標籤:mysql授權 grant mysql使用者管理
MySQL的使用者管理
使用者帳號格式
[email protected]
查看協助
MySQL > help contents;MySQL > help account management;
650) this.width=650;" src="http://s2.51cto.com/wyfs02/M02/8B/B4/wKiom1hV1w7hVEq3AAAlPfMOAJw298.png-wh_500x0-wm_3-wmp_4-s_1211069233.png" title="1.png" alt="wKiom1hV1w7hVEq3AAAlPfMOAJw298.png-wh_50" />
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M01/8B/B0/wKioL1hV1z6jGNelAAAdlewVFPw185.png-wh_500x0-wm_3-wmp_4-s_424347469.png" title="1.png" alt="wKioL1hV1z6jGNelAAAdlewVFPw185.png-wh_50" />
帳號管理命令(此時許可權很有限)
create userdrop userrename userset password
許可權管理命令:
grantrevoke
查看建立使用者命令協助
MySQL> help create user; CREATE USER [email protected] [ IDENTIFIED BY [PASSWORD] ‘password‘ ]主機也可以使用萬用字元:[email protected]‘172.16.100.1__‘(172.16.100.100-172.16.100.199) (兩個底線)還可以使用%:[email protected]‘172.16.%.%‘ 查看使用者能夠使用的許可權:show grants for [email protected]‘hostname‘
650) this.width=650;" src="http://s1.51cto.com/wyfs02/M02/8B/B4/wKiom1hV2M2CeWcYAAA0G0maiyM571.png-wh_500x0-wm_3-wmp_4-s_1870092160.png" style="float:none;" title="1.png" alt="wKiom1hV2M2CeWcYAAA0G0maiyM571.png-wh_50" />
650) this.width=650;" src="http://s1.51cto.com/wyfs02/M02/8B/B0/wKioL1hV2M7SRYKuAAGqb2JmUqA872.png-wh_500x0-wm_3-wmp_4-s_3893565452.png" style="float:none;" title="2.png" alt="wKioL1hV2M7SRYKuAAGqb2JmUqA872.png-wh_50" />
650) this.width=650;" src="http://s1.51cto.com/wyfs02/M02/8B/B0/wKioL1hV2M6QFXuvAAAoW6lEeww615.png-wh_500x0-wm_3-wmp_4-s_4173618626.png" style="float:none;" title="3.png" alt="wKioL1hV2M6QFXuvAAAoW6lEeww615.png-wh_50" />
重新命名
MySQL > help rename user RENAME USER old_user TO new_user [, old_user TO new_user] ... mysql > RENAME USER ‘jeffrey‘@‘localhost‘ TO ‘jeff‘@‘127.0.0.1‘;
為使用者佈建密碼
MySQL > help set password; SET PASSWORD [FOR user] = { PASSWORD(‘cleartext password‘) }MySQL > set password for [email protected]‘172.16.%.%‘ = password(‘123456‘); 調用password函數
MySQL的權限類別型:
庫層級
表層級
欄位層級
管理類
程式類(預存程序,觸發器,儲存函數,時間調度器)
管理類許可權
create temporary tables 暫存資料表
create user
file 允許使用者讀或者寫某些檔案
lock tables 添加顯式鎖
process:查看使用者的線程
reload:相當於執行flush和reset
replication client 查詢有哪些複製用戶端
replication slave 賦予使用者複製許可權
show databases
shutdown
super
資料庫存取權限(庫層級和表層級)
alter:modify tables with alter tables
alter routine 修改儲存曆程
create
create routine 預存程序,儲存函數
create view
delete
drop
execute 是否能夠執行預存程序,或儲存函數
grant option 將自己的許可權複製給別的使用者
index 索引
show view
資料操作類許可權(表層級)
select
insert
update
delete
欄位層級:
select(col1,....)
update(col1,....)
insert(col1,....)
所有許可權
ALL [privileges]
查看協助
MySQL > help GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level TO user_specification [, user_specification] ... [REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}] [WITH with_option ...]object_type:(預設為表) TABLE | FUNCTION | PROCEDUREpriv_level: * | *.* | db_name.* | db_name.tbl_name | tbl_name | db_name.routine_nameuser_specification: user [ IDENTIFIED BY [PASSWORD] ‘password‘ | IDENTIFIED WITH auth_plugin [AS ‘auth_string‘] ] //可以實現授權並添加密碼ssl_option: SSL ...with_option: GRANT OPTION 轉贈給別人 | MAX_QUERIES_PER_HOUR count 每小時允許執行的最大查詢次數 | MAX_UPDATES_PER_HOUR count 每小時允許執行的最大更新次數 | MAX_CONNECTIONS_PER_HOUR count 每小時允許執行的最大串連次數 | MAX_USER_CONNECTIONS count 使用同一個帳號可以同時串連的次數
執行個體
給testuser使用者授權MySQL > grant create on testdb.* to [email protected]‘192.168.139.1__‘;
此時testuser只能建立testdb庫
650) this.width=650;" src="http://s5.51cto.com/wyfs02/M00/8B/B4/wKiom1hV2rHwU59BAAAYyfMaH5M457.png-wh_500x0-wm_3-wmp_4-s_398568808.png" title="1.png" alt="wKiom1hV2rHwU59BAAAYyfMaH5M457.png-wh_50" />
查看自己的許可權MySQL > show grants for [email protected]‘192.168.139.1__‘;
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M00/8B/B0/wKioL1hV2vuhKIFeAAIGDH35G9k426.png-wh_500x0-wm_3-wmp_4-s_897807571.png" style="float:none;" title="2.png" alt="wKioL1hV2vuhKIFeAAIGDH35G9k426.png-wh_50" />
650) this.width=650;" src="http://s3.51cto.com/wyfs02/M01/8B/B4/wKiom1hV2vuxavQyAAAYvUxIztk712.png-wh_500x0-wm_3-wmp_4-s_898411770.png" style="float:none;" title="3.png" alt="wKiom1hV2vuxavQyAAAYvUxIztk712.png-wh_50" />
此時可以在該資料庫下建立表,但是由於沒有select和drop許可權,
所以不能查看錶資料及結構,不能刪除表
給testuser使用者刪除表的許可權MySQL > grant drop on testdb.* to [email protected]‘192.168.139.1__‘;查看許可權MySQL > show grants for [email protected]‘192.168.139.1__‘;
650) this.width=650;" src="http://s5.51cto.com/wyfs02/M00/8B/B4/wKiom1hV24myxeMQAAEvZnqSJHs308.png-wh_500x0-wm_3-wmp_4-s_2143345778.png" title="1.png" alt="wKiom1hV24myxeMQAAEvZnqSJHs308.png-wh_50" />
給testuser使用者增、刪、查、改許可權MySQL > grant select,insert,update,delete on testdb.* to [email protected]‘192.168.139.1__‘;查看許可權MySQL > show grants for [email protected]‘192.168.139.1__‘;
650) this.width=650;" src="http://s2.51cto.com/wyfs02/M00/8B/B0/wKioL1hV272BC7b7AAFDPo3axW0675.png-wh_500x0-wm_3-wmp_4-s_161606123.png" title="2.png" alt="wKioL1hV272BC7b7AAFDPo3axW0675.png-wh_50" />
注意:要想建立庫應該對所有表都有許可權
收回授權
MySQL > help REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level FROM user [, user] ... REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] ... REVOKE PROXY ON user FROM user [, user] ...
例子:
MySQL > revoke insert,select on testdb.* from [email protected]‘192.168.139.1__‘;查看許可權MySQL > show grants for [email protected]‘192.168.139.1__‘;
650) this.width=650;" src="http://s1.51cto.com/wyfs02/M02/8B/B0/wKioL1hV3CuSEGbGAAFj5gP_7-s413.png-wh_500x0-wm_3-wmp_4-s_4164301907.png" title="1.png" alt="wKioL1hV3CuSEGbGAAFj5gP_7-s413.png-wh_50" />
幾個跟使用者授權相關的表:(在mysql庫中)
db:庫層級的許可權host:主機分級許可權,已廢棄tables_priv:表層級許可權columns_priv:列層級的許可權procs_priv:預存程序和儲存函數相關的許可權proxies_priv:代理使用者權限·
MySQL的每一次操作幾乎都要涉及許可權管理檢查,所以把授權表載入記憶體中(為了提升速度)
本文出自 “似水流年” 部落格,請務必保留此出處http://sixijie123.blog.51cto.com/11880770/1883685
MySQL使用者管理
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
