1 of 1

Account Locking

Syntax

The lock_option and password_option clauses can occur in either order.

Prior to and , the lock_option must be placed before the password_option.

Description

Account locking permits privileged administrators to lock/unlock user accounts. No new client connections will be permitted if an account is locked (existing connections are not affected).

Locking Accounts

User accounts can be locked at creation, with the statement, or modified after creation with the statement. For example:

The server will return an ER_ACCOUNT_HAS_BEEN_LOCKED error when locked users attempt to connect:

Unlocking Accounts

The statement is used to unlock a user:

Show Whether a Specific Account is Locked

The statement will show whether the account is locked:

as well as querying the :

Find Locked Accounts

This query against the mysql.global_priv table will return all accounts which have "account_locked": true within the Priv json column:

Example Output:

Account Locking

Syntax

 CREATE USER [...]
 [lock_option] [password_option] 
 
 ALTER USER [...]
 [lock_option] [password_option]

The lock_option and password_option clauses can occur in either order.

Prior to and , the lock_option must be placed before the password_option.

Description

Account locking permits privileged administrators to lock/unlock user accounts. No new client connections will be permitted if an account is locked (existing connections are not affected).

Locking Accounts

User accounts can be locked at creation, with the statement, or modified after creation with the statement. For example:

The server will return an ER_ACCOUNT_HAS_BEEN_LOCKED error when locked users attempt to connect:

Unlocking Accounts

The statement is used to unlock a user:

Show Whether a Specific Account is Locked

The statement will show whether the account is locked:

as well as querying the :

Find Locked Accounts

This query against the mysql.global_priv table will return all accounts which have "account_locked": true within the Priv json column:

Example Output:

SELECT CONCAT(user, '@', host, ' => ', JSON_DETAILED(priv)) 
  FROM mysql.global_priv 
  WHERE user='marijn';
+--------------------------------------------------------------------------------------+
| CONCAT(user, '@', host, ' => ', JSON_DETAILED(priv))                                 |
+--------------------------------------------------------------------------------------+
| marijn@localhost => {
    "access": 0,
    "plugin": "mysql_native_password",
    "authentication_string": "",
    "account_locked": true,
    "password_last_changed": 1558017158
} |
+--------------------------------------------------------------------------------------+

SHOW CREATE USER 'marijn'@'localhost';
+-----------------------------------------------+
| CREATE USER for marijn@localhost              |
+-----------------------------------------------+
| CREATE USER 'marijn'@'localhost' ACCOUNT LOCK |
+-----------------------------------------------+

SELECT CONCAT(user, '@', host, ' => ', JSON_DETAILED(priv)) 
  FROM mysql.global_priv 
  WHERE user='marijn';
+--------------------------------------------------------------------------------------+
| CONCAT(user, '@', host, ' => ', JSON_DETAILED(priv))                                 |
+--------------------------------------------------------------------------------------+
| marijn@localhost => {
    "access": 0,
    "plugin": "mysql_native_password",
    "authentication_string": "",
    "account_locked": true,
    "password_last_changed": 1558017158
} |
+--------------------------------------------------------------------------------------+

Account Locking

Syntax

Description

Locking Accounts

Unlocking Accounts

Show Whether a Specific Account is Locked

Find Locked Accounts

See Also

Account Locking

Syntax

Description

Locking Accounts

Unlocking Accounts

Show Whether a Specific Account is Locked

Find Locked Accounts

See Also