I finally had a chance to sit down and learn the syntax of creating mysql users and assigning specific permissions. This allows me to have different users for different web services - eg. cron jobs, web servers etc.
GRANT [SELECT|UPDATE|INSERT|UPDATE|CREATE|DROP] ON DATABASE.[table|*] TO 'user'@'host' IDENTIFIED BY 'password'
These can be cumulative. One thing that originally confused me was the 'host' - you actually need to have two accounts for a user to connect both locally and remotely - one set to "localhost" and the other set to "%".
The grant command is actually just populating the mysql.user table.
Other useful commands include changing a password:
SET PASSWORD FOR 'bob'@'loclahost" = PASSWORD('newpassword') SET PASSWORD = PASSWORD('newpassword'); GRANT USAGE ON *.* TO 'user'@'host' IDENTIFIED BY 'password'