Database Reference
In-Depth Information
Here are some examples. This first example user can login from anywhere because of
the wildcard character,
%
, in the host part. The user's password is: bomber.
CREATE USER 'boyd'@'%' IDENTIFIED BY 'bomber';
The following three examples demonstrate using various host names. The first
specifies the localhost on which means the local server MariaDB is running. The
next specifies a single host. The third uses
%
to specify any subdomain of the
example.net
domain.
CREATE USER 'tom'@'localhost' IDENTIFIED BY 'retail';
CREATE USER 'richard'@'powr.example.net' IDENTIFIED BY 'nuclear';
CREATE USER 'robert'@'%.example.net' IDENTIFIED BY 'pilot';
Instead of hostnames we can also use IP addresses as shown in the following three
examples. The first has an exact IP address identifying a single computer. The second
uses a
%
sign in the last quad of the IP address so any computer where the first three
sets of numbers in the IP address match will be able to connect. The third uses a
subnet mask, but the end result (in this example at least) is the same as the second.
CREATE USER 'dallin'@'192.168.1.1' IDENTIFIED BY 'judge';
CREATE USER 'russell'@'192.168.1.%' IDENTIFIED BY 'surgeon';
CREATE USER 'russell'@'192.168.1.0/255.255.255.0' IDENTIFIED BY
'business';
One benefit to using IP addresses instead of domain names is that no name
resolution or domain validation needs to be made. Such system calls to lookup
and check the validity of domains can be costly and might take time and resources
better spent on other things. To enforce a no domain names policy, add
skip-name-
resolv=1
to the
[mysqld]
section of the
my.cnf
or
my.ini
file.
Complete documentation of the
CREATE USER
statement is available at
https://mariadb.com/kb/en/create-user/
.
Granting permissions
By default, new users do not have permission to do anything except logging
in, which is not very useful. So the next thing we need to do is give them the
permissions they need. This is done using the
GRANT
statement. Using this statement,
we will be able to
GRANT
users the appropriate permissions. The
GRANT
statements
have the following basic pattern:
GRANT <
privileges
> ON <
database
> TO <
user
>;
