### MySQL Account
MySQL client connects to the database and runs queries using an account. An account consists of a username and host. The host information tells us what machine the connection can be made from.

In [2]:
# %%
%load_ext sql

# %%
%sql mysql+mysqldb://root:root@localhost

'Connected: root@None'

In [3]:
%%sql

SELECT user, host FROM mysql.user

 * mysql+mysqldb://root:***@localhost
   mysql+mysqldb://root:***@localhost/employees
5 rows affected.


user,host
root,192.168.0.106
mysql.infoschema,localhost
mysql.session,localhost
mysql.sys,localhost
root,localhost


Considering the root username, following figure holds true:

![Users connecting](https://i.imgur.com/awhMXbG.png)

To allow `developer.com` access to the database, we need to create a new account

In [None]:
%%sql

CREATE USER 'root'@'developer.com' IDENTIFIED BY 'user_pa$$w0rd'

We can also allow an account that will allow clients to access from anywhere (% symbol in host would mean everywhere)

In [None]:
%%sql

CREATE USER 'everywhere'@'%' IDENTIFIED BY 'pa$$w0rd' -- #or just omit the @'%' part

![New user added](https://i.imgur.com/NwDJPaH.png)  
Newly created users have no permission, we need to provide it permission using `GRANT`.

### Granting Permissions
MySQL has a fairly complex system of privileges ranging from database admin tasks to table, rows and column level permissions. The `GRANT` statement is used to provide permission to a user and it looks like:
```SQL
GRANT privilege [,privilege],.. 
ON privilege_level -- Table, Database, Column, etc
TO account_name;
```

For example if we want to provide select and insert access to a user john for sales database, (provided that the current user has GRANT privilege):
```SQL
GRANT SELECT, INSERT
ON sales.*
TO john@localhost;
```

The `ALL` privilege is similar to superuser, `ALL` grants all privilege except for `GRANT` privilege. In order to provide `GRANT` privilege too:
```SQL
GRANT ALL 
ON *.* 
TO super@localhost
WITH GRANT OPTION;
```

Some privileges have other privileges as prerequisite. Grant can be given on the following levels:  

![Grant levels](https://www.mysqltutorial.org/wp-content/uploads/2019/09/MySQL-Grant-Privilege-Level.png)

Some examples:
**Global:**
```SQL
GRANT SELECT 
ON *.* 
TO bob@localhost;
```

**Database:**
```SQL
GRANT INSERT 
ON classicmodels.* 
TO bob@localhost;
```

**Table:**
```SQL
GRANT DELETE 
ON classicmodels.employees 
TO bob@localhsot;
```

**Column:**
```SQL
GRANT 
   SELECT (employeeNumner,lastName, firstName,email), 
   UPDATE(lastName) 
ON employees 
TO bob@localhost;
```

**Stored Proc**
```SQL
GRANT EXECUTE 
ON PROCEDURE CheckCredit 
TO bob@localhost;
```

To view all privileges assigned to a user:

In [4]:
%%sql

SHOW GRANTS FOR root@localhost

 * mysql+mysqldb://root:***@localhost
3 rows affected.


Grants for root@localhost
"GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`localhost` WITH GRANT OPTION"
"GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `root`@`localhost` WITH GRANT OPTION"
GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION
