to connect with that user account will have to be configured to connect with TLS. See Securing Connections for Client and Server for information on how to enable TLS on the client and server. Resource Limit Options ---------------------- It is possible to set per-account limits for certain server resources. The following table shows the values that can be set per account: +------------------------------------+---------------------------------------+ | Limit Type | Description | +------------------------------------+---------------------------------------+ | MAX_QUERIES_PER_HOUR | Number of statements that the | | | account can issue per hour | | | (including updates) | +------------------------------------+---------------------------------------+ | MAX_UPDATES_PER_HOUR | Number of updates (not queries) that | | | the account can issue per hour | +------------------------------------+---------------------------------------+ | MAX_CONNECTIONS_PER_HOUR | Number of connections that the | | | account can start per hour | +------------------------------------+---------------------------------------+ | MAX_USER_CONNECTIONS | Number of simultaneous connections | | | that can be accepted from the same | | | account; if it is 0, max_connections | | | will be used instead; if | | | max_connections is 0, there is no | | | limit for this account's | | | simultaneous connections. | +------------------------------------+---------------------------------------+ | MAX_STATEMENT_TIME | Timeout, in seconds, for statements | | | executed by the user. See also | | | Aborting Statements that Exceed a | | | Certain Time to Execute. | +------------------------------------+---------------------------------------+ If any of these limits are set to 0, then there is no limit for that resource for that user. Here is an example showing how to set an account's resource limits: ALTER USER 'someone'@'localhost' WITH MAX_USER_CONNECTIONS 10 MAX_QUERIES_PER_HOUR 200; The resources are tracked per account, which means 'user'@'server'; not per user name or per connection. The count can be reset for all users using FLUSH USER_RESOURCES, FLUSH PRIVILEGES or mysqladmin reload. Per account resource limits are stored in the user table, in the mysql database. Columns used for resources limits are named max_questions, max_updates, max_connections (for MAX_CONNECTIONS_PER_HOUR), and max_user_connections (for MAX_USER_CONNECTIONS). Password Expiry --------------- MariaDB starting with 10.4.3 ---------------------------- Besides automatic password expiry, as determined by default_password_lifetime, password expiry times can be set on an individual user basis, overriding the global setting, for example: ALTER USER 'monty'@'localhost' PASSWORD EXPIRE INTERVAL 120 DAY; ALTER USER 'monty'@'localhost' PASSWORD EXPIRE NEVER; ALTER USER 'monty'@'localhost' PASSWORD EXPIRE DEFAULT; See User Password Expiry for more details. Account Locking --------------- MariaDB starting with 10.4.2 ---------------------------- Account locking permits privileged administrators to lock/unlock user accounts. No new client connections will be permitted if an account is locked (existing connections are not affected). For example: ALTER USER 'marijn'@'localhost' ACCOUNT LOCK; See Account Locking for more details. From MariaDB 10.4.7 and MariaDB 10.5.8, the lock_option an~ÚhÒ