When used with
CREATE USER, these clauses specify the initial locking state for a new account. In the absence of either clause, the account is created in an unlocked state.
When used with
ALTER USER, these clauses specify the new locking state for an existing account. In the absence of either clause, the account locking state remains unchanged.
Account locking state is recorded in the
account_locked column of the
mysql.user table. The output from
SHOW CREATE USER indicates whether
an account is locked or unlocked.
If a client attempts to connect to a locked account, the attempt
fails. The server increments the
Locked_connects status variable
that indicates the number of attempts to connect to a locked
account, returns an
and writes a message to the error log:
Access denied for user '
host_name'. Account is locked.
Locking an account does not affect being able to connect using a
proxy user that assumes the identity of the locked account. It
also does not affect the ability to execute stored programs or
views that have a
DEFINER clause naming the
locked account. That is, the ability to use a proxied account or
stored programs or views is not affected by locking the account.
The account-locking capability depends on the presence of the
account_locked column in the
mysql.user table. For upgrades to MySQL 5.7.6
and later from older versions, run
mysql_upgrade to ensure that this column
exists. For nonupgraded installations that have no
account_locked column, the server treats all
accounts as unlocked, and using the
ACCOUNT UNLOCK clauses
produces an error.