diff --git a/manifests/backup/xtrabackup.pp b/manifests/backup/xtrabackup.pp
index fd17186ac..fc3e670d7 100644
--- a/manifests/backup/xtrabackup.pp
+++ b/manifests/backup/xtrabackup.pp
@@ -29,9 +29,7 @@
   $additional_cron_args    = ''
 ) inherits mysql::params {
 
-  package{ $xtrabackup_package_name:
-    ensure  => $ensure,
-  }
+  ensure_packages($xtrabackup_package_name)
 
   if $backupuser and $backuppassword {
     mysql_user { "${backupuser}@localhost":
diff --git a/manifests/db.pp b/manifests/db.pp
index 45b3c4899..a84c0c84d 100644
--- a/manifests/db.pp
+++ b/manifests/db.pp
@@ -13,6 +13,8 @@
 #   The user for the database you're creating.
 # @param password
 #   The password for $user for the database you're creating.
+# @param tls_options
+#   The tls_options for $user for the database you're creating.
 # @param dbname
 #   The name of the database to create.
 # @param charset
@@ -23,6 +25,8 @@
 #   The host to use as part of user@host for grants.
 # @param grant
 #   The privileges to be granted for user@host on the database.
+# @param grant_options
+#   The grant_options for the grant for user@host on the database.
 # @param sql
 #   The path to the sqlfile you want to execute. This can be single file specified as string, or it can be an array of strings.
 # @param enforce_sql
@@ -37,18 +41,20 @@
 define mysql::db (
   $user,
   $password,
+  $tls_options                                = undef,
   $dbname                                     = $name,
   $charset                                    = 'utf8',
   $collate                                    = 'utf8_general_ci',
   $host                                       = 'localhost',
   $grant                                      = 'ALL',
+  $grant_options                              = undef,
   Optional[Variant[Array, Hash, String]] $sql = undef,
   $enforce_sql                                = false,
   Enum['absent', 'present'] $ensure           = 'present',
   $import_timeout                             = 300,
   $import_cat_cmd                             = 'cat',
 ) {
-  #input validation
+
   $table = "${dbname}.*"
 
   $sql_inputs = join([$sql], ' ')
@@ -67,6 +73,7 @@
   $user_resource = {
     ensure        => $ensure,
     password_hash => mysql::password($password),
+    tls_options   => $tls_options,
   }
   ensure_resource('mysql_user', "${user}@${host}", $user_resource)
 
@@ -76,6 +83,7 @@
       provider   => 'mysql',
       user       => "${user}@${host}",
       table      => $table,
+      options    => $grant_options,
       require    => [
         Mysql_database[$dbname],
         Mysql_user["${user}@${host}"],
diff --git a/spec/defines/mysql_db_spec.rb b/spec/defines/mysql_db_spec.rb
index 3d2d63dd6..4b9ce7cdd 100644
--- a/spec/defines/mysql_db_spec.rb
+++ b/spec/defines/mysql_db_spec.rb
@@ -70,6 +70,16 @@
         params['dbname'] = 'real_db'
         is_expected.to contain_mysql_database('real_db')
       end
+
+      it 'uses tls_options for user when set' do
+        params['tls_options'] = ['SSL']
+        is_expected.to contain_mysql_user('testuser@localhost').with_tls_options(['SSL'])
+      end
+
+      it 'uses grant_options for grant when set' do
+        params['grant_options'] = ['GRANT']
+        is_expected.to contain_mysql_grant('testuser@localhost/test_db.*').with_options(['GRANT'])
+      end
     end
   end
 end