How to implement user governance in MySQL

MySQL has an advanced but non-standard security/authorization system. grasping its authorization mechanism is the first step that must be taken to control the MySQL database. for a person familiar with the basic control of SQL, mySQL is also an advanced but non-standard security/authorization system that is hard to understand, grasping its authorization mechanism is the first step that must be taken to control the MySQL database. for a person familiar with the basic control of SQL, it is also a difficult part of all the knowledge of MySQL. This article explores the operating mechanism of its authorization system, hoping that you can better control and apply this excellent database system.

This article mainly references part of chapter 6 of the application manual attached to MySQL installation. If you have any questions, please contact me (lidong@wh.027.net)

1. what is the important role of the authorization mechanism?

The basic role of the authorization mechanism is to grant the user on a host the select, insert, update, and detete permissions on a database. The additional functions include whether to promise anonymous application databases and apply some specific functions of MysQL, such as load data infile. Note that the username in MySQL has nothing to do with the username in Unix. Although many client programs promise that you can log on with the current user name, the most standard approach is to use the -- user option.
　
2. how does the authorization mechanism work?

In MySQL, the combination of hosts and users is considered as a unique tag. For example, the user lee on host 1 and host 2 is actually different, and their permissions on MySQL applications can also be different. The core title of all authorization mechanisms is to grant the application permissions of a user logging on to a database from a host. You can use the script mysqlaccess to test the database control permissions of users on a host. All authorization information is stored in the user, host, and db tables of the database mysql. We can connect to this database through mysql instructions, and display the content in each data table through select * from user (or db, host. The permissions granted in the user table are the basic authorization of all authorization mechanisms. that is to say, the definitions in the user table are practical for any user host, unless otherwise defined in the db table, for users, it is best to authorize a database. The important goal of the host table is to protect a list of "secure" servers. When considering the permissions of a user/host on a database, we also need to study the matching search mechanism of the authorization mechanism:

Second, you can encrypt a user's password in the authorization mechanism, and the password must be encrypted. the encryption method is password ('password'). If you enter the password directly, the database cannot be accessed. The permissions granted in the user table are the basic authorization of all authorization mechanisms. that is to say, the definitions in the user table are practical for any user host, unless otherwise defined in the db table, for users, it is best to authorize a database. The important goal of the host table is to protect a list of "secure" servers. When considering the permissions of a user/host on a database, we also need to study
The following is the matching search mechanism of the authorization mechanism:

First, let's take a look at the concept of a unified character. the unified character includes "%" and its intention is arbitrary (host, user, or database). If a record is empty, it also represents any meaning. Second, you can encrypt a user's password in the authorization mechanism, and the password must be encrypted. the encryption method is password ('password'). If you enter the password directly, the database cannot be accessed.