Documentation Home
Oracle Enterprise Manager for MySQL Database User's Guide
Download this Manual
PDF (US Ltr) - 0.7Mb
PDF (A4) - 0.7Mb


7.30 Security Configuration Metrics

Lists the Security configuration metrics and provides a brief description of each.

Table 7.30 Security Configuration Metrics

NameDescription
Activate All Roles On Login EnabledWhether to enable automatic activation of all granted roles when users log in to the server.
Auto Generate Certs EnabledThis variable is available if the server was compiled using OpenSSL. It controls whether the server autogenerates SSL key and certificate files in the data directory, if they do not already exist.
Automatic Sp Privileges EnabledWhen this variable has a value of 1 (the default), the server automatically grants the EXECUTE and ALTER ROUTINE privileges to the creator of a stored routine, if the user cannot already execute and alter or drop the routine.
Caching Sha2 Password Private Key PathThe path name of the RSA private key file for the caching_sha2_password authentication plugin. If the file is named as a relative path, it is interpreted relative to the server data directory. The file must be in PEM format.
Caching Sha2 Password Public Key PathThe path name of the RSA public key file for the caching_sha2_password authentication plugin. If the file is named as a relative path, it is interpreted relative to the server data directory. The file must be in PEM format.
Check Proxy Users EnabledThis variable controls whether the server performs proxy user mapping for authentication plugins that request it. With check_proxy_users enabled, it may also be necessary to enable plugin-specific system variables to take advantage of server proxy user mapping support.
Default Authentication PluginThe default authentication plugin. Permitted values are mysql_native_password (use MySQL native passwords; this is the default) and sha256_password (use SHA-256 passwords).
Default Password LifetimeThis variable defines the global automatic password expiration policy. It applies to accounts that use MySQL built-in authentication methods (accounts that use an authentication plugin of mysql_native_password, mysql_old_password, or sha256_password). If the value of default_password_lifetime is a positive integer N, it indicates the permitted password lifetime; passwords must be changed every N days. A value of 0 disables automatic password expiration. The default is 360; passwords must be changed approximately once per year.
Disconnect On Expired Password EnabledControls how the server handles clients with expired passwords.
Local Infile EnabledWhether LOCAL is supported for LOAD DATA INFILE statements.
Mandatory RolesAutomatically granted roles for all users.
Mysql Native Password Proxy Users EnabledThis variable controls whether the mysql_native_password built-in authentication plugin supports proxy users. It has no effect unless the check_proxy_users system variable is enabled.
Old Passwords EnabledWhether the server uses pre-4.1-style passwords for MySQL user accounts.
Password HistoryNumber of password changes required before password reuse. If the value is 0 (the default), there is no reuse restriction based on number of password changes.
Password Reuse IntervalNumber of days elapsed required before password reuse. If the value is 0 (the default), there is no reuse restriction based on time elapsed.
Secure Auth EnabledDisallow authentication by clients that attempt to use accounts that have old (pre-4.1) passwords.
Secure File PrivilegesIf set to the name of a directory, it limits the effect of the LOAD_FILE() function and the LOAD DATA and SELECT ... INTO OUTFILE statements to work only with files in that directory.
Sha256 Password Auto Generate Rsa Keys EnabledThis variable is available if the server was compiled using OpenSSL. It controls whether the server autogenerates RSA private/public key-pair files in the data directory, if they do not already exist.
Sha256 Password Private Key PathThe path name of the RSA private key file for the sha256_password authentication plugin. If the file is named as a relative path, it is interpreted relative to the server data directory. The file must be in PEM format. Because this file stores a private key, its access mode must be restricted so that only the MySQL server can read it.
Sha256 Password Proxy Users EnabledThis variable controls whether the sha256_password built-in authentication plugin supports proxy users. It has no effect unless the check_proxy_users system variable is enabled.
Sha256 Password Public Key PathThe path name of the RSA public key file for the sha256_password authentication plugin. If the file is named as a relative path, it is interpreted relative to the server data directory. The file must be in PEM format. Because this file stores a public key, copies can be freely distributed to client users.
Skip Show Database EnabledWith this option, the SHOW DATABASES statement is permitted only to users who have the SHOW DATABASES privilege, and the statement displays all database names.
Validate User Plugins EnabledIf this variable is enabled (the default), the server checks each user account and produces a warning if conditions are found that would make the account unusable.