diff --git a/trove/common/apischema.py b/trove/common/apischema.py
index d66bde3b6f..baa3161fc4 100644
--- a/trove/common/apischema.py
+++ b/trove/common/apischema.py
@@ -57,7 +57,7 @@ non_empty_string = {
 
 host_string = {
     "type": "string",
-    "minLength": 0,
+    "minLength": 1,
     "pattern": "^[%]?[\w(-).]*[%]?$"
 }
 
diff --git a/trove/guestagent/manager/mysql_service.py b/trove/guestagent/manager/mysql_service.py
index 82e8f37158..078738a546 100644
--- a/trove/guestagent/manager/mysql_service.py
+++ b/trove/guestagent/manager/mysql_service.py
@@ -346,13 +346,11 @@ class MySqlAdmin(object):
                                   new_host=user_attrs.get('host'))
             t = text(str(uu))
             client.execute(t)
-            if user_attrs.get('name') is not None:
-                if user_attrs['name'] not in grantee:
-                    if user_attrs.get('host') is None:
-                        host = user.host
-                    else:
-                        host = user_attrs.get('host')
-                    self.grant_access(user_attrs['name'], host, db_access)
+            uname = user_attrs.get('name') or username
+            host = user_attrs.get('host') or hostname
+            find_user = "'%s'@'%s'" % (uname, host)
+            if find_user not in grantee:
+                self.grant_access(uname, host, db_access)
 
     def create_database(self, databases):
         """Create the list of specified databases"""
diff --git a/trove/tests/api/users.py b/trove/tests/api/users.py
index 2c7868fdca..cbdf7a9eb2 100644
--- a/trove/tests/api/users.py
+++ b/trove/tests/api/users.py
@@ -276,6 +276,23 @@ class TestUsers(object):
                       self.dbaas.users.update_attributes, instance_info.id,
                       "root", user_new)
 
+    @test()
+    def test_updateuser_emptyhost(self):
+        # Cannot update the user hostname with an empty string
+        users = []
+        username = "testuser1"
+        hostname = "192.168.0.1"
+        users.append({"name": username, "password": "password",
+                      "host": hostname, "databases": []})
+        self.dbaas.users.create(instance_info.id, users)
+        user_new = {"host": ""}
+        hostname = hostname.replace('.', '%2e')
+        assert_raises(exceptions.BadRequest,
+                      self.dbaas.users.update_attributes, instance_info.id,
+                      username, user_new, hostname)
+        assert_equal(400, self.dbaas.last_http_code)
+        self.dbaas.users.delete(instance_info.id, username, hostname=hostname)
+
     @test(depends_on=[test_create_users])
     def test_hostname_ipv4_restriction(self):
         # By default, user hostnames are required to be % or IPv4 addresses.
diff --git a/trove/tests/fakes/guestagent.py b/trove/tests/fakes/guestagent.py
index 36b7777947..51fd8945b0 100644
--- a/trove/tests/fakes/guestagent.py
+++ b/trove/tests/fakes/guestagent.py
@@ -106,13 +106,13 @@ class FakeGuest(object):
             self._create_user({
                 "_name": name,
                 "_host": host,
-                "_password": self.users[(name, host)]['password'],
+                "_password": self.users[(old_name, host)]['_password'],
                 "_databases": [],
             })
             self.grants[(name, host)] = old_grants
             del self.users[(old_name, old_host)]
         if new_password:
-            self.users[(name, host)]['password'] = new_password
+            self.users[(name, host)]['_password'] = new_password
 
     def create_database(self, databases):
         for db in databases: