CREATE USER
This statement creates a new user, specified with a password. In the MySQL privilege system, a user is the combination of a username and the host from which they are connecting from. Thus, it is possible to create a user 'newuser2'@'192.168.1.1'
who is only able to connect from the IP address 192.168.1.1
. It is also possible to have two users have the same user-portion, and different permissions as they login from different hosts.
Synopsis
- CreateUserStmt
- IfNotExists
- UserSpecList
- UserSpec
- AuthOption
- StringName
- LockOption
CreateUserStmt ::=
'CREATE' 'USER' IfNotExists UserSpecList RequireClauseOpt ConnectionOptions LockOption
IfNotExists ::=
('IF' 'NOT' 'EXISTS')?
UserSpecList ::=
UserSpec ( ',' UserSpec )*
UserSpec ::=
Username AuthOption
AuthOption ::=
( 'IDENTIFIED' ( 'BY' ( AuthString | 'PASSWORD' HashString ) | 'WITH' StringName ( 'BY' AuthString | 'AS' HashString )? ) )?
StringName ::=
stringLit
| Identifier
LockOption ::= ( 'ACCOUNT' 'LOCK' | 'ACCOUNT' 'UNLOCK' )?
Examples
Create a user with the newuserpassword
password.
mysql> CREATE USER 'newuser' IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.04 sec)
Create a user who can only log in to 192.168.1.1
.
mysql> CREATE USER 'newuser2'@'192.168.1.1' IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.02 sec)
Create a user who is enforced to log in using TLS connection.
CREATE USER 'newuser3'@'%' REQUIRE SSL IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.02 sec)
Create a user who is required to use X.509 certificate at login.
CREATE USER 'newuser4'@'%' REQUIRE ISSUER '/C=US/ST=California/L=San Francisco/O=PingCAP' IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.02 sec)
Create a user who is locked upon creation.
CREATE USER 'newuser5'@'%' ACCOUNT LOCK;
Query OK, 1 row affected (0.02 sec)
MySQL compatibility
The following CREATE USER
options are not yet supported by TiDB, and will be parsed but ignored:
- TiDB does not support
WITH MAX_QUERIES_PER_HOUR
,WITH MAX_UPDATES_PER_HOUR
, andWITH MAX_USER_CONNECTIONS
options. - TiDB does not support the
DEFAULT ROLE
option. - TiDB does not support
PASSWORD EXPIRE
,PASSWORD HISTORY
or other options related to password.