Essentials

The  BL Flow product requires defaults to using the root user that always exists in the MySQL installation. Recent versions of MySQL server install without access to the root user from outside the localhost (i.e. it cannot be used from any other server except its own.) To support this secure choice the Flow installer for Chameleon creates 2 users for our apps to connect with - Player and Updater. 

...

Further to this Flow has a configuration preference value that can be set that allows other BL apps to connect to the correct database server when they aren't running on the database server. It is the System > Database Location for Apps setting,

-- to use the default password authentication method
CREATE USER 'Player'@'%' IDENTIFIED BY 'password';
CREATE USER 'Blade'@'%' IDENTIFIED BY 'password';
CREATE USER 'Updater'@'%' IDENTIFIED BY 'password';

-- to use the new caching_sha2_password instead add a WITH clause like:
-- CREATE USER 'Player'@'%' IDENTIFIED WITH caching_sha2_password BY 'password';

GRANT SELECT ON `chameleon`.* TO 'Player'@'%';
GRANT SELECT ON `chameleon`.* TO 'Blade'@'%';
GRANT SELECT, UPDATE, INSERT, DELETE ON `chameleon`.* TO 'Updater'@'%';

Replication Privileges

In situations where you want to use replication to provide a ongoing backup source you need a user with specific privileges.

...

If dumping all databases at once

• SHOW DATABASES

If pulling master data from a server

• RELOAD

Flow User Sample

Create a user with all the necessary privileges to install and run Flow for Chameleon. SUPER privilege is not required assuming server is configured correctly (need log_bin_trust_function_creators=1 set when bin logging enabled.) The use of 127.0.0.1 instead of localhost below is used to enable connecting to a second instance of MySQL on a non-default port. If you use localhost the MySQL command line interface ignores any other port specification and always uses the default 3306 port.

...