數據控制語句:用於控制不同的數據段直接的許可和訪問級別的語句。這些語句定義了數據庫、表、字段、用戶的訪問權限權限和安全級別,主要包括關鍵字grant、revoke等。其主要是DBA用來管理系統中的對象權限時使用,一般開發人員很少使用。
一、創建用戶
1.創建用戶
create user 'username'@'lhost' identified by 'password'
-- username:你將創建的用戶的用戶名
-- host:指定該用戶在哪個主機上可以登陸,如果是本地用戶可用localhost, 如果想讓該用戶可以從任意遠程主機登陸,可以使用通配符%
-- identified by :確認關鍵字,後接密碼
-- password :用戶的登陸密碼,密碼可以爲空,如果爲空則該用戶可以不需要密碼登陸服務器
/*
舉個例子:
create user 'lzh'@'localhost' identified by '123456';
create user 'lzh'@'%' identified by '123456';
create user 'lzh'@'%' identified by ''; 等效於: create user 'lzh'@'%';
*/
二、授權
2.授權
grant privileges on dbname.tablename to 'username'@'host' identified by 'password' [with grant option]
-- privileges:用戶的操作權限,如SELECT , INSERT , UPDATE 等(具體詳見下表),如果要授予所的權限,則使用all
-- dbname:數據庫名,tablename:表名,如果是所有表的話,則dbname.*
-- with grant option:命令中不帶這個,則,該用戶username不能將權限授予其他人,反之,則可以
/*
舉個例子:
grant selelct on test.* to 'lzh'@'localhost' identified by '123456';
grant all on *.* to 'lzh'@'%' with grant option;
*/
三、設置與更改密碼
3.設置及更改密碼
set password for 'username'@'host' = password('new_password')
-- 若是當前登錄用戶,可簡寫: set password = password ('new_password')
四、撤銷用戶權限
4.撤銷用戶權限
revoke privilege on dbname.tablename from 'username'@'host'
-- privilege:同授權部分
五、刪除用戶
5.刪除用戶
drop user 'username'@'host'
附:
sql權限表:
Privilege | Grant Table Column | Context |
all [privileges] | Synonym for “all privileges” | Server administration |
alter | Alter_priv | Tables |
alter routine | Alter_routine_priv | Stored routines |
create | Create_priv | Databases, tables, or indexes |
create routine | Create_routine_priv | Stored routines |
create tablespace | Create_tablespace_priv | Server administration |
create temporary tables | Create_tmp_table_priv | Tables |
create user | Create_user_priv | Server administration |
create view | Create_view_priv | Views |
delete | Delete_priv | Tables |
drop | Drop_priv | Databases, tables, or views |
event | Event_priv | Databases |
execute | Execute_priv | Stored routines |
file | File_priv | File access on server host |
grant option | Grant_priv | Databases, tables, or stored routines |
index | Index_priv | Tables |
insert | Insert_priv | Tables or columns |
lock tables | Lock_tables_priv | Databases |
process | Process_priv | Server administration |
proxy | See proxies_priv table | Server administration |
references | References_priv | Databases or tables |
reload | Reload_priv | Server administration |
replication client | Repl_client_priv | Server administration |
replication slave | Repl_slave_priv | Server administration |
select | Select_priv | Tables or columns |
show databases | Show_db_priv | Server administration |
show view | Show_view_priv | Views |
shutdown | Shutdown_priv | Server administration |
super | Super_priv | Server administration |
trigger | Trigger_priv | Tables |
update | Update_priv | Tables or columns |
usage | Synonym for “no privileges” | Server administration |