CREATE USER

This statement creates a new user, specified with a password. In the MySQL privilege system, a user is the combination of a username and the host from which they are connecting from. Thus, it is possible to create a user 'newuser2'@'192.168.1.1' who is only able to connect from the IP address 192.168.1.1. It is also possible to have two users have the same user-portion, and different permissions as they login from different hosts.

Synopsis

CreateUserStmt
CREATEUSERIfNotExistsUserSpecListRequireClauseOptConnectionOptionsLockOption
IfNotExists
IFNOTEXISTS
UserSpecList
UserSpec,
UserSpec
UsernameAuthOption
AuthOption
IDENTIFIEDBYAuthStringPASSWORDHashStringWITHStringNameBYAuthStringASHashString
StringName
stringLitIdentifier
LockOption
ACCOUNTLOCKACCOUNTUNLOCK

Examples

Create a user with the newuserpassword password.

mysql> CREATE USER 'newuser' IDENTIFIED BY 'newuserpassword'; Query OK, 1 row affected (0.04 sec)

Create a user who can only log in to 192.168.1.1.

mysql> CREATE USER 'newuser2'@'192.168.1.1' IDENTIFIED BY 'newuserpassword'; Query OK, 1 row affected (0.02 sec)

Create a user who is enforced to log in using TLS connection.

CREATE USER 'newuser3'@'%' REQUIRE SSL IDENTIFIED BY 'newuserpassword'; Query OK, 1 row affected (0.02 sec)

Create a user who is required to use X.509 certificate at login.

CREATE USER 'newuser4'@'%' REQUIRE ISSUER '/C=US/ST=California/L=San Francisco/O=PingCAP' IDENTIFIED BY 'newuserpassword'; Query OK, 1 row affected (0.02 sec)

Create a user who is locked upon creation.

CREATE USER 'newuser5'@'%' ACCOUNT LOCK;
Query OK, 1 row affected (0.02 sec)

MySQL compatibility

The following CREATE USER options are not yet supported by TiDB, and will be parsed but ignored:

  • TiDB does not support WITH MAX_QUERIES_PER_HOUR, WITH MAX_UPDATES_PER_HOUR, and WITH MAX_USER_CONNECTIONS options.
  • TiDB does not support the DEFAULT ROLE option.
  • TiDB does not support PASSWORD EXPIRE, PASSWORD HISTORY or other options related to password.

See also