Revise MySQL discovery tutorial and add user creation script

Updated the tutorial to clarify the process of discovering MySQL database instances, including a new script for creating a least-privilege user.

Author: ankitsurkar06

articles/migrate/tutorial-discover-mysql-database-instances.md

@@ -11,7 +11,7 @@ monikerRange:
 # Customer intent: As a database administrator, I want to discover MySQL database instances in my datacenter using an agentless solution, so that I can assess and manage my databases efficiently before migrating to the cloud.
 ---
 
-# Tutorial: Discover MySQL database instances running in your datacenter (preview)
+# Discover MySQL database instances running in your datacenter (preview)
 
 
 This article describes how to discover MySQL database instances running on servers in your datacenter, using **Azure Migrate appliance**. The discovery process is agentless; no agents are installed on the target servers. 
@@ -53,7 +53,7 @@ The following table lists the regions that support MySQL Discovery and Assessmen
 
 1. Open the appliance configuration manager, complete the prerequisite checks and registration of the appliance.
 2. Navigate to the Manage credentials and discovery sources panel.
-1. In Step 3: Select **MySQL authentication** credential type, provide a friendly name, input the MySQL username, and password and select **Save**.
+3. In Step 3: Select **MySQL authentication** credential type, provide a friendly name, input the MySQL username, and password and select **Save**.
 
    > [!NOTE]
    > - Ensure that the user corresponding to the added MySQL credentials have the following privileges: 
@@ -69,6 +69,55 @@ The following table lists the regions that support MySQL Discovery and Assessmen
    >  GRANT SELECT ON information_schema.* TO 'username'@'ip';
    >  GRANT SELECT ON performance_schema.* TO 'username'@'ip';  
 
+To create a custom MySQL user account with the minimum permissions required for Discovery and Assessment in Azure Migrate with access from the appliance machine you can use the following script. The account running the script needs following privileges. This script has to be executed on the servers with MySQL instances. 
+- CREATE USER privilege → to create the new user.
+- GRANT OPTION privilege → to grant privileges to the new user.
+- SELECT on mysql.user → required for the existence check.
+- PROCESS privilege → if you want to verify process-related grants after creation.
+
+```
+
+-- MySQL Script to Create a Least-Privilege User for Azure Migrate
+-- Replace @username, @password, and @ip with actual values before execution.
+
+SET @username = 'your_username';
+SET @password = 'your_password';
+SET @ip = 'your_appliance_ip';
+
+-- Check if the user already exists
+SELECT CASE
+    WHEN EXISTS (SELECT 1 FROM mysql.user WHERE user = @username AND host = @ip)
+        THEN CONCAT('User ', @username, '@', @ip, ' already exists, skipping creation')
+    ELSE
+        CONCAT('User ', @username, '@', @ip, ' does not exist, proceeding with creation')
+END AS user_check;
+
+-- Create the user if not exists
+CREATE USER IF NOT EXISTS @username@'@ip' IDENTIFIED BY @password;
+
+-- Grant minimal required privileges
+GRANT USAGE ON *.* TO @username@'@ip';
+GRANT PROCESS ON *.* TO @username@'@ip';
+
+-- Grant SELECT on specific columns in mysql.user
+GRANT SELECT (User, Host, Super_priv, File_priv, Create_tablespace_priv, Shutdown_priv)
+ON mysql.user TO @username@'@ip';
+
+-- Grant SELECT on information_schema and performance_schema
+GRANT SELECT ON information_schema.* TO @username@'@ip';
+GRANT SELECT ON performance_schema.* TO @username@'@ip';
+
+-- Apply changes
+FLUSH PRIVILEGES;
+
+-- Log success
+SELECT CONCAT('Azure Migrate user ', @username, '@', @ip, ' created successfully with least privileges.') AS result;
+```
+Execute the script using the following command through your MySQL client.
+```
+mysql -u root -p -e "SET @username='myuser'; SET @password='mypassword'; SET @ip='appliance_ip'; SOURCE CreateUser.sql;"
+```
+
 You can review the discovered MySQL databases after around 24 hours of discovery initiation, through the **Discovered servers** view. To expedite the discovery of your MySQL instances follow the steps:
 
 - After adding the MySQL credentials on the appliance configuration manager restart the discovery services on appliance.