We're pleased to announce General Availability of MySQL Server - Migrate User Accounts and Privileges in Azure Database Migration Service. With this new feature, businesses can now migrate a subset of the data in the ‘mysql’ system database from the source to the target for both offline and online migration scenarios. This feature currently supports Azure Database for MySQL – Single Server, on-premises servers, and instances with other cloud providers as the source types when running migrations.
Enabling the feature
To enable this feature, you must select the Migrate user accounts and privileges checkbox (shown in the following above), and then any corresponding databases that have related grants.
When enabled, this feature will migrate a subset of the tables in the ‘mysql’ system database depending on the version of your source. For all versions, the following tables will be migrated: user, db, tables_priv, columns_priv, and procs_priv. For 8.0 sources, the following tables are also migrated: role_edges, default_roles, and global_grants.
The progress and overall migration summary can be viewed on the Initial Load tab, as shown in the image below. On the migration summary blade, users can click into the ‘mysql’ system database to review the results of migrating server-level objects, like users and grants.
Database specific grants can be viewed by clicking into the other databases, as shown in the image below.
Limitations
When using this feature, keep the following limitations in mind.
- Only users configured with the mysql_native_password, caching_sha2_password, and sha256_password authentication plug-ins will be migrated to the target server. Users relying on other plug-ins such as AAD Authentication are not supported.
- The account_locked field from the user table will not be migrated. If the account is locked on the source server and not a role, it will not be locked on the target server after migration.
- The proxies_priv grant table is not migrated.
- Currently, the password_expired field from user table is not migrated.
- Currently, the password_history grant table is not migrated.
- The global_grants table will only be migrated with the following grants: xa_recover_admin, role_admin. Only migrate server dynamic grants that are supported by Azure Database for MySQL – Single Server can be migrated.
Note: For more information about unsupported/supported grants in Azure Database for MySQL - Flexible Server, see the article Limitations - Azure Database for MySQL - Flexible Server.
Additional resources
- For more information about grant tables in general, see MySQL 8.0 Reference Manual – Grant Tables.
-
For step-by-step guidance about migrating external MySQL instances (on-premises or other cloud providers) to Azure for MySQL - Flexible Server, see Migrate from MySQL to Azure Database for MySQL - Flexible Server online using DMS via the Azure port....
-
For details about how to set up a custom role for migrations from MySQL to Azure Database for MySQL using DMS, see Custom roles for MySQL to Azure Database for MySQL migrations using Database Migration Service.
If you have any feedback or questions about the information provided above, please leave a comment below or email us at AskAzureDBforMySQL@service.microsoft.com. Thank you!
