MySQL Authorization (grant)

Source: Internet
Author: User
Tags mysql index mysql view

Transferred from: http://chenling1018.blog.163.com/blog/static/14802542010320112355598/

The MySQL permissions system revolves around two concepts:

Authentication, determining whether a user is allowed to connect to a database server

Authorization, determines whether the user has sufficient permissions to execute the query request, and so on.

If the authentication is unsuccessful, then the authorization must not be carried out.

Revoke is similar to Grant's syntax, just to replace the keyword "to" with "from"

Table grant and REVOKE administration permissions

Permissions

Describe

All privileges

Affects all permissions except with GRANT option

Alter

affect the use of the ALTER TABLE command

ALTER ROUTINE

Affects the ability to create stored routines

CREATE

affect the use of the CREATE TABLE command

CREATE ROUTINE

Ability to influence change and discard stored routines

CREATE Temporary TABLES

affect the use of the Create temporary table command

CREATE USER

Ability to create, discard, rename, and revoke user permissions

CREATE VIEW

affect the use of the CREATE VIEW command

DELETE

affect the use of the Delete command

DROP

affect the use of the drop TABLE command

EXECUTE

Ability to affect user run stored procedures

EVENT

Ability to influence execution events (starting with MySQL5.1.6)

FILE

Affects the use of SELECT INTO outfile and load DATA infile

GRANT OPTION

Ability to influence user delegated permissions

INDEX

affect the use of the CREATE INDEX and DROP INDEX commands

INSERT

affect the use of the Insert command

LOCK TABLES

affect the use of the lock Tables command

PROCESS

affect the use of the show Processlist command

REFERENCES

Placeholders for future MySQL features

RELOAD

affect the use of the flush command set

REPLICATION CLIENT

Ability to influence user queries from server and home server locations

Continued

Permissions

Describe

REPLICATION SLAVE

Permissions required to replicate from the server

SELECT

affect the use of the Select command

SHOW DATABASES

affect the use of the show Databases command

SHOW VIEW

affect the use of the show CREATE view command

SHUTDOWN

Affects the use of SHUTDOWN commands

SUPER

Affects the use of administrator-level commands such as change, master, KILL thread, mysqladmin debug, PURGE MASTER logs, and set GLOBAL

TRIGGER

Ability to influence execution of triggers (starting from MySQL5.1.6)

UPDATE

affect the use of the update command

USAGE

Connect only, do not grant permissions

1>. Change the table method. Your account is not allowed to log on from a remote MySQL server, only on localhost.

Workaround:

On the computer at localhost, after logging in to MySQL, change the "host" entry in the "User" table in the "MySQL" Database, and rename "%" from "localhost".

(1). mysql-u root-pvmwaremysql>use MySQL;

(2). mysql>update User Set host = '% ' where user = ' root ';

(3). Mysql>select host, user from user;

2>. Authorization law. For example, if you want to myuser use MyPassword to connect to a MySQL server from any host.

(1). Grant all privileges on *. myuser ' @ '% ' identified by ' MyPassword ' with GRANT OPTION;

(2). FLUSH privileges;

If you want to allow users to connect to the MySQL server from a host myuser IP 192.168.1.6 and use MyPassword as the password

(1). Grant all privileges on *. myuser ' @ ' 192.168.1.3 ' identified by ' MyPassword ' with GRANT OPTION;

(2). FLUSH privileges;

If you want to allow users to connect to the MySQL server's DK database myuser from the IP-192.168.1.6 host, and use MyPassword as the password

(1). Grant all privileges the dk.* to ' myuser ' @ ' 192.168.1.3 ' identified by ' MyPassword ' with GRANT OPTION;

(3). FLUSH privileges;

Note: You must flush privileges after authorization, otherwise it will not take effect immediately.

Another method:

3> run on the machine where MySQL is installed:

1. d:\mysql\bin\>mysql-h Localhost-u Root

This should allow access to the MySQL server

2, Mysql>grant all privileges on * * to ' root ' @ '% ' with GRANT OPTION

Give any host access to data

3, Mysql>flush privileges

Changes take effect

4, Mysql>exit

Log out of MySQL server

This will allow you to log in as root on any other host!

4> View MySQL user Rights

To view the current user (own) permissions:

Show grants;

To view additional MySQL user rights:

Show grants for [email protected];

5>. Revoke the permissions that have been given to the MySQL user.

Revoke is similar to Grant's syntax, just replace the keyword "to" with "from":

Grant all on * * to [email protected];

Revoke all on * * from [email protected];

6>. MySQL Grant, REVOKE user rights considerations

1. Grant, after revoke user rights, the user has to reconnect to the MySQL database for the permission to take effect.

2. If you want to allow authorized users, you can also grant these permissions to other users, you need the option "grant option"

Grant Select on testdb.* to [e-mail protected] with GRANT option;

This feature is generally not available. In practice, database permissions are best managed centrally by DBAs.

7>. User and Rights Management commands:

Create User: For creating a new account (which starts with the 5.0 version), no permissions are assigned when the user is created,

You need to assign the appropriate permissions to the change user after creation through the grant command.

eg:create user [email protected] identified by ' 123456 ';

Grant Select on mydb.* to [email protected];

Drop User: Delete a Subscriber account (note that only accounts without any permissions can be deleted before the 4.1.1 version, and any accounts may be deleted after 5.0.2)

Eg:drop user Guest;

Rename User: Can be implemented to rename a Subscriber account.

Grant: Used to administer access, that is, to authorize user accounts. Of course it can also create a new user account.

Eg:grant Select, INSERT, UPDATE, delete on new_db.* to [email protected] '% ' identified by ' 88888888 ';

Grant permissions on the database. Table to user @ Access mode identified by password

Grant Select on mydb.* to [e-mail protected] identified by ' 123456 ';

BTW: If you need a blank password or a password-free account, you must first use the Create User command, and then

Grant to assign permissions. If you do the following:

Grant all privileges the mydb.* to [email protected] '% '; The database user table is not created first visitor

User, a 1133 error will occur "can ' t find any matching row in the user table". Grant can only create

An account with a password.

Revoke: Delete an account and see the MySQL documentation for details.

8>.mysql can give you a user grant one or more of the permissions, such as Select,insert,update,delete, mainly using the grant command, the usage format is:

Grant permissions on database object to user

Grant normal data user, the right to query, insert, UPDATE, delete all table data in the database.

Grant Select on testdb.* to [email protected] '% '

Grant insert on testdb.* to [email protected] '% '

Grant update on testdb.* to [email protected] '% '

Grant Delete on testdb.* to [email protected] '% '

Alternatively, replace it with a MySQL command:

Grant SELECT, INSERT, UPDATE, delete on testdb.* to [email protected] '% '

9>.grant database developers, creating tables, indexes, views, stored procedures, functions ... and other permissions.

Grant creates, modifies, and deletes MySQL data table structure permissions.

Grant create on testdb.* to [email protected] ' 192.168.0.% ';

Grant ALTER on testdb.* to [email protected] ' 192.168.0.% ';

Grant drop on testdb.* to [email protected] ' 192.168.0.% ';

Grant operates MySQL foreign key permissions.

Grant references on testdb.* to [email protected] ' 192.168.0.% ';

Grant operates MySQL temp table permissions.

Grant create temporary tables on testdb.* to [email protected] ' 192.168.0.% ';

Grant operates MySQL index permissions.

Grant index on testdb.* to [email protected] ' 192.168.0.% ';

Grant operates the MySQL view, viewing the view source code permissions.

Grant CREATE view on testdb.* to [email protected] ' 192.168.0.% ';

Grant Show view on testdb.* to [email protected] ' 192.168.0.% ';

Grant operates MySQL stored procedures, function permissions.

Grant create routine on testdb.* to [email protected] ' 192.168.0.% '; --now, can show procedure status

Grant alter routine on TESTDB.* to [email protected] ' 192.168.0.% '; --now, can drop a procedure

Grant execute on testdb.* to [email protected] ' 192.168.0.% ';

10>.grant the normal DBA to manage permissions for a MySQL database.

Grant all privileges on TestDB to [email protected] ' localhost '

Where the keyword "privileges" can be omitted.

The 11>.grant advanced DBA manages permissions for all databases in MySQL.

Grant all on * * to [email protected] ' localhost '

12>. MySQL grant permissions can be used on multiple levels, respectively.

1. Grant acts on the entire MySQL server:

Grant SELECT On *. * to [email protected]; --DBAs can query tables in all databases in MySQL.

Grant all on * * to [email protected]; --DBA can manage all databases in MySQL

2. Grant acts on a single database:

Grant Select on testdb.* to [email protected]; --DBAs can query the tables in TestDB.

3. Grant acts on a single data table:

Grant SELECT, INSERT, UPDATE, delete on testdb.orders to [email protected];

4. Grant acts on the columns in the table:

Grant Select (ID, SE, rank) on testdb.apache_log to [email protected];

5. Grant acts on stored procedures, functions:

Grant execute on procedure testdb.pr_add to ' dba ' @ ' localhost '

Grant execute on function testdb.fn_add to ' dba ' @ ' localhost '

Note: Be sure to refresh the service after modifying the permissions, or restart the service, refresh the service by: Flush privileges.

MySQL Authorization (grant)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.