Ansible has official support to managing users and grants through a community maintained module. Click here for documentation. There's more modules to manage different aspects of Mysql, you can definitely do a lot more as code using Ansible. Make sure to read the documentation to know all the features, know every input option and all the use cases supported.

- name: Create user with differente permissions to different databases mysql_user: login_user: mysql_admin login_password: mysql_admin_password name: demo state: present priv: "mydb.*:INSERT,UPDATE/anotherdb.*:SELECT/yetanotherdb.*:ALL" - name: Create read only users for analytics db mysql_user: login_user: mysql_admin login_password: mysql_admin_password name: "{{ item }}" state: present priv: "analytics.*:SELECT" with_items: - user1 - user2 - user3

Why Ansible for managing Mysql users/grants

Ansible is a configuration management tool that provides you the ability to manage your infrastructure as code. It's one of the most popular options and it differs from the more popular Chef and Puppet by managing nodes on push mode instead of having agents pulling changes from the central repository. It's biggest strengths are simple configuration based on YAML, pushing changes on demand via SSH connection, no agents required on the target hosts, only python and an SSH server. Being open source you can find Playbooks and roles for all your needs, most of them will be plug and play, with no changes required from you besides adding the roles to your playbooks.

Why manage users/grants as code?

This is part of the devops movement where you move from having servers that are manually configured and expected to run for years to infrastructure and configuration as code, where any server is easily reproduced via code. This brings the best software engineering practices to the typical SysAdmin work. Any code changes can and should be peer reviewed, and version controlled. Managing changes across multiple environments becomes easier as it's easier to diff simple YAML config files instead of trying to find out the difference between servers. Among many other benefits.