Modify the user rights that have been granted.
We know:
Grant is an authorization command, or permission modification action can be made after authorization
Attention
When modifying permissions, you can use identified by password to keep the previous password unchanged!
Generally we grant authorization, use Identitied by, followed by the plaintext password, generated in the Mysql.user table query account information displayed is the cipher password
But grant authorization, you can also add password after identified by, so that the password is set after the cipher
Sometimes, by the developers to generate their own ciphertext password, that is, they are now on their own test machine to create a password, query to the ciphertext password, and then the cipher to our operations personnel for grant authorization,
This gives them the authorization of the password only they know, our OPS personnel also do not know.
Revoke is the Reclaim permission command (All/or partial permissions can be reclaimed)
Flush privileges is the Refresh permissions table
Show grants is viewing root user rights
Show grants for [email protected] ' IP ' view normal user rights
Reclaim partial permissions with revoke
Reclaim All permissions except Select
Usage is the default initial state, which means no permissions!!
Mysql> Show grants for [email protected] ' 61.148.60.42 ';
+-------------------------------------------------------------------------------------------------------------- -----------+
| Grants for [email protected] |
+-------------------------------------------------------------------------------------------------------------- -----------+
| GRANT USAGE on *. xqshijie_test ' @ ' 61.148.60.42 ' identified by PASSWORD ' *6de35f444d5e33c31295a5d891098cd40229d9d9 ' |
| GRANT SELECT, INSERT, UPDATE, DELETE on ' zh_o2o_db '. * to ' xqshijie_test ' @ ' 61.148.60.42 ' |
+-------------------------------------------------------------------------------------------------------------- -----------+
2 rows in Set (0.00 sec)
Mysql> REVOKE INSERT, UPDATE, DELETE on ' zh_o2o_db '. * from ' xqshijie_test ' @ ' 61.148.60.42 ';
Query OK, 0 rows Affected (0.00 sec)
Under this, only select query permission is left!!!
Mysql> Show grants for [email protected] ' 61.148.60.42 ';
+-------------------------------------------------------------------------------------------------------------- -----------+
| Grants for [email protected] |
+-------------------------------------------------------------------------------------------------------------- -----------+
| GRANT USAGE on *. xqshijie_test ' @ ' 61.148.60.42 ' identified by PASSWORD ' *6de35f444d5e33c31295a5d891098cd40229d9d9 ' |
| GRANT SELECT on ' zh_o2o_db '. * to ' xqshijie_test ' @ ' 61.148.60.42 ' |
+-------------------------------------------------------------------------------------------------------------- -----------+
2 rows in Set (0.00 sec)
You can also use grant to modify permissions, and the modified permission overrides the previous permissions directly
When you modify permissions, you can use the ciphertext you view directly.
as follows, add the update database permissions, and the permissions are overwritten before you add them!
Mysql> show grants for [email protected] ' 124.65.197.154 ';
+---------------------------------------------------------------------------------------------------------- -----------------+
| Grants for [email protected] |
+---------------------------------------------------------------------------------------------------------- -----------------+
| GRANT USAGE on *. xqshijie_test ' @ ' 124.65.197.154 ' identified by PASSWORD ' * 6de35f444d5e33c31295a5d891098cd40229d9d9 ' |
| GRANT SELECT on ' fanghu_db '. * to ' xqshijie_test ' @ ' 124.65.197.154 ' |
| GRANT SELECT on ' xqsj_db '. * to ' xqshijie_test ' @ ' 124.65.197.154 ' |
| GRANT SELECT ' zh_o2o_db '. * to ' xqshijie_test ' @ ' 124.65.197.154 ' |
+---------------------------------------------------------------------------------------------------------- -----------------+
4 rows in Set (0.00 sec)
Mysql> GRANT select,update on fanghu_db.* to [email protected] ' 124.65.197.154 ' identified by PASSWORD ' * 6de35f444d5e33c31295a5d891098cd40229d9d9 ';
mysql> GRANT select,update on xqsj_db.* to [email protected] ' 124.65.197.154 ' identified by PASSWORD ' * 6de35f444d5e33c31295a5d891098cd40229d9d9 ';
mysql> GRANT select,update on zh_o2o_db.* to [email protected] ' 124.65.197.154 ' identified by PASSWORD ' * 6de35f444d5e33c31295a5d891098cd40229d9d9 ';
mysql> FLUSH privileges;
Mysql> Show grants for [email protected] ' 124.65.197.154 ';
+-------------------------------------------------------------------------------------------------------------- -------------+
| Grants for [email protected] |
+-------------------------------------------------------------------------------------------------------------- -------------+
| GRANT USAGE on *. xqshijie_test ' @ ' 124.65.197.154 ' identified by PASSWORD ' * 6de35f444d5e33c31295a5d891098cd40229d9d9 ' |
| GRANT select,update on ' fanghu_db '. * to ' xqshijie_test ' @ ' 124.65.197.154 ' |
| GRANT select,update on ' xqsj_db '. * to ' xqshijie_test ' @ ' 124.65.197.154 ' |
| GRANT select,update ' zh_o2o_db '. * to ' xqshijie_test ' @ ' 124.65.197.154 ' |
+-------------------------------------------------------------------------------------------------------------- -------------+
4 rows in Set (0.00 sec)
MySQL modifies the granted permissions