In information security, the principle of least privilege recommends that a user, system, or application should only have the minimum level of access needed to perform their tasks.

In MySQL, the root account should be reserved for administrative tasks only, and everyday operations should be carried out using accounts with limited, role-specific privileges.

Generally, using an account with full administrative privileges is not recommended as it often leads to severe breaches and damages on both the database structure and its data.

In short, creating users with limited privileges helps to enhance security, reduce the risk of errors, ensure compliance, and maintain better control over your MySQL environment.

Managing user accounts

To manage user accounts and privileges, you will need to initially connect to the database instance using an account with full administrative privileges, such as the root account:

$ mysql -u root -p

Note: The password of the root account is by default set to root.

Creating a new user

To create a new user account, you can use the CREATE USER keywords:

CREATE USER 'username'@'host' IDENTIFIED BY 'password';

Where:

• 'username' is the name of the new user account.