Permissions and Security Under MySQL
First, if this database will hold any sensitive information, you need a password to access the root account. Otherwise, anyone can change and grant permissions on every database and table inside MySQL without a password.
To do this, issue the following commands from the console:
mysqladmin -uroot password <password>
Here, <password> is the password that you want to assign to the root user.
Access can be controlled on a site, database, or table basis to a combination of specific users, hosts, and users at hosts.
Users are not explicitly created, but are created using grant statements. For example, now that you have a database called TestDB, create a user called DbUser who has permission to read, but not write ...