ALTER USER

Syntax

ALTER USER user[@host] [IDENTIFIED BY 'password'] [ACCOUNT {LOCK | UNLOCK}] 
[SET [DEFAULT RESOURCE POOL = poolname] [FAILED_LOGIN_ATTEMPTS = integer] [PASSWORD_LOCK_TIME = integer]]
[REQUIRE {SSL | NONE}]

Arguments

user: The name of the user.
host: The host that the user can connect from. For example, specifying localhost means the user account can be used only when connecting from the local host. If no host is explicitly specified, the % wildcard will be used, which lets the user connect from any host.
password: An optional database connection password.
poolname: The new default resource pool.
ACCOUNT LOCK: Locks an account.
ACCOUNT UNLOCK: Unlocks an account that has been locked out due to exceeding the failed login attempts limit or via the ALTER USER ACCOUNT LOCK command.
ALTER USER does not support setting the password of and locking/unlocking an account simultaneously via syntax like:
SQL
```
ALTER USER user IDENTIFIED BY 'password' ACCOUNT LOCK;
```
FAILED_LOGON_ATTEMPTS: Together with PASSWORD_LOCK_TIME, specifies the failed login attempt lockout behavior. FAILED_LOGIN_ATTEMPTS is the number of failed attempts allowed after which the account is locked out. A value of 3 would mean that the account would be locked after three failed attempts. Default is 0 which means there is no restriction. When set to a value >=1, PASSWORD_LOCK_TIME must also be specified.
PASSWORD_LOCK_TIME: Together with FAILED_LOGIN_ATTEMPTS, specifies the failed login attempt lockout behavior. PASSWORD_LOCK_TIME is the number of seconds a locked out account must wait before reattempting to log in.
REQUIRE: SSL option ensures that the user connects via SSL. NONE specifies that SSL will not be required for the connection.

For more information about failed login attempt lockout behavior, see SingleStore User Management.

Remarks

Users must have GRANTor ALTER USERpermission to execute the ALTER USER command.
This command causes implicit commits. Refer to COMMIT for more information.
Refer to the Permission Matrix for the required permission.

Examples

The following example demonstrates how to add a new user with a resource pool, and then change the resource pool.

SQL

CREATE USER joe WITH DEFAULT RESOURCE POOL = general;
ALTER USER joe SET DEFAULT RESOURCE POOL = executive;
ALTER USER joe ACCOUNT UNLOCK;

The following example requires SSL on the user db_mgr.

SQL

ALTER USER 'db_mgr'@'localhost' REQUIRE SSL;

The following example shows how to lock and unlock user accounts.

SQL

ALTER USER 'test'@'%' ACCOUNT LOCK;

ALTER USER 'test'@'%' ACCOUNT UNLOCK;

This example shows how you could use a procedure to lock all user accounts (except for root) as a kind of "single user" mode. You could then use a similar procedure to unlock all accounts when desired.

SQL

use db;
delimiter $
create or replace procedure test() as
declare
    qry query(name text) = select user from information_schema.users;
    arr array(record(name text));
begin
    arr = collect(qry);
    for x in arr loop
        if substr(user(), 1, instr(user(), '@') - 1) <> x.name and x.name <> 'root' then
            execute immediate concat('alter user ', x.name, ' account lock');
        end if;
    end loop;
end$