MySQL 用戶管理與授權管理

一、用戶管理
1. Mysql的用戶通常分爲兩類：      
     root   MySQL數據庫的管理員用戶
     普通用戶

2. 用戶帳號的命名方式：
      username@主機
      username@網絡
               可以使用通配符，

                   %: 表示任意字符

                   _: 表示任意單個字符

eg:
   root@localhost                 --> root用戶只能通過本機來登錄
   [email protected]/24            --> root用戶只能通過192.168.0.0網段的主機登錄
   cacti_user@'192.168.0.%'

3. 創建用戶：

mysql> CREATE USER 'user_name'@'host' [IDENTIFIED BY 'password'] ;

4. 爲用戶更改密碼：

   (1).在shell命令行中更改：

# mysqladmin -u root passwrord  'new_password'  -p
# mysqladmin -u root -h this_host_name  password 'new_password'

  (2).在Mysql的命令行中更改

mysql> SET PASSWORD  FOR user_name@'host_name'=PASSWORD('password');

5. 刪除用戶：

mysql> DROP  USER 'user_name'@'host_name';
mysql >DROP  USER ''@'localhost';                刪除匿名用戶
mysql> DELETE FROM user  WHERE HOST='::1';

6. 不用輸入密碼登錄 mysql：

# cd ~
# vi .my.cnf
[mysql]
user=root
host=localhost
password=redhat

二、權限管理
1. 爲用戶授權：

mysql> GRANT  ALL ON *.*  TO user_name  IDENTIFIED BY 'redhat';
mysql> GRANT ALL PRIVILEGES ON player.* TO user_name@'host_name' IDENTIFIED BY 'redhat';
mysql> GRANT SELECT,UPDATE,DELETE ON test.player TO  astd@'192.168.0.%' IDENTIFIED BY '123456';
mysql>flush privileges;                            刷新授權表(進行授權後要刷新內存中的授權表)

2. 查看某個用戶的授權情況：

mysql> SHOW GRANTS FOR astd@'192.168.0.%';
+---------------------------------------------------------------------------------------------------------------+
| Grants for [email protected].%                                                                                   |
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'astd'@'192.168.0.%' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT SELECT, UPDATE, DELETE ON `test`.`player` TO 'astd'@'192.168.0.%'                                       |
+---------------------------------------------------------------------------------------------------------------+

3.收回用戶的某些權限：

mysql> REVOKE  privilege_list  ON  db.tables  FROM  'user'@'host';

4. 與mysql用戶授權相關的表:

mysql> use mysql
Database changed
mysql> show tables;
+---------------------------+
| Tables_in_mysql           |
+---------------------------+
| columns_priv              |       --> 字段授權相關的表
| db                        |       --> 庫級別授權相關的表
| func                      |
| host                      |
| proc                      |
| procs_priv                |       --> 存儲過程和存儲函數執行權限相關的表
| tables_priv               |       --> 表級別授權相關的表
| time_zone                 |
| user                      |       --> 用戶授權相關的表
+---------------------------+

三、GRANT 的語法

GRANT
    priv_type [(column_list)] [, priv_type [(column_list)]]  ON [object_type] priv_level TO user_specification [, user_specification] ...
    [REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]  [WITH with_option ...]
GRANT PROXY ON user_specification TO user_specification [, user_specification] ...
    [WITH GRANT OPTION]
object_type:
    TABLE | FUNCTION | PROCEDURE
priv_level:
    *
  | *.*
  | db_name.*
  | db_name.tbl_name
  | tbl_name
  | db_name.routine_name
user_specification:
    user
    [ IDENTIFIED BY [PASSWORD] 'password' | IDENTIFIED WITH auth_plugin [AS 'auth_string'] ]
ssl_option:
    SSL
  | X509
  | CIPHER 'cipher'
  | ISSUER 'issuer'
  | SUBJECT 'subject'
with_option:
    GRANT OPTION
  | MAX_QUERIES_PER_HOUR count            平均每個小時最多可以發起多少次查詢請求
  | MAX_UPDATES_PER_HOUR count
  | MAX_CONNECTIONS_PER_HOUR count
  | MAX_USER_CONNECTIONS count            一個用戶最多允許同時發起的連接請求次數

Global level
 Global privileges apply to all databases on a given server. These privileges are stored in the mysql.user table. GRANT ALL ON *.* and REVOKE ALL ON *.* grant and revoke only global privileges.

GRANT ALL ON *.* TO 'someuser'@'somehost';
GRANT SELECT, INSERT ON *.* TO 'someuser'@'somehost';

Database level
 Database privileges apply to all objects in a given database. These privileges are stored in the mysql.db and mysql.host tables. GRANT ALL ON db_name.* and REVOKE ALL ON db_name.* grant and revoke only database privileges.

GRANT ALL ON mydb.* TO 'someuser'@'somehost';
GRANT SELECT, INSERT ON mydb.* TO 'someuser'@'somehost';

Table level
 Table privileges apply to all columns in a given table. These privileges are stored in the mysql.tables_priv table. GRANT ALL ON db_name.tbl_name and REVOKE ALL ON db_name.tbl_name grant and revoke only table privileges.

GRANT ALL ON mydb.mytbl TO 'someuser'@'somehost';
GRANT SELECT, INSERT ON mydb.mytbl TO 'someuser'@'somehost';

If you specify tbl_name rather than db_name.tbl_name, the statement applies to tbl_name in the default database.
Column level
 Column privileges apply to single columns in a given table. These privileges are stored in the mysql.columns_priv table. When using REVOKE, you must specifythe same columns that were granted. The column or columns for which the

privileges are to be granted must be enclosed within parentheses.

GRANT SELECT (col1), INSERT (col1,col2) ON mydb.mytbl TO 'someuser'@'somehost';

Routine level
 The CREATE ROUTINE, ALTER ROUTINE, EXECUTE, and GRANT OPTION privileges apply to stored routines (functions and procedures). They can be granted at the global and database levels. Also, except for CREATE ROUTINE, these privileges

can be granted at the routine level for individual routines and are stored in the mysql.procs_priv table.

GRANT CREATE ROUTINE ON mydb.* TO 'someuser'@'somehost';
GRANT EXECUTE ON PROCEDURE mydb.myproc TO 'someuser'@'somehost';