y', 'Y',
'N', 'N');

Create a random password, using genrpass as an example. The password will need to be around eight characters and probably ought to avoid the single-quote character (') so it won't be a problem entering in the SQL command.

The access granting parts of the database are described by entering either 'Y' (grant) or 'N' (don't grant). In the example above, the permissions are to allow the following (in order of appearance):

  • select rows
  • insert rows
  • update rows
  • delete rows
  • create table
  • drop table
  • index table
  • alter table

Other access bits are for more than the casual user. For information on the additional settings, consult a MySQL database manual.

Use the mysql command to insert the two new rows into the mysql database. Once the rows are created, kick the MySQL server to read in the new grant table by executing mysqladmin reload. Also, create the user's new database by executing the command mysqladmin create user.

Mailing the User

Next, mail the user the information about the newly created MySQL account. Be sure to include a message to have them change the initial password. The document Changing Passwords On Database Servers describes this process. An example message to the user might something like this:

ECN has created an account in the MySQL database. Here is your account information:

Password "YZ0NIIZ2"

Please change your password when you log on. See the document:

for more information.

Documenting The New User

Complete the operation by documenting the new user in the EGAD database. The EGAD database has a table named DBUSER with the following fields:

ColumnName Description
DBUSER_ORACLE_ACCOUNT The MySQL account name (usually lower case)
DBUSER_SID The Oracle SID (always set to "MySQL")
DBUSER_OS_ACCOUNT The UNIX account name (eight characters or less)
DBUSER_DEPARTMENT The site requesting the account
DBUSER_NOTES Any notes about the account
DBUSER_EXPIRATION The expected expiration date


Last modified: 2015/04/27 14:39:38.713940 GMT-4 by curtis.f.smith.1
Created: 2007/10/08 09:47:29.626000 GMT-4 by brian.r.brinegar.1.



Type in a few keywords describing what information you are looking for in the text box below.

Admin Options: Edit this Document