MySQL Error 1211 occurs when a user attempts to create a new user account but lacks the required CREATE USER privilege. This commonly happens in MySQL 8.0+ when using GRANT statements to implicitly create users, which is no longer supported. Fix it by explicitly creating the user first with CREATE USER, then granting privileges separately.
ERROR 1211 (ER_NO_PERMISSION_TO_CREATE_USER) is a privilege error that prevents a MySQL user from creating new user accounts. This error message indicates that the user executing the CREATE USER statement does not have the necessary global privilege to create new users. Unlike earlier MySQL versions where users could be implicitly created through GRANT statements, MySQL 8.0 and later require an explicit two-step process: first create the user with CREATE USER, then grant privileges with GRANT. Additionally, the user attempting to create new users must either be the root user or have been explicitly granted the CREATE USER privilege on all databases (*.*).
Connect to MySQL as root or an admin user and check what privileges the user attempting to create new users actually has:
SHOW GRANTS FOR 'username'@'hostname';Look for GRANT ALL PRIVILEGES ON *.* or specifically CREATE USER ON *.*. If the output shows GRANT ... ON database_name.* (database-level only), the user does not have the global CREATE USER privilege needed to create new users.
If the user needs to create new users, grant them the global CREATE USER privilege:
GRANT CREATE USER ON *.* TO 'username'@'hostname';
FLUSH PRIVILEGES;Verify the privilege was granted:
SHOW GRANTS FOR 'username'@'hostname';The output should now include a line like:
GRANT CREATE USER ON *.* TO 'username'@'hostname'In MySQL 8.0 and later, you must create users explicitly using CREATE USER before granting them privileges. The two-step process is required:
Step 1: Create the user
CREATE USER 'new_user'@'localhost' IDENTIFIED BY 'password123';Step 2: Grant privileges to the user
GRANT SELECT, INSERT, UPDATE, DELETE ON myapp_database.* TO 'new_user'@'localhost';
FLUSH PRIVILEGES;Do NOT try to use GRANT to implicitly create the user (this worked in older MySQL versions but no longer works in MySQL 8.0+):
-- This no longer works in MySQL 8.0+
GRANT SELECT ON myapp_database.* TO 'new_user'@'localhost' IDENTIFIED BY 'password';If you are using AWS RDS, Azure Database for MySQL, or similar managed services, the root/master user has limited privileges and cannot grant CREATE USER privilege to other users. You must use the master account directly to create new users:
-- Connect as the master user (e.g., admin@localhost for RDS)
CREATE USER 'app_user'@'%' IDENTIFIED BY 'app_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON app_database.* TO 'app_user'@'%';
FLUSH PRIVILEGES;If your application deployment script needs to create users, modify it to run as the master user instead of a limited application user. This is a security trade-off in managed database services.
After granting CREATE USER privilege, test that the user can now create new users:
-- Switch to the user that needs to create users
USE mysql;
SELECT USER();
-- Try to create a new user
CREATE USER 'test_user'@'localhost' IDENTIFIED BY 'test_password';
GRANT SELECT ON myapp_database.* TO 'test_user'@'localhost';If successful, you will see no error and the new user will be created. If Error 1211 still appears, ensure the FLUSH PRIVILEGES command was executed and the grant was applied correctly.
The CREATE USER privilege is a powerful global privilege and should be granted carefully. Only grant it to administrator or deployment accounts that specifically need to manage user creation. For application users that only query or modify data, this privilege should never be grantedโuse database-level grants instead (e.g., GRANT SELECT, INSERT, UPDATE, DELETE ON database_name.* TO ....). In MySQL versions before 8.0, users could be implicitly created during GRANT statements, which is why you may see older documentation or scripts that attempt to create users this way. This behavior was removed for security reasons in MySQL 8.0. Additionally, in high-security environments, consider using role-based access control (RBAC) and limiting user creation to a dedicated administrative account that is never used for application connections.
ERROR 1064: You have an error in your SQL syntax
How to fix "ERROR 1064: You have an error in your SQL syntax" in MySQL
ERROR 1054: Unknown column in field list
Unknown column in field list
ER_WINDOW_RANGE_FRAME_NUMERIC_TYPE (3589): RANGE frame requires numeric ORDER BY expression
RANGE frame requires numeric ORDER BY expression in MySQL window functions
CR_ALREADY_CONNECTED (2058): Handle already connected
How to fix "CR_ALREADY_CONNECTED (2058): Handle already connected" in MySQL
ER_WINDOW_DUPLICATE_NAME (3591): Duplicate window name
How to fix ER_WINDOW_DUPLICATE_NAME (3591) in MySQL window functions