Privilege management is an important aspect of managing the security of a MySQL installation. Following the principle of least privilege, a MySQL account should only be granted privileges required to for its legitimate purposes. To facilitate effective privilege management, MySQL 8.0 provides two new privilege-related features: MySQL Roles and Dynamic Privileges.
MySQL roles are named collections of privileges. A user account can be granted roles, which grants to the account the privileges associated with each role. This enables assignment of sets of privileges to accounts and provides a convenient alternative to granting individual privileges, both for conceptualizing desired privilege assignments and implementing them.
For more information about using roles to manage account privileges, see Using Roles.
Dynamic privileges enable DBAs to begin migrating away from the
SUPERprivilege. Many operations covered by
SUPERare associated with a dynamic privilege of more limited scope. Operations that previously required the
SUPERprivilege can be permitted to an account by granting the associated dynamic privilege rather than
SUPER. For example, a user who must be able to modify global system variables can be granted
This change improves security by enabling DBAs to avoid granting
SUPERand tailor user privileges more closely to the operations permitted. The
SUPERprivilege is deprecated and will be removed in a future version of MySQL.