The simple format that MySQL gives to user rights commands can be summarized as:
Grant permissions on database object to user
A grant general data user, the right to query, insert, UPDATE, delete all table data in the database.
Grant Select on testdb.* to [email protected] '% '
Grant insert on testdb.* to [email protected] '% '
Grant update on testdb.* to [email protected] '% '
Grant Delete on testdb.* to [email protected] '% '
Or:
Grant SELECT, INSERT, UPDATE, delete on testdb.* to [email protected] '% '
II. Grant Database Developer, creating tables, indexes, views, stored procedures, functions ... and other permissions.
Grant creates, modifies, and deletes MySQL data table structure permissions.
Grant create on testdb.* to [email protected] ' 192.168.0.% ';
Grant ALTER on testdb.* to [email protected] ' 192.168.0.% ';
Grant drop on testdb.* to [email protected] ' 192.168.0.% ';
Grant operates MySQL foreign key permissions.
Grant references on testdb.* to [email protected] ' 192.168.0.% ';
Grant operates MySQL temp table permissions.
Grant create temporary tables on testdb.* to [email protected] ' 192.168.0.% ';
Grant operates MySQL index permissions.
Grant index on testdb.* to [email protected] ' 192.168.0.% ';
Grant operates the MySQL view, viewing the view source code permissions.
Grant CREATE view on testdb.* to [email protected] ' 192.168.0.% ';
Grant Show view on testdb.* to [email protected] ' 192.168.0.% ';
Grant operates MySQL stored procedures, function permissions.
Grant create routine on testdb.* to [email protected] ' 192.168.0.% '; --now, can show procedure status
Grant alter routine on TESTDB.* to [email protected] ' 192.168.0.% '; --now, can drop a procedure
Grant execute on testdb.* to [email protected] ' 192.168.0.% ';
Grant General DBA manages permissions for a MySQL database.
Grant all privileges on TestDB to [email protected] ' localhost '
Where the keyword "privileges" can be omitted.
Grant Advanced DBA manages permissions for all databases in MySQL.
Grant all on * * to [email protected] ' localhost '
MySQL grant permissions can be used on multiple levels, respectively.
1. Grant acts on the entire MySQL server :
Grant SELECT On *. * to [email protected]; --DBAs can query tables in all databases in MySQL.
Grant all on * * to [email protected]; --DBA can manage all databases in MySQL
2. Grant acts on a single database:
Grant Select on testdb.* to [email protected]; --DBAs can query the tables in TestDB.
3. Grant acts on a single data table:
Grant SELECT, INSERT, UPDATE, delete on testdb.orders to [email protected];
Here, you can execute the above statement multiple times when you grant multiple tables to a user. For example:
Grant Select (user_id,username) on smp.users to [e-mail protected] '% ' identified by ' 123345 ';
Grant Select on smp.mo_sms to [email protected] '% ' identified by ' 123345 ';
4. Grant acts on the columns in the table:
Grant Select (ID, SE, rank) on TestDB. Apache_log to [email protected];
5. Grant acts on stored procedures, functions:
Grant execute on procedure testdb.pr_add to ' dba ' @ ' localhost '
Grant execute on function testdb.fn_add to ' dba ' @ ' localhost '
Vi. Viewing MySQL user rights
To view the current user (own) permissions:
Show grants;
To view additional MySQL user rights:
Show grants for [email protected];
Vii. revoke permissions that have been given to MySQL users.
Revoke is similar to Grant's syntax, just replace the keyword "to" with "from":
Grant all on * * to [email protected];
Revoke all on * * from [email protected];
VIII, MySQL GRANT, REVOKE user rights considerations
1,grant , revoke user rights, the user can only reconnect to the MySQL database, the permissions to take effect.
2, if you want to allow authorized users, you can also grant these permissions to other users, you need the option "Grant option"
grant Select on testdb.* to [email protected] with GRANT option;
encountered a SELECT command denied to user ' username ' @ ' hostname ' for table ' name ' This error, The workaround is to authorize the following table name, that is, to authorize the core database.
I encountered a SELECT command denied to user ' my ' @ '% ' for table ' proc ', which occurs when the stored procedure is called, I thought it was OK to authorize the specified database.
mysql authorization Table Total 5 tables: User, DB, host, Tables_ Priv and Columns_priv.
Purpose of Authorization form:
User table
The user table lists the users and their passwords that can connect to the server, and it specifies what global (superuser) permissions they have. Any permissions that are enabled on the user table are global permissions and apply to all databases. For example, if you have delete permission enabled, the users listed here can delete records from any table, so think carefully before you do so.
DB table
The DB table lists the databases, and the user has permission to access them. The permissions specified here apply to all tables in a database.
Host table
The host table is used in conjunction with the DB table to control access to the database for a particular host at a better level, which may be better than using DB alone.
This table is not affected by the grant and REVOKE statements, so you may find that you are not using it at all.
Tables_priv table
The Tables_priv table specifies table-level permissions, and one of the permissions specified here applies to all columns of a table.
Columns_priv table
The COLUMNS_PRIV table specifies column-level permissions. The permissions specified here apply to a specific column of a table.
MySQL Grant user rights settings