COURSE: MySQL Server Administration

LAB D – MYSQL USERS

Lab D – MySQL Users

Objective: Management of Users Accounts.

In this lab, you perform the following tasks:

1. List MySQL Users and Users Information.

2. Account Management Statements.
3. Assign permissions and Test restrictions.
4. Discussion.

Task 1: List MySQL Users and Users Information.

-Open a Session of MySQL 5.5 Command Line Client, with user: root and type your password (Pa$$w0rd).

-Type this SQL query to see list of mysql users:

mysql> SELECT User FROM mysql.user;

Page 1 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

-The above command trims of “User” table and lists only user names.

-List of MySQL user information, including user permission information and all users data, type the
following command and press Enter:

mysql> select * from mysql.user;

You will see that the Output without no order.

Page 2 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

-Try this other variations about queries from mysql.user and compare the difference.

OptionA:

mysql> select User, Host from mysql.user;

OptionB:

mysql> select User, Host, Password from mysql.user;

OptionC:

mysql> select DISTINCT User FROM mysql.user;

¿What can you view in the Result of Option A? ¿What is the format of the Output?

¿What can you view in the Result of Option B? ¿What is the format of the Output?

¿What can you view in the Result of Option C? ¿What is the format of the Output?

-Try the next command:

mysql> desc mysql.user;

¿What Type of info can you review in the Result?

¿What Fields have the OutPut?

Page 3 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

-To see what grants bloguser have, enter:

mysql> SHOW GRANTS FOR ‘root’@’localhost’;

Task 2: Account Management Statements.

→CREATE USER.

NOTE: (You must Read it)

The CREATE USER statement creates new MySQL accounts. An error occurs if you try to create an account
that already exists.

To use CREATE USER, you must have the global CREATE USER privilege, or the INSERT privilege for the
mysql system database. When the read_only system variable is enabled, CREATE USER additionally
requires the SUPER privilege.

For each account, CREATE USER creates a new row in the mysql.user system table with no privileges and
assigns the account an authentication plugin. Depending on the syntax used, CREATE USER may also assign
the account a password.

An account when first created has no privileges. To assign privileges, use the GRANT statement.

To specify a password for an account at account-creation time, use IDENTIFIED BY with the literal cleartext
password value, Type the following command and Press Enter (Replace the USER for your NAME):

mysql> CREATE USER 'USER'@'localhost' IDENTIFIED BY 'password';

Page 4 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

The server assigns an authentication plugin to the account implicitly, as described previously, and assigns
the given password. Clients must provide the given password when they connect. (DON’t Close the actual
MySQL Session)

Now, probe your user account by open a new MySQL Console. Open a Command Line Session or CMD.

Type the access for your user, with the following command and press Enter (in the NAME use the Value
configured previously and the server-name-here put localhost):

>mysql -u NAME -h server-name-here -p mysql

Page 5 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Enter your password configure value (password) and press Enter:

Page 6 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

You will receive an ERROR message for Access denied, because the user need privileges by GRANT.

Review the existence for user in the server, in your MySQL Console Type:

mysql> Select User FROM mysql-user;

You will review the user with your NAME in the mysql.user table.

Page 7 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

→GRANT.

Now, you will provide permissions to your user, in the MySQL Console Type (replace the NAME with your
User value):
mysql> GRANT ALL ON *.* TO 'NAME'@'localhost'; (NOTE *.* it’s the same permissions like a root user)

Now test again your access in the Command Line Windows Console, Repeat the Command (in the NAME
use the Value configured previously and the server-name-here put localhost):
>mysql -u NAME -h server-name-here -p mysql

Now, you can access to MySQL Server with your User Name.

Page 8 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Review the GRANT privileges in your user, type the command and press Enter:

mysql> SHOW GRANTS FOR ‘NAME WITH LOWERCASE LETTER’@’localhost’;

mysql> SHOW GRANTS FOR ‘NAME WITH UPPERCASE LETTER’@’localhost’;

NOTE that the NAME of your user is CASE SENSITIVE, then victor ≠ VICTOR.

→REVOKE.

The REVOKE statement enables system administrators to revoke privileges from MySQL accounts.
When the read_only system variable is enabled, REVOKE requires the SUPER privilege in addition to any
other required privileges described in the following discussion.Exit from your user created.
Open a MySQL Console using root user and Type the following command:

mysql> REVOKE ALL ON *.* FROM ‘VICTOR’@’localhost’;

Page 9 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Now try to access using the user that you have created, Open a Command Line Windows console and Type
the following command:

>mysql -u VICTOR -h localhost -p

>Use sakila;
>SELECT user FROM mysql.user;

You can notice that the user loss any permission assigned before by GRANT.

Disconnect the actual session and Type Exit then press Enter.

Page 10 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Return to your MySQL Console and Assign full permissions to your user again, type the following command
and press Enter:
mysql> GRANT ALL ON *.* TO 'VICTOR'@'localhost';

Probably you need to wait 5 min aprox to MySQL refresh the User Account permission.
Now probe with your user, Open a Windows Command Line and connect with your user account, Type
the following command and press Enter:
>mysql -u VICTOR -h localhost -p mysql
>Use sakila;
>SELECT user FROM mysql.user;

Page 11 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Disconnect the actual session and Type Exit then press Enter.
Return to MySQL Console and Revoke a SELECT permission from that user, Type the following command
and press Enter:
mysql> REVOKE SELECT ON *.* FROM ‘VICTOR’@’localhost’;

Now try to access using the user that you have created, Open a Command Line Windows console and
Type the following command:
>mysql -u VICTOR -h localhost -p
>Use sakila;
>SELECT * FROM rental;
>SELECT User FROM mysql.user;

Page 12 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Disconnect the actual session and Type Exit then press Enter.

→RENAME USER.

The RENAME USER statement renames existing MySQL accounts. An error occurs for old accounts that do
not exist or new accounts that already exist.

To use RENAME USER, you must have the global CREATE USER privilege, or the UPDATE privilege for the
mysql system database. When the read_only system variable is enabled, RENAME USER additionally
requires the SUPER privilege.

Return to your MySQL Session and Type the following command, then press Enter:

mysql> RENAME USER ‘VICTOR’@’localhost’ TO VIBLA;

NOTE: In your case you will change the values like you choice it. For the example:

-OLD USER: VICTOR

-NEW USER: VIBLA

Page 13 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Now Open a Windows Command Line, and use the user with changes, in this case:
>mysql -u VIBLA -h localhost -p

Disconnect the actual session and Type Exit then press Enter.

→SET PASSWORD.
The SET PASSWORD statement assigns a password to a MySQL user account, specified as either a cleartext
(unencrypted) or encrypted value.
Open your MySQL Console and connect with root user, then type the following command:
mysql> SET PASSWORD FOR VIBLA = PASSWORD(‘123456’);

Page 14 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Then Open a Windows Command Line Session, type the following command and use the actual password
value (123456):
>mysql -u VIBLA -h localhost -p

NOTE:
You can change the password it depends of name of user, the format can be:
mysql> SET PASSWORD FOR VIBLA = PASSWORD(‘123456’);
mysql> SET PASSWORD FOR ‘VICTOR’@’localhost’ = PASSWORD(‘123456’);

→DROP USER.

The DROP USER statement removes one or more MySQL accounts and their privileges. It removes privilege
rows for the account from all grant tables. An error occurs for accounts that do not exist.
To use DROP USER, you must have the global CREATE USER privilege, or the DELETE privilege for the mysql
system database. When the read_only system variable is enabled, DROP USER additionally requires the
SUPER privilege.

For this we must to create 3 new users and assign FULL privileges:

USER Privileges
USERTEST_A FULL *.*
USERTEST_B FULL *.*
USERTEST_C FULL *.*

Page 15 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Open a MySQL Console and login with root user account, then type the following commands:

mysql> CREATE USER ‘USERTEST_A’@’localhost’ IDENTIFIED BY ‘password’;

mysql> CREATE USER ‘USERTEST_B’@’localhost’ IDENTIFIED BY ‘password’;
mysql> CREATE USER ‘USERTEST_C’@’localhost’ IDENTIFIED BY ‘password’;
mysql> GRANT ALL ON *.* TO ‘USERTEST_A’@’localhost’;
mysql> GRANT ALL ON *.* TO ‘USERTEST_B’@’localhost’;
mysql> GRANT ALL ON *.* TO ‘USERTEST_C’@’localhost’;

Then list your MySQL Users, type the following command and press Enter:
mysql> SELECT User FROM mysql.user;

Page 16 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Then DROP the USERTEST_A, type the following command and Press Enter:
mysql> DROP USER ‘USERTEST_A’@’localhost’;

Review that User isn’t on your user list any more. Type the following command and press Enter:

mysql> SELECT User FROM mysql.user;

Just the USERTEST_B and USERTEST_C conserve the accounts.

Page 17 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Then DROP this two Users USERTEST_A and USERTEST_B in the same line, type the following command
and Press Enter:
mysql> DROP USER ‘USERTEST_B’@’localhost’, ‘USERTEST_C’@’localhost’;

Review that this two Users isn’t on your user list any more. Type the following command and press Enter:

mysql> SELECT User FROM mysql.user;

Page 18 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Task 3: Assign permissions and Test restrictions.

Now, you will create 3 users accounts and test the differences.

USER Restriction
USER1 Only access to Sakila database.
USER2 Only access to table “payment” and SELECT request in Sakila database.
USER3 Access FULL but with MAX Queries per hour iqual to 10.

Open a MySQL Session with root user. Type the following commands and probe the restrictions.

mysql> CREATE USER ‘USER1’@’localhost’ IDENTIFIED BY ‘password’;

mysql> CREATE USER ‘USER2’@’localhost’ IDENTIFIED BY ‘password’;

mysql> CREATE USER ‘USER3’@’localhost’ IDENTIFIED BY ‘password’;

mysql> GRANT ALL ON sakila.* TO ‘USER1’@’localhost’;

mysql> GRANT SELECT ON sakila.payment TO ‘USER2’@’localhost’;

mysql> GRANT ALL ON *.* TO ‘USER3’@’localhost’;

mysql> GRANT USAGE ON *.* TO ‘USER3’@’localhost’ WITH MAX_QUERIES_PER_HOUR 10;

Check the result for any command, Query OK. That’s validate the execution.

Page 19 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Now. Connect with USER 1 and validate the restrictions. Open a Command Line Windows Console and
Type the Credentials for USER 1.

>mysql -u USER1 -h localhost -p

Now test the restriction, Type the command:

mysql> USE sakila;

mysql> SHOW TABLES;

Note that you can access to Sakila Database and all tables in the Database schema.

Page 20 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Type the command:

mysql> SELECT User FROM mysql.user;

Note that you can’t access to mysql.user Database Table. The RESTRICTION IS VALID.
Disconnect the actual session and Type Exit then press Enter.
Now. Connect with USER 2 and validate the restrictions. Open a Command Line Windows Console and
Type the Credentials for USER 2.

>mysql -u USER2 -h localhost -p

Page 21 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Now test the restriction, Type the command:

mysql> USE sakila;

mysql> SHOW TABLES;

Note that you can only access to payment table. The RESTRICTION IS VALID.
Disconnect the actual session and Type Exit then press Enter.
Now. Connect with USER 3 and validate the restrictions. Open a Command Line Windows Console and
Type the Credentials for USER 3.

>mysql -u USER2 -h localhost -p

Page 22 of 23
 COURSE: MySQL Server Administration
LAB D – MYSQL USERS

Now test the restriction, Type the command: (REPEAT THE SENTENCE MORE THAN 10 Times)

mysql> SELECT User FROM mysql.user;

Note that when you exceed the 10 times you can’t execute another SELECT request in the same hour
range, you need to wait 1 hour to use another SELECT sentence.
The RESTRICTION IS VALID.
Disconnect the actual session and Type Exit then press Enter.

Task 4: Discussion.
Answer this questions:

1.What command you will use to assign permissions to users?

2.What command you will use to display the list from users?

3.What command you will use to change password for users?

4. What attribute you will use to assign FULL privileges to user?

5.What attribute you will use if you need to restrict the number of query’s with time range for user?

Page 23 of 23