ALTER USER

ALTER USER 语句用于更改 TiDB 权限系统内的已有用户。和 MySQL 一样,在 TiDB 权限系统中,用户是用户名和用户名所连接主机的组合。因此,可创建一个用户 'newuser2'@'192.168.1.1',使其只能通过 IP 地址 192.168.1.1 进行连接。相同的用户名从不同主机登录时可能会拥有不同的权限。

语法图

AlterUserStmt

ALTER USER - 图1

UserSpecList

ALTER USER - 图2

UserSpec

ALTER USER - 图3

RequireClauseOpt

ALTER USER - 图4

RequireList

ALTER USER - 图5

Username

ALTER USER - 图6

AuthOption

ALTER USER - 图7

PasswordOption

ALTER USER - 图8

LockOption

ALTER USER - 图9

AttributeOption

ALTER USER - 图10

ResourceGroupNameOption

ALTER USER - 图11

  1. AlterUserStmt ::=
  2. 'ALTER' 'USER' IfExists (UserSpecList RequireClauseOpt ConnectionOptions PasswordOption LockOption AttributeOption | 'USER' '(' ')' 'IDENTIFIED' 'BY' AuthString) ResourceGroupNameOption
  3. UserSpecList ::=
  4. UserSpec ( ',' UserSpec )*
  5. UserSpec ::=
  6. Username AuthOption
  7. RequireClauseOpt ::=
  8. ( 'REQUIRE' 'NONE' | 'REQUIRE' 'SSL' | 'REQUIRE' 'X509' | 'REQUIRE' RequireList )?
  9. RequireList ::=
  10. ( "ISSUER" stringLit | "SUBJECT" stringLit | "CIPHER" stringLit | "SAN" stringLit | "TOKEN_ISSUER" stringLit )*
  11. Username ::=
  12. StringName ('@' StringName | singleAtIdentifier)? | 'CURRENT_USER' OptionalBraces
  13. AuthOption ::=
  14. ( 'IDENTIFIED' ( 'BY' ( AuthString | 'PASSWORD' HashString ) | 'WITH' StringName ( 'BY' AuthString | 'AS' HashString )? ) )?
  15. PasswordOption ::= ( 'PASSWORD' 'EXPIRE' ( 'DEFAULT' | 'NEVER' | 'INTERVAL' N 'DAY' )? | 'PASSWORD' 'HISTORY' ( 'DEFAULT' | N ) | 'PASSWORD' 'REUSE' 'INTERVAL' ( 'DEFAULT' | N 'DAY' ) | 'FAILED_LOGIN_ATTEMPTS' N | 'PASSWORD_LOCK_TIME' ( N | 'UNBOUNDED' ) )*
  16. LockOption ::= ( 'ACCOUNT' 'LOCK' | 'ACCOUNT' 'UNLOCK' )?
  17. AttributeOption ::= ( 'COMMENT' CommentString | 'ATTRIBUTE' AttributeString )?
  18. ResourceGroupNameOption::= ( 'RESOURCE' 'GROUP' Identifier)?

示例

  1. CREATE USER 'newuser' IDENTIFIED BY 'newuserpassword';
  1. Query OK, 1 row affected (0.01 sec)
  1. SHOW CREATE USER 'newuser';
  1. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  2. | CREATE USER for newuser@% |
  3. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  4. | CREATE USER 'newuser'@'%' IDENTIFIED WITH 'mysql_native_password' AS '*5806E04BBEE79E1899964C6A04D68BCA69B1A879' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK |
  5. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  6. 1 row in set (0.00 sec)

修改用户基本信息

修改用户 newuser 的密码:

  1. ALTER USER 'newuser' IDENTIFIED BY 'newnewpassword';
  1. Query OK, 0 rows affected (0.02 sec)
  1. SHOW CREATE USER 'newuser';
  1. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  2. | CREATE USER for newuser@% |
  3. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  4. | CREATE USER 'newuser'@'%' IDENTIFIED WITH 'mysql_native_password' AS '*FB8A1EA1353E8775CA836233E367FBDFCB37BE73' REQUIRE NONE PASSWORD EXPIRE DEFAULT ACCOUNT UNLOCK |
  5. +----------------------------------------------------------------------------------------------------------------------------------------------------------------------+
  6. 1 row in set (0.00 sec)

锁定用户 newuser

  1. ALTER USER 'newuser' ACCOUNT LOCK;
  1. Query OK, 0 rows affected (0.02 sec)

修改 newuser 的属性:

  1. ALTER USER 'newuser' ATTRIBUTE '{"newAttr": "value", "deprecatedAttr": null}';
  2. SELECT * FROM information_schema.user_attributes;
  1. +-----------+------+--------------------------+
  2. | USER | HOST | ATTRIBUTE |
  3. +-----------+------+--------------------------+
  4. | newuser | % | {"newAttr": "value"} |
  5. +-----------+------+--------------------------+
  6. 1 rows in set (0.00 sec)

通过 ALTER USER ... COMMENT 修改用户 newuser 的注释:

  1. ALTER USER 'newuser' COMMENT 'Here is the comment';
  2. SELECT * FROM information_schema.user_attributes;
  1. +-----------+------+--------------------------------------------------------+
  2. | USER | HOST | ATTRIBUTE |
  3. +-----------+------+--------------------------------------------------------+
  4. | newuser | % | {"comment": "Here is the comment", "newAttr": "value"} |
  5. +-----------+------+--------------------------------------------------------+
  6. 1 rows in set (0.00 sec)

通过 ALTER USER ... ATTRIBUTE 删除用户 newuser 的注释:

  1. ALTER USER 'newuser' ATTRIBUTE '{"comment": null}';
  2. SELECT * FROM information_schema.user_attributes;
  1. +-----------+------+---------------------------+
  2. | USER | HOST | ATTRIBUTE |
  3. +-----------+------+---------------------------+
  4. | newuser | % | {"newAttr": "value"} |
  5. +-----------+------+---------------------------+
  6. 1 rows in set (0.00 sec)

通过 ALTER USER ... PASSWORD EXPIRE NEVER 修改用户 newuser 的自动密码过期策略为永不过期:

  1. ALTER USER 'newuser' PASSWORD EXPIRE NEVER;
  1. Query OK, 0 rows affected (0.02 sec)

通过 ALTER USER ... PASSWORD REUSE INTERVAL ... DAY 修改用户 newuser 的密码重用策略为不允许重复使用最近 90 天内使用过的密码:

  1. ALTER USER 'newuser' PASSWORD REUSE INTERVAL 90 DAY;
  1. Query OK, 0 rows affected (0.02 sec)

修改用户绑定的资源组

通过 ALTER USER ... RESOURCE GROUP 修改用户 newuser 的资源组到 rg1

  1. ALTER USER 'newuser' RESOURCE GROUP rg1;
  1. Query OK, 0 rows affected (0.02 sec)

查看当前用户绑定的资源组:

  1. SELECT USER, JSON_EXTRACT(User_attributes, "$.resource_group") FROM mysql.user WHERE user = "newuser";
  1. +---------+---------------------------------------------------+
  2. | USER | JSON_EXTRACT(User_attributes, "$.resource_group") |
  3. +---------+---------------------------------------------------+
  4. | newuser | "rg1" |
  5. +---------+---------------------------------------------------+
  6. 1 row in set (0.02 sec)

取消用户绑定的资源组,即将用户绑定到 default 资源组。

  1. ALTER USER 'newuser' RESOURCE GROUP `default`;
  2. SELECT USER, JSON_EXTRACT(User_attributes, "$.resource_group") FROM mysql.user WHERE user = "newuser";
  1. +---------+---------------------------------------------------+
  2. | USER | JSON_EXTRACT(User_attributes, "$.resource_group") |
  3. +---------+---------------------------------------------------+
  4. | newuser | "default" |
  5. +---------+---------------------------------------------------+
  6. 1 row in set (0.02 sec)

另请参阅