mysql 對用戶授權的操作
grant 權限 on 數據庫名.表名 to 用戶名@'可以訪問的地址' identified by "密碼"
權限: all 所有權限 usage 無權限 select,update,insert,delete,等權限
數據庫.表名: *.* 所有數據庫的所有表
數據庫名.* 單個數據庫的所有表
數據庫名.表名 單個數據庫的某個表
用戶名: 授權的用戶名
可以訪問的地址: % 所有地址,但是localhost不能訪問
localhost 只有localhost可以訪問
192.168.1.0/24 可以訪問網段地址
192.168.1.1 只能某個地址訪問
實驗部分:
1、給zhaoyun用戶授予在localhost登陸,對zhaoyun數據庫可以進行 create,select,update,insert,delete操作,但是不設置密碼就可以登陸;
mysql> grant create,select,update,insert,delete on zhaoyun.* to zhaoyun@'localhost';
登陸測試
[root@zhaoyun ~]# mysql -uzhaoyun
mysql> use mysql ; #zhaoyun用戶對mysql數據庫沒有任何權限。
ERROR 1044 (42000): Access denied for user 'zhaoyun'@'localhost' to database 'mysql'
mysql>
mysql> use zhaoyun ; #可以使用zhaoyun數據庫
Database changed
mysql> show grants ; #查看當前用戶擁有的權限
+--------------------------------------------------------------------------------------+
| Grants for zhaoyun@localhost |
+--------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'zhaoyun'@'localhost' |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON `zhaoyun`.* TO 'zhaoyun'@'localhost' |
+--------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> create table test(user char(3)); #建表測試
Query OK, 0 rows affected (0.00 sec)
mysql> select * from test ; #查詢測試
Empty set (0.00 sec)
mysql> insert into test values('zhaoyun'); #插入數據測試
Query OK, 1 row affected, 1 warning (0.01 sec)
2、給zhaoyun用戶授予從192.168.0.7的機器登陸,並有相應的權限。
mysql> grant create,select,insert,update on zhaoyun.* to zhaoyun@'192.168.0.7' i
dentified by "zhaoyun";
Query OK, 0 rows affected (0.00 sec)
客戶端登陸測試
[root@zhaoyun ~]# mysql -h192.168.0.55 -uzhaoyun -pzhaoyun;
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 11
Server version: 5.1.32-community MySQL Community Server (GPL)
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> show grants ;
+------------------------------------------------------------------------------------------------------------------+
| Grants for [email protected] |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'zhaoyun'@'192.168.0.7' IDENTIFIED BY PASSWORD '*875232B4D3487BBF724E4A0B22DB6A8DFC489C11' |
| GRANT SELECT, INSERT, UPDATE, CREATE ON `zhaoyun`.* TO 'zhaoyun'@'192.168.0.7' |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.01 sec)
把ip地址改成192.168.0.8測試,就 不行了
[root@zhaoyun ~]# ifconfig eth1 192.168.0.8
[root@bogon red hat 5]# ifconfig eth1 |grep addr
inet addr:192.168.0.8 Bcast:192.168.0.255 Mask:255.255.255.0
[root@bogon red hat 5]# mysql -h192.168.0.55 -uzhaoyun -pzhaoyun
ERROR 1130 (00000): Host '192.168.0.8' is not allowed to connect to this MySQL server
再改回來:就可以了。
[root@bogon red hat 5]# ifconfig eth1 192.168.0.7
[root@bogon red hat 5]# mysql -h192.168.0.55 -uzhaoyun -pzhaoyun
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 13
Server version: 5.1.32-community MySQL Community Server (GPL)
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql>
上面授予的權限沒有delete權限,測試下
有問題了吧
mysql> delete from t1 ;
ERROR 1142 (42000): DELETE command denied to user 'zhaoyun'@'BOGON' for table 't1'
3、給用戶授予可以把自己權限再授給其他人的權限。
mysql> grant create on zhaoyun.t1 to zhaoyun@'192.168.0.7' identified by "zhaoyu
n" with grant option ;
Query OK, 0 rows affected (0.00 sec)
4、查看權限
mysql> show grants ; #查看自己的權限
mysql> show grants for zhaoyun@'192.168.0.7'; #查看其他用戶的權限。
mysql> show grants ;
+---------------------------------------------------------------------+
| Grants for root@localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> show grants for zhaoyun@'192.168.0.7';
+-------------------------------------------------------------------------------
-----------------------------------+
| Grants for [email protected]
|
+-------------------------------------------------------------------------------
-----------------------------------+
| GRANT USAGE ON *.* TO 'zhaoyun'@'192.168.0.7' IDENTIFIED BY PASSWORD '*875232B
4D3487BBF724E4A0B22DB6A8DFC489C11' |
| GRANT SELECT, INSERT, UPDATE, CREATE ON `zhaoyun`.* TO 'zhaoyun'@'192.168.0.7'
|
| GRANT CREATE ON `zhaoyun`.`t1` TO 'zhaoyun'@'192.168.0.7' WITH GRANT OPTION
|
+-------------------------------------------------------------------------------
-----------------------------------+
3 rows in set (0.01 sec)
5、撤銷權限
mysql> revoke create on zhaoyun.* from zhaoyun@'192.168.0.7' ;
mysql> revoke create on zhaoyun.* from zhaoyun@'192.168.0.7' ;
Query OK, 0 rows affected (0.02 sec)
#客戶端測試
mysql> use zhaoyun ;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select * from zhaoyun ;
ERROR 1142 (42000): SELECT command denied to user 'zhaoyun'@'BOGON' for table 'zhaoyun'
mysql> 可以登陸但是沒有權限了。
將用戶刪除就不能登陸了。
mysql> delete from user where user='zhaoyun';
Query OK, 2 rows affected (0.00 sec)
mysql> flush privileges ;
Query OK, 0 rows affected (0.01 sec)
[root@bogon red hat 5]# mysql -h192.168.0.55 -uzhaoyun -pzhaoyun
ERROR 1130 (00000): Host 'BOGON' is not allowed to connect to this MySQL server
mysql用戶授權操作
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章