How to list users in MySQL or MariaDB

Listing accounts in MySQL or MariaDB is one of the quickest ways to confirm who can sign in, which hosts those logins are allowed from, and which entries still exist after application, server, or staff changes. It is also a practical first check when you are investigating failed authentication attempts or auditing overly broad access.

Both products identify an account by the full User and Host pair rather than by username alone, so 'appuser'@'localhost' and 'appuser'@'192.0.2.15' are different accounts with different access. In current MariaDB releases, mysql.user is a compatibility view over mysql.global_priv, but querying mysql.user for User and Host remains the familiar cross-version way to list accounts.

Reading mysql.user usually requires an administrative account or another account that can read the mysql system schema, and managed services can restrict that direct access. In MySQL 8.4, '%' and '_' host wildcards are deprecated, so treat them as legacy patterns when they appear in older account entries and prefer explicit hosts or supported netmask syntax for new accounts.

Steps to list users in MySQL or MariaDB:

Connect to the server with the mysql or mariadb client using an account that can read mysql.user.

$ mysql --user=root --password
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 42
Server version: 8.4.8 MySQL Community Server - GPL

Copyright (c) 2000, 2026, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

MariaDB packages may provide the client as

$ mariadb --user=root --password

instead. On socket-authenticated installations,

$ sudo mysql

$ sudo mariadb

can replace a password prompt for local administrative access.

List each account as a User and Host pair.

mysql> SELECT User, Host FROM mysql.user ORDER BY User, Host;
+------------------+---------------------+
| User             | Host                |
+------------------+---------------------+
| appuser          | 192.0.2.15          |
| appuser          | localhost           |
| mysql.infoschema | localhost           |
| mysql.session    | localhost           |
| mysql.sys        | localhost           |
| reporting        | dbadmin.example.net |
| root             | %                   |
| root             | localhost           |
+------------------+---------------------+
8 rows in set (0.00 sec)

An account is the full User@Host identity, so repeated usernames represent separate accounts. One-shot shell form:

$ mysql --user=root --password --table --execute="SELECT User, Host FROM mysql.user ORDER BY User, Host;"

In MariaDB 10.4 and later, mysql.user is a compatibility view over mysql.global_priv, so the same query still returns the account list.

Filter the list when you need to inspect one username across multiple hosts.

mysql> SELECT User, Host FROM mysql.user WHERE User = 'appuser' ORDER BY Host;
+---------+------------+
| User    | Host       |
+---------+------------+
| appuser | 192.0.2.15 |
| appuser | localhost  |
+---------+------------+
2 rows in set (0.00 sec)

If this query returns more than one row, keep the exact Host value with the username for every follow-up command.

Generate copy-ready account identifiers for privilege and cleanup commands.

mysql> SELECT CONCAT(QUOTE(User), '@', QUOTE(Host)) AS account
    -> FROM mysql.user
    -> WHERE User = 'appuser'
    -> ORDER BY Host;
+------------------------+
| account                |
+------------------------+
| 'appuser'@'192.0.2.15' |
| 'appuser'@'localhost'  |
+------------------------+
2 rows in set (0.00 sec)

These quoted values paste directly into SHOW GRANTS, ALTER USER, and DROP USER commands.

Avoid selecting authentication_string, Password, or other credential fields during routine audits, especially on shared terminals or in saved logs.

Show the grants for the exact account entry you want to inspect.
```
mysql> SHOW GRANTS FOR 'appuser'@'192.0.2.15';
+-----------------------------------------------------------+
| Grants for appuser@192.0.2.15                             |
+-----------------------------------------------------------+
| GRANT USAGE ON *.* TO `appuser`@`192.0.2.15`              |
| GRANT SELECT ON `appdb`.* TO `appuser`@`192.0.2.15`       |
+-----------------------------------------------------------+
2 rows in set (0.00 sec)
```
Use the exact 'user'@'host' value from the list. In both MySQL and MariaDB, omitting the host in SHOW GRANTS FOR defaults it to '%', which can inspect the wrong account when the same username exists more than once.

MySQL 8.4 now expands powerful global grants into explicit privilege lists instead of returning a single ALL PRIVILEGES line, so administrative accounts can produce much longer output than older examples show.
Exit the client when you are finished auditing accounts.
```
mysql> exit
Bye
```
If SELECT User, Host FROM mysql.user returns an access error, reconnect with a more privileged account or use your provider's account-management interface when direct reads from the mysql system schema are restricted.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.