1.2.1.3 Accounts and Roles

  • Root Account Password

    Assigning a root password is required and you will be asked for it when reconfiguring with MySQL Configurator in the future. Password strength is evaluated when you repeat the password in the box provided. For descriptive information regarding password requirements or status, move your mouse pointer over the information icon () when it appears.

  • MySQL User Accounts (Optional)

    Click Add User or Edit User to create or modify MySQL user accounts with predefined roles. Next, enter the required account credentials:

    • User Name: MySQL user names can be up to 32 characters long.

    • Host: Select localhost for local connections only or <All Hosts (%)> when remote connections to the server are required.

    • Role: Each predefined role, such as DB Admin, is configured with its own set of privileges. For example, the DB Admin role has more privileges than the DB Designer role. The Role drop-down list contains a description of each role.

    • Password: Password strength assessment is performed while you type the password. Passwords must be confirmed. MySQL permits a blank or empty password (considered to be insecure).

    MySQL Configurator Commercial Release Only:  MySQL Enterprise Edition for Windows, a commercial product, also supports an authentication method that performs external authentication on Windows. Accounts authenticated by the Windows operating system can access the MySQL server without providing an additional password.

    To create a new MySQL account that uses Windows authentication, enter the user name and then select a value for Host and Role. Click Windows authentication to enable the authentication_windows plugin. In the Windows Security Tokens area, enter a token for each Windows user (or group) who can authenticate with the MySQL user name. MySQL accounts can include security tokens for both local Windows users and Windows users that belong to a domain. Multiple security tokens are separated by the semicolon character (;) and use the following format for local and domain accounts:

    • Local account

      Enter the simple Windows user name as the security token for each local user or group; for example, finley;jeffrey;admin.

    • Domain account

      Use standard Windows syntax (domain\domainuser) or MySQL syntax (domain\\domainuser) to enter Windows domain users and groups.

      For domain accounts, you may need to use the credentials of an administrator within the domain if the account running MySQL Configurator lacks the permissions to query the Active Directory. If this is the case, select Validate Active Directory users with to activate the domain administrator credentials.

    Windows authentication permits you to test all of the security tokens each time you add or modify a token. Click Test Security Tokens to validate (or revalidate) each token. Invalid tokens generate a descriptive error message along with a red X icon and red token text. When all tokens resolve as valid (green text without an X icon), you can click OK to save the changes.