CREATE USER
On this page
Create a new user account.
Syntax
CREATE USER user[@host][IDENTIFIED BY 'password'][WITH {DEFAULT RESOURCE POOL = poolname} |{FAILED_LOGIN_ATTEMPTS = integer PASSWORD_LOCK_TIME = integer} |{DEFAULT RESOURCE POOL = poolname FAILED_LOGIN_ATTEMPTS = integer PASSWORD_LOCK_TIME = integer}][REQUIRE {SSL | NONE}]
Note
Instead of authentication by password, other authentication types: Kerberos, PAM, and SAML can also be used with the clause.
IDENTIFIED WITH {authentication_
CREATE USER user IDENTIFIED WITH authentication_
CREATE USER user IDENTIFIED WITH authentication_
See section “Using PAM Pluggable Authentication” here.
Arguments
user: The name of the user.
host: The host that the user can connect from.localhost
means the user account can be used only when connecting from the local host.%
wildcard will be used, which allows the user to connect from any host.
password: An optional database connection password.
poolname: The default resource pool for the user.
FAILED_PASSWORD_
, specifies the failed login attempt lockout behavior.FAILED_
is the number of failed attempts allowed before the account is locked out.0
which means there is no restriction.PASSWORD_
must also be specified.
PASSWORD_FAILED_
, specifies the failed login attempt lockout behavior.PASSWORD_
is the number of seconds a locked out account must wait before reattempting to log in.
REQUIRE: SSL
option ensures that the user connects via SSL.NONE
specifies that SSL will not be required for the connection.
Note
You must set both FAILED_
and PASSWORD_
to enable the lockout feature.
To modify the FAILED_
and PASSWORD_
settings for a user, or to unlock a locked user, use ALTER USER.
For more information about failed login attempt lockout behavior, see Securing SingleStore.
ATTRIBUTE and COMMENT: Optional arguments used to provide additional information about a user.ATTRIBUTE
must come first.
Remarks
-
The
CREATE USER
command must be run by a user with administrative privileges on the database.Also, the new user does not have any privileges granted by default. Use GRANT to specify privileges for the new user. -
The
WITH
keyword must be used with the following options and should be specified only once:-
[
DEFAULT RESOURCE POOL = <poolname>
] -
[
FAILED_
]LOGIN_ ATTEMPTS = integer PASSWORD_ LOCK_ TIME = <integer>
WITH DEFAULT RESOURCE POOL = pool1 FAILED_LOGIN_ATTEMPTS = 10 PASSWORD_LOCK_TIME = 20
or
WITH FAILED_LOGIN_ATTEMPTS = 10 PASSWORD_LOCK_TIME = 20
or
WITH DEFAULT RESOURCE POOL = pool1
-
-
This command causes implicit commits.
Refer to COMMIT for more information. -
The
CREATE USER
command only applies to the current node unless thesync_
engine variable is set topermissions ON
. -
The
CREATE USER
command holds a global lock on the cluster until the processing of the command is completed.See Cluster Level Locks for more info. -
Refer to the Permission Matrix for the required permission.
Examples
The following example demonstrates how to add a new user and grant it the SELECT
privilege on all tables in the mydb
database:
CREATE USER joe;GRANT SELECT ON mydb.* TO 'joe'@'%';
The following example demonstrates how to create a resource pool and assign it to a new user along with controlling the login attempts"
CREATE RESOURCE POOL test_pool WITH QUERY_TIMEOUT = 20;CREATE USER user1 IDENTIFIED BY 'User123' WITH DEFAULT RESOURCE POOL = test_pool FAILED_LOGIN_ATTEMPTS = 3 PASSWORD_LOCK_TIME = 14400;
The following example demonstrates the use of the default_
variable and the REQUIRE
option:
CREATE USER `alice`@`%`; -- uses default_require_ssl var (off by default)CREATE USER `alice`@`%` REQUIRE NONE; -- does not require SSLCREATE USER `alice`@`%` REQUIRE SSL; -- requires SSL
Last modified: July 18, 2024