一、用戶管理
1. Mysql的用戶通常分爲兩類:
root MySQL數據庫的管理員用戶
普通用戶
2. 用戶帳號的命名方式:
username@主機
username@網絡
可以使用通配符,
%: 表示任意字符
_: 表示任意單個字符
eg: root@localhost --> root用戶只能通過本機來登錄 [email protected]/24 --> root用戶只能通過192.168.0.0網段的主機登錄 cacti_user@'192.168.0.%'
3. 創建用戶:
mysql> CREATE USER 'user_name'@'host' [IDENTIFIED BY 'password'] ;
4. 爲用戶更改密碼:
(1).在shell命令行中更改:
# mysqladmin -u root passwrord 'new_password' -p # mysqladmin -u root -h this_host_name password 'new_password'
(2).在Mysql的命令行中更改
mysql> SET PASSWORD FOR user_name@'host_name'=PASSWORD('password');
5. 刪除用戶:
mysql> DROP USER 'user_name'@'host_name'; mysql >DROP USER ''@'localhost'; 刪除匿名用戶 mysql> DELETE FROM user WHERE HOST='::1';
6. 不用輸入密碼登錄 mysql:
# cd ~ # vi .my.cnf [mysql] user=root host=localhost password=redhat
二、權限管理
1. 爲用戶授權:
mysql> GRANT ALL ON *.* TO user_name IDENTIFIED BY 'redhat'; mysql> GRANT ALL PRIVILEGES ON player.* TO user_name@'host_name' IDENTIFIED BY 'redhat'; mysql> GRANT SELECT,UPDATE,DELETE ON test.player TO astd@'192.168.0.%' IDENTIFIED BY '123456'; mysql>flush privileges; 刷新授權表(進行授權後要刷新內存中的授權表)
2. 查看某個用戶的授權情況:
mysql> SHOW GRANTS FOR astd@'192.168.0.%'; +---------------------------------------------------------------------------------------------------------------+ | Grants for [email protected].% | +---------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'astd'@'192.168.0.%' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' | | GRANT SELECT, UPDATE, DELETE ON `test`.`player` TO 'astd'@'192.168.0.%' | +---------------------------------------------------------------------------------------------------------------+
3.收回用戶的某些權限:
mysql> REVOKE privilege_list ON db.tables FROM 'user'@'host';
4. 與mysql用戶授權相關的表:
mysql> use mysql Database changed mysql> show tables; +---------------------------+ | Tables_in_mysql | +---------------------------+ | columns_priv | --> 字段授權相關的表 | db | --> 庫級別授權相關的表 | func | | host | | proc | | procs_priv | --> 存儲過程和存儲函數執行權限相關的表 | tables_priv | --> 表級別授權相關的表 | time_zone | | user | --> 用戶授權相關的表 +---------------------------+
三、GRANT 的語法
GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ON [object_type] priv_level TO user_specification [, user_specification] ... [REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}] [WITH with_option ...] GRANT PROXY ON user_specification TO user_specification [, user_specification] ... [WITH GRANT OPTION] object_type: TABLE | FUNCTION | PROCEDURE priv_level: * | *.* | db_name.* | db_name.tbl_name | tbl_name | db_name.routine_name user_specification: user [ IDENTIFIED BY [PASSWORD] 'password' | IDENTIFIED WITH auth_plugin [AS 'auth_string'] ] ssl_option: SSL | X509 | CIPHER 'cipher' | ISSUER 'issuer' | SUBJECT 'subject' with_option: GRANT OPTION | MAX_QUERIES_PER_HOUR count 平均每個小時最多可以發起多少次查詢請求 | MAX_UPDATES_PER_HOUR count | MAX_CONNECTIONS_PER_HOUR count | MAX_USER_CONNECTIONS count 一個用戶最多允許同時發起的連接請求次數
Global level
Global privileges apply to all databases on a given server. These privileges are stored in the mysql.user table. GRANT ALL ON *.* and REVOKE ALL ON *.* grant and revoke only global privileges.
GRANT ALL ON *.* TO 'someuser'@'somehost'; GRANT SELECT, INSERT ON *.* TO 'someuser'@'somehost';
Database level
Database privileges apply to all objects in a given database. These privileges are stored in the mysql.db and mysql.host tables. GRANT ALL ON db_name.* and REVOKE ALL ON db_name.* grant and revoke only database privileges.
GRANT ALL ON mydb.* TO 'someuser'@'somehost'; GRANT SELECT, INSERT ON mydb.* TO 'someuser'@'somehost';
Table level
Table privileges apply to all columns in a given table. These privileges are stored in the mysql.tables_priv table. GRANT ALL ON db_name.tbl_name and REVOKE ALL ON db_name.tbl_name grant and revoke only table privileges.
GRANT ALL ON mydb.mytbl TO 'someuser'@'somehost'; GRANT SELECT, INSERT ON mydb.mytbl TO 'someuser'@'somehost';
If you specify tbl_name rather than db_name.tbl_name, the statement applies to tbl_name in the default database.
Column level
Column privileges apply to single columns in a given table. These privileges are stored in the mysql.columns_priv table. When using REVOKE, you must specifythe same columns that were granted. The column or columns for which the
privileges are to be granted must be enclosed within parentheses.
GRANT SELECT (col1), INSERT (col1,col2) ON mydb.mytbl TO 'someuser'@'somehost';
Routine level
The CREATE ROUTINE, ALTER ROUTINE, EXECUTE, and GRANT OPTION privileges apply to stored routines (functions and procedures). They can be granted at the global and database levels. Also, except for CREATE ROUTINE, these privileges
can be granted at the routine level for individual routines and are stored in the mysql.procs_priv table.
GRANT CREATE ROUTINE ON mydb.* TO 'someuser'@'somehost'; GRANT EXECUTE ON PROCEDURE mydb.myproc TO 'someuser'@'somehost';