DROP USER statement removes
one or more MySQL accounts. An error occurs for accounts that do
not exist. To use this statement, you must have the global
CREATE USER privilege or the
DELETE privilege for the
Each account name uses the format described in Section 6.2.3, “Specifying Account Names”. For example:
DROP USER 'jeffrey'@'localhost';
If you specify only the user name part of the account name, a
host name part of
'%' is used.
DROP USER as present in MySQL
5.0.0 removes only accounts that have no privileges. In MySQL
5.0.2, it was modified to remove account privileges as well.
This means that the procedure for removing an account depends on
your version of MySQL.
As of MySQL 5.0.2, you can remove an account and its privileges as follows:
The statement removes privilege rows for the account from all grant tables.
Before MySQL 5.0.2,
serves only to remove account rows from the
user table for accounts that have no
privileges. To remove a MySQL account completely (including all
of its privileges), you should use the following procedure,
performing these steps in the order shown:
However, an account with no password is insecure. To avoid
SET PASSWORD to set
the account password.
REVOKE to revoke the
privileges displayed by
GRANTS. This removes rows for the account from all
the grant tables except the
and revokes any global privileges listed in the
user table. See Section 18.104.22.168, “GRANT Syntax”.
Delete the account by using
USER to remove the
DROP USER does not
automatically close any open user sessions. Rather, in the
event that a user with an open session is dropped, the
statement does not take effect until that user's session is
closed. Once the session is closed, the user is dropped, and
that user's next attempt to log in will fail. This
is by design.
DROP USER does not automatically
drop or invalidate databases or objects within them that the old
user created. This includes stored programs or views for which
DEFINER attribute names the dropped user.
Attempts to access such objects may produce an error if they
execute in definer security context. (For information about
security context, see
Section 18.5, “Access Control for Stored Programs and Views”.)