++++

Data Engineering

May 2026×8 min read

Create MySQL users, grant and revoke privileges, and apply least privilege for safer database access.

20. Users and Permissions

Driptanil DattaSoftware Developer

Users and Permissions

Database users control who can connect and what they can do. Good permission design protects data from accidental or unauthorized changes.

CREATE USER "report_user"@"localhost"
IDENTIFIED BY "strong_password_here";

The part before @ is the username. The part after @ is the host the user can connect from.

GRANT SELECT
ON companydb.*
TO "report_user"@"localhost";

This user can read every table in companydb, but cannot insert, update, delete, or alter tables.

GRANT SELECT, INSERT
ON companydb.customers
TO "app_writer"@"localhost";

Use table-level grants when a user only needs part of a database.

Modern MySQL applies many grant changes immediately, but FLUSH PRIVILEGES is still common after direct privilege table changes.

FLUSH PRIVILEGES;

REVOKE INSERT
ON companydb.customers
FROM "app_writer"@"localhost";

Remove a user:

DROP USER "report_user"@"localhost";

SHOW GRANTS FOR "report_user"@"localhost";

Least privilege means each user gets only the permissions needed for their job.

User type	Typical permissions
Dashboard user	`SELECT` only
Application writer	`SELECT`, `INSERT`, `UPDATE`, maybe `DELETE`
Migration user	Schema change permissions such as `CREATE`, `ALTER`, `DROP`
Admin	Full privileges, used rarely

Avoid using the root user in applications. Create specific users for applications, dashboards, and maintenance tasks.