Skip to content

Latest commit

 

History

History
79 lines (56 loc) · 2.69 KB

sql-statement-create-user.md

File metadata and controls

79 lines (56 loc) · 2.69 KB
Raw
title summary aliases
CREATE USER | TiDB SQL Statement Reference
An overview of the usage of CREATE USER for the TiDB database.
/docs/dev/sql-statements/sql-statement-create-user/
/docs/dev/reference/sql/statements/create-user/

CREATE USER

This statement creates a new user, specified with a password. In the MySQL privilege system, a user is the combination of a username and the host from which they are connecting from. Thus, it is possible to create a user 'newuser2'@'192.168.1.1' who is only able to connect from the IP address 192.168.1.1. It is also possible to have two users have the same user-portion, and different permissions as they login from different hosts.

Synopsis

CreateUserStmt ::=
    'CREATE' 'USER' IfNotExists UserSpecList RequireClauseOpt ConnectionOptions PasswordOrLockOptions

IfNotExists ::=
    ('IF' 'NOT' 'EXISTS')?

UserSpecList ::=
    UserSpec ( ',' UserSpec )*

UserSpec ::=
    Username AuthOption

AuthOption ::=
    ( 'IDENTIFIED' ( 'BY' ( AuthString | 'PASSWORD' HashString ) | 'WITH' StringName ( 'BY' AuthString | 'AS' HashString )? ) )?

StringName ::=
    stringLit
|   Identifier

Examples

Create a user with the newuserpassword password.

mysql> CREATE USER 'newuser' IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.04 sec)

Create a user who can only log in to 192.168.1.1.

mysql> CREATE USER 'newuser2'@'192.168.1.1' IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.02 sec)

Create a user who is enforced to log in using TLS connection.

CREATE USER 'newuser3'@'%' REQUIRE SSL IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.02 sec)

Create a user who is required to use X.509 certificate at login.

CREATE USER 'newuser4'@'%' REQUIRE ISSUER '/C=US/ST=California/L=San Francisco/O=PingCAP' IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.02 sec)

MySQL compatibility

The following CREATE USER options are not yet supported by TiDB, and will be parsed but ignored:

  • TiDB does not support WITH MAX_QUERIES_PER_HOUR, WITH MAX_UPDATES_PER_HOUR, and WITH MAX_USER_CONNECTIONS options.
  • TiDB does not support the DEFAULT ROLE option.
  • TiDB does not support PASSWORD EXPIRE, PASSWORD HISTORY or other options related to password.
  • TiDB does not support the ACCOUNT LOCK and ACCOUNT UNLOCK options.

See also