ALTER USER
On this page
Alters settings associated with the user.
Syntax
ALTER USER user[@host] [IDENTIFIED BY 'password'] [ACCOUNT {LOCK | UNLOCK}]
[SET [DEFAULT RESOURCE POOL = poolname] [FAILED_LOGIN_ATTEMPTS = integer] [PASSWORD_LOCK_TIME = integer]]
[REQUIRE {SSL | NONE}] [ATTRIBUTE <valid JSON>] [COMMENT <comment string>]
Arguments
-
user: The name of the user.
-
host: The host that the user can connect from.
For example, specifying localhost
means the user account can be used only when connecting from the local host.If no host is explicitly specified, the %
wildcard will be used, which lets the user connect from any host. -
password: An optional database connection password.
-
poolname: The new default resource pool.
-
ACCOUNT LOCK: Locks an account.
-
ACCOUNT UNLOCK: Unlocks an account that has been locked out due to exceeding the failed login attempts limit or via the
ALTER USER ACCOUNT LOCK
command. -
ALTER USER
does not support setting the password of and locking/unlocking an account simultaneously via syntax like:ALTER USER user IDENTIFIED BY 'password' ACCOUNT LOCK; -
FAILED_
LOGON_ ATTEMPTS: Together with PASSWORD_
, specifies the failed login attempt lockout behavior.LOCK_ TIME FAILED_
is the number of failed attempts allowed after which the account is locked out.LOGIN_ ATTEMPTS A value of 3 would mean that the account would be locked after three failed attempts. Default is 0 which means there is no restriction. When set to a value >=1, PASSWORD_
must also be specified.LOCK_ TIME -
PASSWORD_
LOCK_ TIME: Together with FAILED_
, specifies the failed login attempt lockout behavior.LOGIN_ ATTEMPTS PASSWORD_
is the number of seconds a locked out account must wait before reattempting to log in.LOCK_ TIME -
REQUIRE:
SSL
option ensures that the user connects via SSL.NONE
specifies that SSL will not be required for the connection. -
ATTRIBUTE and COMMENT: Optional arguments used to provide additional information about a user.
The values can be seen in the USERS table. If both arguments are specified in the same statement, ATTRIBUTE
must come first.For ATTRIBUTE, the value just be a valid JSON object.
Remarks
-
Users must have
GRANT
orALTER USER
permission to execute theALTER USER
command. -
This command causes implicit commits.
Refer to COMMIT for more information. -
Refer to the Permission Matrix for the required permission.
Examples
The following example demonstrates how to add a new user with a resource pool, and then change the resource pool.
CREATE USER joe WITH DEFAULT RESOURCE POOL = general;ALTER USER joe SET DEFAULT RESOURCE POOL = executive;ALTER USER joe ACCOUNT UNLOCK;
The following example requires SSL on the user db_
ALTER USER 'db_mgr'@'localhost' REQUIRE SSL;
The following example shows how to lock and unlock user accounts.
ALTER USER 'test'@'%' ACCOUNT LOCK;ALTER USER 'test'@'%' ACCOUNT UNLOCK;
This example shows how you could use a procedure to lock all user accounts (except for root) as a kind of "single user" mode.
use db;delimiter $create or replace procedure test() asdeclareqry query(name text) = select user from information_schema.users;arr array(record(name text));beginarr = collect(qry);for x in arr loopif substr(user(), 1, instr(user(), '@') - 1) <> x.name and x.name <> 'root' thenexecute immediate concat('alter user ', x.name, ' account lock');end if;end loop;end$
The following example shows how to set the values for the ATTRIBUTE and COMMENT arguments:
ALTER USER 'user1'@'localhost' ATTRIBUTE '{"phone": "1234567890"}';
ALTER USER 'user1'@'localhost' COMMENT 'some comment about user1';
ALTER USER 'user1'@'localhost' ATTRIBUTE '{"phone": "1234567890"}' COMMENT 'some comment about user1';
SELECT USER, ATTRIBUTE, COMMENT from INFORMATION_SCHEMA.USERS WHERE user='user1';
+-------------+-------------------------+------------------------------+
| USER | ATTRIBUTE | COMMENT |
+-------------+-------------------------+------------------------------+
| user1 | {"phone": "1234567890"} | some information about user1 |
+-------------+-------------------------+------------------------------+
1 row in set (0.127 sec)
Last modified: June 27, 2024