GRANT [privledge type] ON [dbname].[object] TO '[user]'@'[host]'; GRANT ALL ON *.* TO 'kennyl'@'localhost';

So... you can get in the house, but you can go anywhere. Essentially, you can open up a client and log into the server, but you can't do anything unless you are granted access. In the database world you must have acces to each and every object in the database.

Most databases grant access through roles. The user is assigned to a role and therefore gains access to all the objects the role has. When an object is created the access is given to the role. So, when a user is added or removed, they are added to or deleted from the role. The relationship between the roles and the objects stays the same.

However, MySQL doesn't do that. It doesn't have roles. What it does is allow the use of wild cards when granting access. I could grant access to all objects at once with mydb.*. That makes the fact that there is no roles workable. If I wanted to give a user access to all databases and all objects within each database; *.* will do the trick.

The Grant syntax works like this:

There are many priviledge types for a database. ALL, Tables, DELETE, CREATE USER, CREATE TABLE, etc. Most important for tables is SELECT and for stored procedures is EXECUTE.

Example: gives me all access to all things, which is great in dev/test but not in prod:

Check out the GRANT USER man page. It has examples and a lot more explanation on it.