Doc Menu

CREATE USER

This statement creates a new user, specified with a password. In the MySQL privilege system, a user is the combination of a username and the host from which they are connecting from. Thus, it is possible to create a user 'newuser2'@'192.168.1.1' who is only able to connect from the IP address 192.168.1.1. It is also possible to have two users have the same user-portion, and different permissions as they login from different hosts.

Synopsis

CreateUserStmt:

CreateUserStmt

IfNotExists:

IfNotExists

UserSpecList:

UserSpecList

UserSpec:

UserSpec

AuthOption:

AuthOption

StringName:

StringName

Examples

Create a user with the newuserpassword password.

mysql> CREATE USER 'newuser' IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.04 sec)

Create a user who can only log in to 192.168.1.1.

mysql> CREATE USER 'newuser2'@'192.168.1.1' IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.02 sec)

Create a user who is enforced to log in using TLS connection.

CREATE USER 'newuser3'@'%' REQUIRE SSL IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.02 sec)

Create a user who is required to use X.509 certificate at login.

CREATE USER 'newuser4'@'%' REQUIRE ISSUER '/C=US/ST=California/L=San Francisco/O=PingCAP' IDENTIFIED BY 'newuserpassword';
Query OK, 1 row affected (0.02 sec)

MySQL compatibility

The following CREATE USER options are not yet supported by TiDB, and will be parsed but ignored:

  • TiDB does not support WITH MAX_QUERIES_PER_HOUR, WITH MAX_UPDATES_PER_HOUR, and WITH MAX_USER_CONNECTIONS options.
  • TiDB does not support the DEFAULT ROLE option.
  • TiDB does not support PASSWORD EXPIRE, PASSWORD HISTORY or other options related to password.
  • TiDB does not support the ACCOUNT LOCK and ACCOUNT UNLOCK options.

See also