MySQL Forums
Forum List  »  Security

MySQL 5.7: improved CREATE USER, ALTER USER
Posted by: Edwin Desouza
Date: April 10, 2015 02:33PM

http://mysqlblog.fivefarmers.com/2015/04/10/improved-alter-user-syntax-support-in-5-7/

Before MySQL Server 5.7.6, ALTER USER could only be used to expire a user’s password. That’s pretty limited. With changes made in MySQL Server 5.7.6, a better distinction is made between privilege-level attributes (those which are managed via GRANT and REVOKE statements) and account-level attributes (those managed using CREATE USER and ALTER USER statements). MySQL has a long history of confusing these – for example, requiring a GRANT command to set account resource limits or require SSL. This all changes for the better in MySQL Server 5.7 – here’s how:

Account attributes

These are consistent with CREATE USER – the same attributes which can be defined with a CREATE USER command can now be modified using an ALTER USER command. These attributes are:

Password/credentials or auth plugin mapping
Authentication plugin type
SSL/X509 requirements
Resource constraints
Password expiration status and policy
Account locking
These attributes, and the syntax by which they are modified, is now consistent across CREATE USER and ALTER USER commands.






http://mysqlblog.fivefarmers.com/2015/04/09/create-user-improvements/

Prior to MySQL 5.7, the CREATE USER command had a number of limitations:

No way to set both authentication plugin and password
No way to disable a user
No way to define user resource limitations
No way to set a non-default password expiration policy
No way to require SSL/x509
All of these things could be done through other means, but typically involved other statements, such as GRANT commands. Starting with MySQL 5.7.6, these can all be done through a new and improved CREATE USER syntax:

Options: ReplyQuote


Subject
Views
Written By
Posted
MySQL 5.7: improved CREATE USER, ALTER USER
5143
April 10, 2015 02:33PM


Sorry, you can't reply to this topic. It has been closed.

Content reproduced on this site is the property of the respective copyright holders. It is not reviewed in advance by Oracle and does not necessarily represent the opinion of Oracle or any other party.