Effective management of users and roles constitutes a critical aspect of database administration, ensuring both security and proper access control. MySQL 8 provides a robust set of features for User and Role Management. This guide explores practical approaches to administer users and roles in MySQL. By the end of this guide, you will be well-versed with creating users, granting privileges, and handling roles for better security and organization of database access in MySQL 8.

Understanding Users and Roles

In MySQL, a user is an account that you can use to connect to the database. Each user has certain privileges that define the user’s abilities to interact with the database. A role is a named collection of privileges that can be assigned to users. Using roles helps in assigning predefined privileges to users conveniently.

Creating a New User

CREATE USER 'username'@'host' IDENTIFIED BY 'password';

This command creates a new user with the specified username and password. Replace username and password with your desired values, and host with the hostname from which the user connects.

Granting Privileges to a User

GRANT SELECT, INSERT ON database.table TO 'username'@'host';

This statement grants the SELECT and INSERT privileges on a given table within a database to the user.

Revoking Privileges

REVOKE SELECT ON database.table FROM 'username'@'host';

To revoke privileges from a user, use the REVOKE statement followed by the privilege to remove.

Creating and Assigning Roles

In MySQL 8, roles simplify permission management. Let’s see how to create a role and assign privileges to it.

CREATE ROLE 'rolename';
GRANT SELECT, INSERT ON database.table TO 'rolename';
GRANT 'rolename' TO 'username'@'host';

This snippet creates a role, assigns privileges to that role, and then grants the role to a user.

Managing Passwords and Authentication

Security in user management is not complete without proper password and authentication controls. MySQL 8 provides features to help.

Setting Password Expiration Policy

ALTER USER 'username'@'host' PASSWORD EXPIRE INTERVAL 90 DAY;

This enforces a policy where the user must change their password every 90 days.

Using Strong Password Encryption

ALTER USER 'username'@'host' IDENTIFIED WITH caching_sha2_password BY 'password';

MySQL 8 supports a strong password encryption plugin, which this command utilizes to set the user’s password with the SHA-2 encryption mechanism.

Configuring Resource Limits

MySQL allows administrators to limit the resources a user can utilize, preventing overuse of database resources.

Setting Resource Limits

GRANT USAGE ON *.* TO 'username'@'host' WITH MAX_QUERIES_PER_HOUR 100 MAX_CONNECTIONS_PER_HOUR 10;

With this, the user’s query and connection rates are restricted.

Deleting Users and Roles

Cleaning up users and roles that are no longer needed is just as important as setting them up.

Remove a User

 DROP USER 'username'@'host';

This statement deletes a user from MySQL.

Remove a Role

 DROP ROLE 'rolename';

Execute this statement to delete a role.

Best Practices for User and Role Management

Follow best practices such as the principle of least privilege, using roles to manage permissions, and regularly auditing user privileges to maintain database security.

Auditing User Privileges

SHOW GRANTS FOR 'username'@'host';

Review a user’s granted privileges with this command.

Conclusion

User and role management in MySQL 8 are powerful ways to maintain a secure and organized database environment. By incorporating the concepts and commands discussed in this guide, you can effectively handle privileges, requiring appropriate access and enhancing the security posture of your MySQL databases.

Next Article: How to install/update MySQL on Windows

Previous Article: Best practices for naming tables and columns in MySQL 8

Series: MySQL Tutorials: From Basic to Advanced

MySQL