CREATE USER
The CREATE USER statement creates new Databend accounts. It enables authentication, resource-limit, password-management, for new accounts.
See also:
Syntax
CREATE USER <name> IDENTIFIED [WITH auth_type ] BY 'password_string'
Where:
auth_type: {
double_sha1_password
| sha256_password
}
auth_type default is double_sha1_password.
tip
In order to make MySQL client/drivers existing tools easy to connect to Databend, we support two authentication plugins which is same as MySQL server did:
- double_sha1_password
- mysql_native_password is one of MySQL authentication plugin(long time ago), this plugin uses double_sha1_password to store the password(SHA1(SHA1(password)).
- sha256_password
- caching_sha2_password is a new default authentication plugin starting with MySQL-8.0.4, it uses sha256 to transform the password.
More of the MySQL authentication plugin, please see A Tale of Two Password Authentication Plugins.
Examples
Create Default auth_type User
CREATE USER user1 IDENTIFIED BY 'abc123';
SHOW USERS;
+-----------+----------+----------------------+------------------------------------------+---------------+
| name | hostname | auth_type | auth_string | is_configured |
+-----------+----------+----------------------+------------------------------------------+---------------+
| user1 | % | double_sha1_password | 6691484ea6b50ddde1926a220da01fa9e575c18a | NO |
+-----------+----------+----------------------+------------------------------------------+---------------+
Create a sha256_password
auth_type User
CREATE USER user1 IDENTIFIED WITH sha256_password BY 'abc123';
SHOW USERS;
+-----------+----------+----------------------+------------------------------------------------------------------+---------------+
| name | hostname | auth_type | auth_string | is_configured |
+-----------+----------+----------------------+------------------------------------------------------------------+---------------+
| user1 | % | sha256_password | 6ca13d52ca70c883e0f0bb101e425a89e8624de51db2d2392593af6a84118090 | NO |
+-----------+----------+----------------------+------------------------------------------------------------------+---------------+
Grant Privileges to the User
GRANT ALL ON *.* TO user1;
show grants for user1;
+---------------------------------+
| Grants |
+---------------------------------+
| GRANT ALL ON *.* TO 'user1'@'%' |
+---------------------------------+