Document the utility user feature

Registered by Alexey Kopytov

Blueprint information

Hrvoje Matijakovic
Series goal:
Accepted for 5.5
Milestone target:
milestone icon 5.5.27-28.0
Started by
Hrvoje Matijakovic
Completed by
Hrvoje Matijakovic


Commit comment:

    In order to have the ability for a special type of MySQL user, which will
    have a very limited and special amount of control over the system and can
    not be see or modified by any other user including the root user, the
    following three new options have been added:
      - utility_user=<user@host> : specifies the user which the system will
        create and recognize as the utility user. The host in the utility user
        specification follows conventions described in, i.e.
        it allows wildcards and IP masks. Anonymous user names are not
        permitted to be used for the utility user name.

        This user must not be an exact match to any other user that exists in
        the mysql.user table. If the server detects that the user specified
        with this option exactly matches any user within the mysql.user table
        on start up, the server will report an error and shut down gracefully. If
        host name wildcards are used and a more specific user specification is
        identified on start up, the server will report a warning and continue.
        Ex: --utility_user=frank@% and frank@localhost exists within the
        mysql.user table.

        If a client attempts to create a MySQL user that matches this user
        specification exactly or if host name wildcards are used for the utility
        user and the user being created has the same name and a more specific
        host, the creation attempt will fail with an error.
        Ex: --utility_user=frank@% and CREATE USER 'frank'@'localhost';

        As a result of these requirements, it is strongly recommended that a
        very unique user name and reasonably specific host be used and that any
        script or tools test that they are running within the correct user by
        executing 'SELECT CURRENT_USER()' and comparing the result against the
        known utility user.

      - utility_user_password=<password> : specifies the password for the
        utility user and MUST be specified or the server will shut down
        gracefully with an error.

      - utility_user_schema_access=<schema>,<schema>,<schema> : specifies the
        name(s) of the schema(s) that the utility user will have access to read
        write and modify. If a particular schema named here does not exist on
        start up it will be ignored. If a schema by the name of any of those
        listed in this option is created after the server is started, the
        utility user will have full access to it.

    This user has a mixed and special scope of abilities and protection:
      - Utility user will not appear in the mysql.user table and can not be
        modified by any other user, including root.

      - Utility user will not appear in USER_STATISTICS, CLIENT_STATISTICS or

      - Utility users queries may appear in the general and slow logs.

      - Utility user must not have the ability create, modify, delete or see
        any schemas or data not specified (except for information_schema).

      - Utility user may modify all visible, non-read only system variables
        (see enhanced_options_modifiers functionality).

      - Utility user may see, create, modify and delete other system users only
        if given access to the mysql schema.

      - Regular users may be granted proxy rights to the utility user but any
        attempt to impersonate the utility user will fail. The utility user
        may not be granted proxy rights on any regular user.
        Ex: GRANT PROXY ON utility_user TO regular_user; will not fail, but any
        actual attempt to impersonate as the utility user will fail.
        GRANT PROXY ON regular_user TO utility_user; will fail when
        utility_user is an exact match or is more specific than than the
        utility user specified.

    When the server starts, it will note in the log output that the utility
    user exists and the schemas that it has access to.


Work Items

This blueprint contains Public information 
Everyone can see this information.