General Availability: Azure DMS – Migrate MySQL user accounts and privileges
Published Aug 16 2023 11:50 AM 3,255 Views
Microsoft

We're pleased to announce General Availability of MySQL Server - Migrate User Accounts and Privileges in Azure Database Migration Service. With this new feature, businesses can now migrate a subset of the data in the ‘mysql’ system database from the source to the target for both offline and online migration scenarios. This feature currently supports Azure Database for MySQL – Single Server, on-premises servers, and instances with other cloud providers as the source types when running migrations.

 

Enabling the feature

To enable this feature, you must select the Migrate user accounts and privileges checkbox (shown in the following above), and then any corresponding databases that have related grants.

 

karlaescobar_0-1692158831228.png

 

When enabled, this feature will migrate a subset of the tables in the ‘mysql’ system database depending on the version of your source. For all versions, the following tables will be migrated: user, db, tables_priv, columns_priv, and procs_priv. For 8.0 sources, the following tables are also migrated: role_edges, default_roles, and global_grants.

 

The progress and overall migration summary can be viewed on the Initial Load tab, as shown in the image below. On the migration summary blade, users can click into the ‘mysql’ system database to review the results of migrating server-level objects, like users and grants.

 

karlaescobar_1-1692158910390.png

 

Database specific grants can be viewed by clicking into the other databases, as shown in the image below.

 

karlaescobar_2-1692158989397.png

 

Limitations

When using this feature, keep the following limitations in mind.

  • Only users configured with the mysql_native_password, caching_sha2_password, and sha256_password authentication plug-ins will be migrated to the target server. Users relying on other plug-ins such as AAD Authentication are not supported.
  • The account_locked field from the user table will not be migrated. If the account is locked on the source server and not a role, it will not be locked on the target server after migration.
  • The proxies_priv grant table is not migrated.
  • Currently, the password_expired field from user table is not migrated.
  • Currently, the password_history grant table is not migrated.
  • The global_grants table will only be migrated with the following grants: xa_recover_adminrole_admin. Only migrate server dynamic grants that are supported by Azure Database for MySQL – Single Server can be migrated.

Note: For more information about unsupported/supported grants in Azure Database for MySQL - Flexible Server, see the article Limitations - Azure Database for MySQL - Flexible Server.

 

Additional resources

 

If you have any feedback or questions about the information provided above, please leave a comment below or email us at AskAzureDBforMySQL@service.microsoft.com. Thank you!

Version history
Last update:
‎Aug 25 2023 02:57 PM
Updated by: