This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hi,
I was previously instructed to do the following to grant a managed identify access to a db on a mysql flexible server.
az account set --subscription XXXXXXXXXXX
az account get-access-token --resource https://ossrdbms-aad.database.windows.net
mysql -h YYYYY-mysql-01.mysql.database.azure.com --user ******@email.com --enable-cleartext-plugin --password=az account get-access-token --resource-type oss-rdbms --output tsv --query accessToken
But this gives the following errors:
WARNING: option '--enable-cleartext-plugin' is obsolete.
ERROR 1045 (28000): Plugin mysql_clear_password could not be loaded: /usr/lib/mysql/plugin/mysql_clear_password.so: cannot open shared object file: No such file or directory
And without the cleartext plugin:
ERROR 1045 (28000): Plugin caching_sha2_password could not be loaded: /usr/lib/mysql/plugin/caching_sha2_password.so: cannot open shared object file: No such file or directory
SET aad_auth_validate_oids_in_tenant = OFF;
CREATE AADUSER 'myproject_db_mi' IDENTIFIED BY 'XXXXXXXX
GRANT ALL PRIVILEGES ON main_table_prod.* TO 'myproject_db_mi'@'%';
FLUSH PRIVILEGES;
What is now the recommended way to give myproject_db_mi access to main_table_prod?
Thank you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(220.8, 4%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi Jean David Ruvini •,
Welcome to Microsoft Q&A forum.
As I understand, during Grant of managed identity access to mysql flexible server you are getting errors:
For the first error ERROR 1045 (28000): Plugin mysql_clear_password could not be loaded, in MYSQL Workbench:
For ERROR 1045 (28000): Plugin caching_sha2_password could not be loaded:
You can try to change the encryption of the password like below:
ALTER USER 'yourusername'@'localhost' IDENTIFIED WITH mysql_native_password BY 'youpassword';
Let us know if this helps.Awaiting your reply.
Thanks
Hi,
Thanks @ShaktiSingh-MSFT for taking the time. MySQL workbench is not an option here as it doesn't recognize the CREATE AADUSER command (syntax error). I had to go through az command line. See az mysql flexible-server connect in my own answer below.
Cheers
Hi Jean David Ruvini •,
Thanks for the details that you are using Azure CLI.
I am checking on this and will get back to you. Thanks
Hi Jean David Ruvini •,
We haven't heard back from you. In case you already found a solution, would you please share it here with the community? Otherwise, let us know and we will continue to engage with you on the issue.
Thanks
As I said before, I found and shared a solution a week ago. See my own answer below.
Here is how I was able to connect to the server from Azure bash:
az mysql flexible-server connect -n SERVER_NAME -u ******@email.com -p COPY_PASTE_ACCESS_TOKEN --interactive
Once logged in I would able to run the CREATE AADUSER and the GRANT ALL commands.
Hi Jean David Ruvini •,
Thanks for your patience.
Please use below command to Add user asigned managed identities to the server:
az mysql flexible-server identity assign --identity --resource-group --server-name [--no-wait]
Example:
Add identities 'test-identity' and 'test-identity-2' to server 'testsvr'.
az mysql flexible-server identity assign -g testgroup -s testsvr --identity test-identity test-identity-2
Let us know if this works for your server error.
Thanks