root should have full privileges (including create user).
So if you want to create a new account with similar privileges, run your CREATE USER statement, then grant the privileges:
GRANT ALL ON database.table TO 'username'@'connection_name';
Okay, so the above seems confusing, and it is on some level, which is why I typically recommend using phpMyAdmin. That makes it much easier as it is GUI based. However, it isn’t too difficult to figure out.
So the first part, “database.table”: You can specify which database and a specific table to grant permissions to for a given account. You can also specify ALL tables within a database using database.*, or you can specify ALL databases and ALL tables using .
The latter part, “‘username’@‘connection_name’”. You can specify which user is getting these privileges and what privileges they get based on how they connected to the server. The username is self explanatory, put the new account name there. The connection name is a bit trickier, but you can think of it this way: There are a variety of connection strings you can use to connect to MySQL, you can use “localhost”, or 127.0.0.1, or the physical IP of your server 124.35.43.12, or even the host name of the server hosting your MySQL mysql.mydomain.com, or % to denote all possible ways of connecting.
You can grant specific privileges based on which of those connection strings the user uses. So for example, if you are hosting your own web application and MySQL and Apache are installed on the same server, I’d personally start with “localhost”, so you’d grant the permission to username@Localhost; however, future proofing would incline me to tell you to setup the DNS entry for mysql.mydomain.com and use that. This way, if you ever move MySQL to a different server, your code doesn’t change (as it is already using that connection string).
So why does MySQL let you assign privileges based on a connection? I’m not sure this is the correct answer, but I imagine it is from a security perspective. In short, I can give greater privileges to those using that account within my network, as I can define a local IP or localhost and thus detect they are working inside my network. I can then give out less privileges to those using mysql.mydomain.com or the external IP 124.35.43.12 so if the user gets compromised, it can’t take down the database/server.
Personally, I think this is a crappy implementation. I would never personally use the same username/credentials for an external application and an internal application. They would either 1) go through a RESTful service or 2) use different accounts. I just don’t see the usefulness in MySQL working this way with its privileges…
I know a lot of that probably went over your head (I apologize for that – so feel free to ask questions if I just made you concerned with anything else), but hopefully this gave you some insight to the privilege system of MySQL.