Azure DMS – MySQL Migrate User Accounts and Privileges Now in Preview
We are pleased to announce the preview of MySQL Server - Migrate User Accounts and Privileges in Azure Database Migration Service. With this new feature, businesses will now be able to migrate a subset of the data in the ‘mysql’ system database from the source to the target for both offline and online migration scenarios. Preview support only allows for Azure Database for MySQL – Single Server as the source, this feature will not be available when running migrations with on-premises or other cloud providers as the source server.
To enable this new feature, the checkbox shown in the image above, and any corresponding databases that have related grants must be selected for migration. When enabled, we will migrate a subset of the tables in the ‘mysql’ system database depending on the version of your source. The tables we migrate for all versions are: user, db, tables_priv, columns_priv, and procs_priv. For 8.0 sources we will also migrate the following tables: role_edges, default_roles, and global_grants.
The progress and overall migration summary can be viewed in the Initial Load tab, as shown in the image below. On the migration summary blade, users can click into the ‘mysql’ system database to review the results of migrating server level objects, like users and grants.
Database specific grants can be viewed by clicking into the other databases, as shown in the image below.
Limitations:
- Preview support only allows for Azure Database for MySQL - Single Server source types in DMS. This feature will not be available when running migrations with on-premises or other cloud providers as the source server.
- We can only migrate server dynamic grants that are supported by Azure Database for MySQL – Single Server.
- Only users configured with the mysql_native_password authentication plug-in will be migrated to the target server. Users relying on other plug-ins are not supported.
- Preview will not migrate the account_locked field from the user table. If the account is locked on the source server, it will not be locked on the target server after migration.
- We do not migrate proxies_priv grant table.
- We currently do not migrate password_expired field from user table.
- We currently do not migrate password_history grant table.
- Migration of global_grants table will only migrate the following grants: xa_recover_admin, role_admin.
Additional Resources:
- For further information on grant tables see MySQL 8.0 Reference Manual – Grant Tables.