# Create a user
CREATE USER 'new_user'@'localhost' IDENTIFIED BY 'password';
# Create a role
CREATE ROLE 'new_role';
# Create group:
#In MySQL, there is no built-in concept of a "group". Instead, you can create a role and add multiple users to it to achieve similar functionality.
# Grant access to a role for a user
GRANT 'new_role' TO 'existing_user'@'localhost';
# Grant access to a role for a group
GRANT 'new_role' TO 'existing_user_1'@'localhost', 'existing_user_2'@'localhost';
# Revoke access to a role for a user
REVOKE 'new_role' FROM 'existing_user'@'localhost';
# Revoke access to a role for a group
REVOKE 'new_role' FROM 'existing_user_1'@'localhost', 'existing_user_2'@'localhost';
# See all available users
SELECT User FROM mysql.user;
# See all available roles
SELECT * FROM mysql.role_edges;
# See all available groups
#In MySQL, there is no built-in concept of a "group". Instead, you can query the "mysql.role_edges" system
# Delete a user
DROP USER 'existing_user'@'localhost';
# Delete a role
DROP ROLE 'existing_role';
# Delete a group
# In MySQL, there is no built-in concept of a "group".
# Change user password
ALTER USER 'existing_user'@'localhost' IDENTIFIED BY 'new_password';
# Enable expiration time on role for a user
ALTER USER 'existing_user'@'localhost' WITH PASSWORD EXPIRE INTERVAL 90 DAY;
# Enable expiration time on role for a group
ALTER USER 'existing_user_1'@'localhost', 'existing_user_2'@'localhost' WITH PASSWORD EXPIRE INTERVAL 90 DAY;
# Enroll a user in a group
GRANT 'existing_role' TO 'existing_user'@'localhost';
# Remove user from a group
REVOKE 'existing_role' FROM 'existing_user'@'localhost';
# grant user to execute procedure
GRANT EXECUTE ON PROCEDURE mydb.myproc TO 'existing_user'@'localhost';