A server configuration account is required on each server instance that is going to join an InnoDB Cluster, InnoDB ClusterSet, or InnoDB ReplicaSet deployment. You set this account up using a dba.configureInstance() command with the clusterAdmin option. For better security, specify the password at the interactive prompt, otherwise specify it using the clusterAdminPassword option. Create the same account, with the same user name and password, in the same way on every server instance that will be part of the deployment - both the instance to which you connect to create the deployment, and the instances that will join after that.

The server configuration account that you create using the dba.configureInstance() operation is not replicated to other servers in the InnoDB Cluster, InnoDB ClusterSet, or InnoDB ReplicaSet deployment. MySQL Shell disables binary logging for the dba.configureInstance() operation. This means that you must create the account on every server instance individually.

The clusterAdmin option must be used with a MySQL Shell connection based on a user which has the privileges to create users with suitable privileges. In this example the root user is used:

mysql-js> dba.configureInstance('root@ic-1:3306', {clusterAdmin: "'icadmin'@'ic-1%'"});

Administrator accounts can be used to administer a deployment after you have completed the configuration process. You can set up more than one of them. To create an administrator account, you issue a cluster.setupAdminAccount() command after you have added all the instances to the InnoDB Cluster or InnoDB ReplicaSet. The command creates an account with the user name and password that you specify, with all the required permissions. A transaction to create an account with cluster.setupAdminAccount() is written to the binary log and sent to all the other server instances in the cluster to create the account on them.

To use the setupAdminAccount() operation, you must be connected as a MySQL user with privileges to create users, for example as root. The setupAdminAccount(user) operation also enables you to upgrade an existing MySQL account with the necessary privileges before a dba.upgradeMetadata() operation.

The mandatory user argument is the name of the MySQL account you want to create to be used to administer the deployment. The format of the user names accepted by the setupAdminAccount() operation follows the standard MySQL account name format, see Specifying Account Names. The user argument format is username[@host] where host is optional and if it is not provided it defaults to the % wildcard character.

For example, to create a user named icadmin to administer an InnoDB Cluster assigned to the variable myCluster, issue:

mysql-js> myCluster.setupAdminAccount('icadmin')

Missing the password for new account icadmin@%. Please provide one.
Password for new account: ********
Confirm password: ********

Creating user icadmin@%.
Setting user password.
Account icadmin@% was successfully created.

If you have a server configuration account or administrator account created with a version prior to MySQL Shell 8.0.20, use the update option with the setupAdminAccount() operation to upgrade the privileges of the existing user. This is relevant during an upgrade, to ensure that the user accounts are compatible. For example, to upgrade the user named icadmin issue:

mysql-js> myCluster.setupAdminAccount('icadmin', {'update':1})
Updating user icadmin@%.
Account icadmin@% was successfully updated.

This is a special use of the cluster.setupAdminAccount() command that is not written to the binary log.