ALTER USER
ALTER USER
语句用于更改 TiDB 权限系统内的已有用户。和 MySQL 一样,在 TiDB 权限系统中,用户是用户名和用户名所连接主机的组合。因此,可创建一个用户 'newuser2'@'192.168.1.1'
,使其只能通过 IP 地址 192.168.1.1
进行连接。相同的用户名从不同主机登录时可能会拥有不同的权限。
语法图
- AlterUserStmt
- UserSpecList
- UserSpec
- Username
- AuthOption
- LockOption
- AttributeOption
AlterUserStmt ::=
'ALTER' 'USER' IfExists (UserSpecList RequireClauseOpt ConnectionOptions LockOption AttributeOption | 'USER' '(' ')' 'IDENTIFIED' 'BY' AuthString)
UserSpecList ::=
UserSpec ( ',' UserSpec )*
UserSpec ::=
Username AuthOption
Username ::=
StringName ('@' StringName | singleAtIdentifier)? | 'CURRENT_USER' OptionalBraces
AuthOption ::=
( 'IDENTIFIED' ( 'BY' ( AuthString | 'PASSWORD' HashString ) | 'WITH' StringName ( 'BY' AuthString | 'AS' HashString )? ) )?
LockOption ::= ( 'ACCOUNT' 'LOCK' | 'ACCOUNT' 'UNLOCK' )?
AttributeOption ::= ( 'COMMENT' CommentString | 'ATTRIBUTE' AttributeString )?
示例
CREATE USER 'newuser' IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.01 sec)
SHOW CREATE USER 'newuser';
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| CREATE USER for newuser@% |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| CREATE USER 'newuser'@'%' IDENTIFIED WITH 'mysql_native_password' AS '*5806E04BBEE79E1899964C6A04D68BCA69B1A879' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
ALTER USER 'newuser' IDENTIFIED BY 'newnewpassword';
Query OK, 0 rows affected (0.02 sec)
SHOW CREATE USER 'newuser';
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| CREATE USER for newuser@% |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| CREATE USER 'newuser'@'%' IDENTIFIED WITH 'mysql_native_password' AS '*FB8A1EA1353E8775CA836233E367FBDFCB37BE73' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
ALTER USER 'newuser' ACCOUNT LOCK;
Query OK, 0 rows affected (0.02 sec)
修改 newuser
的属性:
ALTER USER 'newuser' ATTRIBUTE '{"newAttr": "value", "deprecatedAttr": null}';
SELECT * FROM information_schema.user_attributes;
+-----------+------+--------------------------+
| USER | HOST | ATTRIBUTE |
+-----------+------+--------------------------+
| newuser | % | {"newAttr": "value"} |
+-----------+------+--------------------------+
1 rows in set (0.00 sec)
通过 ALTER USER ... COMMENT
修改用户 newuser
的注释:
ALTER USER 'newuser' COMMENT 'Here is the comment';
SELECT * FROM information_schema.user_attributes;
+-----------+------+--------------------------------------------------------+
| USER | HOST | ATTRIBUTE |
+-----------+------+--------------------------------------------------------+
| newuser | % | {"comment": "Here is the comment", "newAttr": "value"} |
+-----------+------+--------------------------------------------------------+
1 rows in set (0.00 sec)
通过 ALTER USER ... ATTRIBUTE
删除用户 newuser
的注释:
ALTER USER 'newuser' ATTRIBUTE '{"comment": null}';
SELECT * FROM information_schema.user_attributes;
+-----------+------+---------------------------+
| USER | HOST | ATTRIBUTE |
+-----------+------+---------------------------+
| newuser | % | {"newAttr": "value"} |
+-----------+------+---------------------------+
1 rows in set (0.00 sec)