Essentials

The  BL Flow product uses the root MySQL user by default during installation. The newer versions of MySQL server install without access to the root user from outside the localhost (i.e. it cannot be used from any other server except its own.) To support this secure choice the Flow installer for Chameleon creates users for our apps to connect with - Blade, Player, Updater and FLOW. 

...

-- check if user exists
SELECT EXISTS(SELECT 1 FROM `mysql`.`user` WHERE `user` = 'blbackup' AND `host` = '%') AS 'BackupUserExists 1=Yes';

-- create the user if it doesn't exist
CREATE USER 'blbackup'@'%' IDENTIFIED BY AS 'pwd-hashed';

-- Add a WITH clause if necessary:  WITH caching_sha2_password  
-- it goes after IDENTIFIED:        WITH mysql_native_password
-- if not specified it uses the system default password format 

-- grant privileges to user (can be more limited if you prefer - see notes below)
GRANT REPLICATION SLAVE ON *.* TO 'blbackup'@'%';
GRANT REPLICATION CLIENT ON *.* TO 'blbackup'@'%';
GRANT 
	SELECT,
	PROCESS,
	SHOW VIEW,
	EVENT,
	TRIGGER,
	SHOW DATABASES,
	RELOAD
	ON *.* TO 'blbackup'@'%';
	
-- MySQL 8 added requirement for the PROCESS priv

Replication User for essential replication support

...

If you want to use this user for dumping the data from the server it will need additional privileges.

• SHOW VIEW

• PROCESS (as of MySQL 8.x)

• EVENT

• TRIGGER

...

• SHOW DATABASES

...

• RELOAD

Flow User Sample

Create a user with all the necessary privileges to install and run Flow for Chameleon. SUPER privilege is not required assuming server is configured correctly (need log_bin_trust_function_creators=1 set when bin logging enabled.) The use of 127.0.0.1 instead of localhost below is used to enable connecting to a second instance of MySQL on a non-default port. If you use localhost the MySQL command line interface ignores any other port specification and always uses the default 3306 port.

...