Skip to main content

ALTER USER

Alters settings associated with the user. To change a user password, use the SET PASSWORD command.

Syntax

ALTER USER user[@host] [IDENTIFIED BY 'password'] [ACCOUNT {LOCK | UNLOCK}] 
[SET [DEFAULT RESOURCE POOL = poolname] [FAILED_LOGIN_ATTEMPTS = integer] [PASSWORD_LOCK_TIME = integer]]
[REQUIRE {SSL | NONE}]

Arguments

  • user: The name of the user.

  • host: The host that the user can connect from. For example, specifying localhost means the user account can be used only when connecting from the local host. If no host is explicitly specified, the % wildcard will be used, which allows the user to connect from any host.

  • password: An optional database connection password.

  • poolname: The new default resource pool.

  • ACCOUNT LOCK: Locks an account.

  • ACCOUNT UNLOCK: Unlocks an account that has been locked out due to exceeding the failed login attempts limit or via the ALTER USER ACCOUNT LOCK command.

  • FAILED_LOGON_ATTEMPTS: Together with PASSWORD_LOCK_TIME, specifies the failed login attempt lockout behavior. FAILED_LOGIN_ATTEMPTS is the number of failed attempts allowed after which the account is locked out. A value of 3 would mean that the account would be locked after three failed attempts. Default is 0 which means there is no restriction. When set to a value >=1, PASSWORD_LOCK_TIME must also be specified.

  • PASSWORD_LOCK_TIME: Together with FAILED_LOGIN_ATTEMPTS, specifies the failed login attempt lockout behavior. PASSWORD_LOCK_TIME is the number of seconds a locked out account must wait before reattempting to log in.

  • REQUIRE: SSL option ensures that the user connects via SSL. NONE specifies that SSL will not be required for the connection.

For more information about failed login attempt lockout behavior, see SingleStoreDB User Management.

Remarks

  • Users must have GRANTor ALTER USERpermission to execute the ALTER USER command.

  • This command causes implicit commits. See COMMIT for more information.

  • See the Permission Matrix for the required permission.

Examples

The following example demonstrates how to add a new user with a resource pool, and then change the resource pool.

CREATE USER joe WITH DEFAULT RESOURCE POOL = general;
ALTER USER joe SET DEFAULT RESOURCE POOL = executive;
ALTER USER joe ACCOUNT UNLOCK;

The following example requires SSL on the user db_mgr.

ALTER USER 'db_mgr' REQUIRE SSL;

The following example shows how to lock and unlock user accounts.

ALTER USER 'test'@'%' ACCOUNT LOCK;

ALTER USER 'test'@'%' ACCOUNT UNLOCK;

This example shows how you could use a procedure to lock all user accounts (except for root) as a kind of "single user" mode. You could then use a similar procedure to unlock all accounts when desired.

use db;
delimiter $create or replace procedure test() as
declare
    qry query(name text) = select user from information_schema.users;
    arr array(record(name text));
begin
    arr = collect(qry);
    for x in arr loop
        if substr(user(), 1, instr(user(), '@') - 1) <> x.name and x.name <> 'root' then
            execute immediate concat('alter user ', x.name, ' account lock');
        end if;
    end loop;
end$