How to delete a user in MariaDB or MySQL

Removing unused database accounts reduces the blast radius of leaked credentials and keeps access lists accurate. In MariaDB and MySQL, accounts can linger long after an application or team has moved on, leaving an unnecessary login path into production.

User accounts are global to the server and are identified by both a username and a host matcher (for example 'app'@'10.%'). Grants attach to that user@host identity, and DROP USER removes the account record along with its privileges.

Deleting the wrong account breaks authentication immediately for new connections, so confirming the exact User and Host pair matters more than typing speed. Existing sessions may continue until disconnect, and replicated environments should run account changes on the primary so they propagate correctly.

Steps to remove a user in MariaDB or MySQL:

Connect to the server with an administrative login.

$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 8.0.36 Source distribution
##### snipped #####
mysql>

Switch to the mysql system schema.
```
mysql> USE mysql;
DATABASE changed
```
Account rows live in mysql.user, and accounts apply server-wide rather than per database.

List the account entries that match the target username.

mysql> SELECT USER, Host FROM USER WHERE USER = 'testuser';
+----------+-----------+
| USER     | Host      |
+----------+-----------+
| testuser | localhost |
| testuser | %         |
+----------+-----------+
2 ROWS IN SET (0.00 sec)

'testuser'@'localhost' and 'testuser'@'%' are different accounts, and each entry requires an explicit DROP USER.

Review privileges for each matching account entry before deletion.

mysql> SHOW GRANTS FOR 'testuser'@'%';
+-------------------------------------------------------+
| Grants FOR testuser@%                                 |
+-------------------------------------------------------+
| GRANT USAGE ON *.* TO 'testuser'@'%'                  |
| GRANT SELECT, INSERT ON `appdb`.* TO 'testuser'@'%'   |
+-------------------------------------------------------+
2 ROWS IN SET (0.00 sec)

Delete the account entries with DROP USER using the exact 'user'@'host' values.
```
mysql> DROP USER IF EXISTS 'testuser'@'localhost', 'testuser'@'%';
Query OK, 0 ROWS affected (0.01 sec)
```
Applications using this login will fail on the next connect, and existing sessions can remain active until disconnect.
Verify the user no longer appears in mysql.user.
```
mysql> SELECT USER, Host FROM USER WHERE USER = 'testuser';
Empty SET (0.00 sec)
```
FLUSH PRIVILEGES is unnecessary after DROP USER unless grant tables were modified manually.

Confirm authentication fails for the removed account from a new session.

$ mysql -u testuser -p
Enter password:
ERROR 1045 (28000): Access denied for user 'testuser'@'localhost' (using password: YES)

Exit the mysql client.
```
mysql> EXIT;
Bye
```

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.