Add new user with GRANT statement in MySQL database

Source: Internet
Author: User
Tags flush connect mysql mysql client mysql version versions mysql database

There are 2 different ways to add users: by using the grant statement or by directly manipulating the MySQL authorization table. The better approach is to use the GRANT statement because they are more concise and seem to have fewer errors.

The following example shows how to install a new user using a MySQL client. These examples assume that permissions have been installed by default. This means that in order to change, you have to be in MySQL running on the same machine, you must be connected as a MySQL root user, and the root user must have Insert permissions and reload administrative privileges on the MySQL database. In addition, if you change the root password, you must specify it as the MySQL command below.

You can add a new user by issuing a GRANT statement:

shell> mysql --user=root mysql
mysql> GRANT ALL PRIVILEGES ON *.* TO monty@localhost
   IDENTIFIED BY 'something' WITH GRANT OPTION;
mysql> GRANT ALL PRIVILEGES ON *.* TO monty@"%"
   IDENTIFIED BY 'something' WITH GRANT OPTION;
mysql> GRANT RELOAD,PROCESS ON *.* TO admin@localhost;
mysql> GRANT USAGE ON *.* TO dummy@localhost;

These grant statements install 3 new users:

Monty: A complete superuser who can connect to a server from anywhere, but must use a password (' Something ' to do this.) Note that we must issue a grant statement to Monty@localhost and monty@ "%". If we add a localhost entry, an entry created by mysql_install_db for the localhost anonymous user entry when we connect from the local host is preferred, because it has a more specific host field value, so it's an earlier arrival in the user table order.

Admin: Users who can connect from localhost without a password and are granted reload and process management privileges. This allows the user to perform mysqladmin reload, mysqladmin refresh and mysqladmin flush-* commands, as well as Mysqladmin processlist. No permissions are granted to the database. They can authorize it later by issuing another grant statement.

Dummy: A user can connect without a password, but only from the local host. Global permissions are set to ' N '--usage permission type allows you to set a user without permission. It assumes that you will grant database-related permissions at a later time.

You can also add the same user access information directly by issuing an INSERT statement, and then tell the server to reload the authorization table again:

shell> mysql --user=root mysql
mysql> INSERT INTO user VALUES('localhost','monty',PASSWORD('something'),
    'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')
mysql> INSERT INTO user VALUES('%','monty',PASSWORD('something'),
    'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')
mysql> INSERT INTO user SET Host='localhost',User='admin',
     Reload_priv='Y', Process_priv='Y';
mysql> INSERT INTO user (Host,User,Password)
      VALUES('localhost','dummy','');
mysql> FLUSH PRIVILEGES;

Depending on your MySQL version, for the above, you may have to use a different number of ' Y ' values (there are fewer rights columns in previous versions of 3.22.11). For admin users, the syntax for only more readable insert extensions with versions that start with 3.22.11.

Note that in order to set up a superuser, you simply create a user table entry with the permission field set to ' Y '. No entries for DB or host tables are required.

The permission columns in the user table are not explicitly set by the last INSERT statement (to the dummy user), so those columns are given the default value ' N '. This is the same thing that grant usage did.

The following example adds a user custom, who can connect localhost, server.domain, and whitehouse.gov from the host. He only wants to access the BankAccount database from the localhost, access the expenses database from whitehouse.gov, and access the customer database from all 3 hosts. He wants to use the password stupid from all 3 hosts.

To use the GRANT statement to set permissions for a user, run these commands:

shell> mysql --user=root mysql
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
   ON bankaccount.*
   TO custom@localhost
   IDENTIFIED BY 'stupid';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
   ON expenses.*
   TO custom@whitehouse.gov
   IDENTIFIED BY 'stupid';
mysql> GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP
   ON customer.*
   TO custom@'%'
   IDENTIFIED BY 'stupid';

Set user permissions by directly modifying the authorization table to run these commands (note that flush privileges at the end):

shell> mysql--user=root mysql
mysql> INSERT into User (Host,user,password)
VALUES (' localhost ', ' Custom ', PASSWORD (' stupid '));
mysql> INSERT into User (Host,user,password)
VALUES (' Server.domain ', ' Custom ', Password (' stupid '));
Mysql> INSERT into User (Host,user,password)
VALUES (' whitehouse.gov ', ' Custom ', Password (' stupid '));
Mysql> INSERT into DB
(Host,db,user,select_priv,insert_priv,update_priv,delete_priv,
Create_priv,drop_ PRIV)
VALUES
(' localhost ', ' bankaccount ', ' Custom ', ' y ', ' y ', ' y ', ' y ', ' y ', ' y ');
Mysql> INSERT into DB
(Host,db,user,select_priv,insert_priv,update_priv,delete_priv,
Create_priv,drop_ PRIV)
VALUES
(' whitehouse.gov ', ' expenses ', ' custom ', ' y ', ' y ', ' y ', ' y ', ' y ', ' y ');
Mysql> INSERT into DB
(Host,db,user,select_priv,insert_priv,update_priv,delete_priv,
Create_priv,drop_ Priv
VALUES ('% ', ' customer ', ' Custom ', ' y ', ' y ', ' y ', ' y ', ' y ', ' y ');
mysql> FLUSH privileges;
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.