mysql用戶和帳號,實現用戶認證
1)用戶公開,任何人都能看到;密碼使用mysql中password函數生成2)帳號密碼不能用登錄linux系統
3)用戶名@主機
用戶和權限表
mysql啓動後,此處的表從磁盤加載到內存,可提高mysql的性能
1)user: Contains user accounts, global privileges, and other non-privilege columns.
user: 用戶帳號、全局權限
用戶帳號 用戶名@主機
用戶名:16位以內
主機: 1)主機名:www.hiyang.com
2)IP或網絡地址,IP/255.255.255.0
3)通配符,192.168.%.%,%.hiyang.com
登錄mysql時不反解析主機名,可以加快登錄速度,登錄時使用--skip-name-resolve選項
2)db: Contains database-level privileges.
db: 庫級別權限
3)host: Obsolete.
host: 廢棄,整合進入user
4)tables_priv: Contains table-level privileges.
tables_priv:表級別權限
5)columns_priv: Contains column-level privileges.
columns_priv:列級別權限
6)procs_priv: Contains stored procedure and function privileges.
procs_priv: 存儲過程和存儲函數相關的權限
7)proxies_priv: Contains proxy-user privileges.
proxies_priv:代理用戶權限
創建臨時表,位於內存中,空間大小有限(heap:16M),不允許隨意創建
CREATE TEMPORARY TABLES
觸發器:主動數據庫,和記錄日誌相關user: log
創建用戶
方式1,自動讀入內存,不用flush
create user username@‘hostname’ [identified by ‘password’]
mysql> create user test@"192.168.8.0/24" identified by 'test';
mysql> show grants for test@"192.168.8.0/24";
+------------------------------------------------------------------------------------------------------------------+
| Grants for [email protected]/24 |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'test'@'192.168.8.0/24' IDENTIFIED BY PASSWORD '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29' |
+------------------------------------------------------------------------------------------------------------------+
方式2
GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ... ON [object_type] priv_level TO user_specification [, user_specification] ...[REQUIRE {NONE | tsl_option [[AND] tsl_option] ...}] [WITH {GRANT OPTION | resource_option} ...]
GRANT PROXY ON user_specification TO user_specification [, user_specification] ...[WITH GRANT OPTION]
object_type: {
TABLE | FUNCTION | PROCEDURE }
priv_level: {
* | *.* | db_name.* | db_name.tbl_name | tbl_name | db_name.routine_name
}
user_specification:
user [ auth_option ]
auth_option: {
IDENTIFIED BY 'auth_string'
| IDENTIFIED BY PASSWORD 'hash_string'
| IDENTIFIED WITH auth_plugin
| IDENTIFIED WITH auth_plugin AS 'hash_string'
}
tsl_option: {
SSL
| X509
| CIPHER 'cipher'
| ISSUER 'issuer'
| SUBJECT 'subject'
}
resource_option: { 資源使用限定
| MAX_QUERIES_PER_HOUR count;限定每小時登錄的次數
| MAX_UPDATES_PER_HOUR count
| MAX_CONNECTIONS_PER_HOUR count
| MAX_USER_CONNECTIONS count
}
方式3
insert into mysql.user
查看某個用戶的權限
show grants for user@hostname
添加授權後,部分授權生效需要,如insert
1)flush privileges
2)用戶會話重新連接
授權指定字段
mysql> grant update(name) on tdb.testdb to test1@"192.168.8.%";
super權限 *.*
mysql> grant super on *.* to test1@"192.168.8.%";
刪除用戶
drop user user@hostname
重命名
rename user old_user@hostname to new_user@hostname
取消授權revoke,不用flush
mysql> revoke select on tdb.* from test1@'192.168.8.%';