mysql權限管理

原創 馬吉輝 2019-05-20 13:53

2019/5/20 星期一 //這是mysql的權限問題 具體的詳情見 第三章 《mysql用戶及賦予用戶權限grant》
現在有一個需求,就是指定一個用戶對一個數據庫中的所有表只有只讀權限
mysql用戶及賦予用戶權限grant
我們在我們的dev環境的 192.168.0.36 上進行試驗

@(none)> select user,host from mysql.user; 
+---------------+-----------+
| user          | host      |
+---------------+-----------+
| root          | %         |
| mysql.session | localhost |
| mysql.sys     | localhost |
| root          | localhost |
+---------------+-----------+
4 rows in set (0.00 sec)
首先創建一個 試驗的表
create database university; //create database university character set utf8mb4;
use university;
創建一個學生表
create table student(
Sno char(9) PRIMARY KEY,
Sname char(20) unique,
Ssex char(2),
Sage int,
Sdept char(20)
);

插入試驗數據
insert into student values(200215121,'李勇','男',20,'CS');
insert into student values(100215122,'劉晨','女',19,'CS');
insert into student values(100215123,'王敏','女',18,'MA');
insert into student values(100215124,'張立','男',19,'IS');

@university> use university;
Database changed
@university> show tables;
+----------------------+
| Tables_in_university |
+----------------------+
| student              |
+----------------------+
1 row in set (0.00 sec)

@university> select * from student;
+-----------+--------+------+------+-------+
| Sno       | Sname  | Ssex | Sage | Sdept |
+-----------+--------+------+------+-------+
| 100215122 | 劉晨   | 女   |   19 | CS    |
| 100215123 | 王敏   | 女   |   18 | MA    |
| 100215124 | 張立   | 男   |   19 | IS    |
| 200215121 | 李勇   | 男   |   20 | CS    |
+-----------+--------+------+------+-------+
4 rows in set (0.00 sec)

接下來,我們要創建一個用戶majihui 只對university 庫下的所有表有權限。
mysql> help grant;
Name: 'GRANT'
Description:
Syntax:
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
[WITH with_option ...]

object_type:
TABLE
| FUNCTION
| PROCEDURE

priv_level:

  • 所有
    | . 所有庫所有表
    | db_name.* 指定庫的所有表
    | db_name.tbl_name 指定庫的指點表
    | tbl_name 指定一個表
    | db_name.routine_name指定一個庫的存儲過程

user_specification:
user [IDENTIFIED BY [PASSWORD] 'password']

ssl_option:
SSL
| X509
| CIPHER 'cipher'
| ISSUER 'issuer'
| SUBJECT 'subject'

with_option:
GRANT OPTION
| MAX_QUERIES_PER_HOUR count 每小時查詢幾次
| MAX_UPDATES_PER_HOUR count 每小時更新幾次
| MAX_CONNECTIONS_PER_HOUR count 每小時鏈接幾次
| MAX_USER_CONNECTIONS count 每小時使用幾次

The GRANT statement grants privileges to MySQL user accounts. GRANT
also serves to specify other account characteristics such as use of
secure connections and limits on access to server resources. To use
GRANT, you must have the GRANT OPTION privilege, and you must have the
privileges that you are granting.

Normally, a database administrator first uses CREATE USER to create an
account, then GRANT to define its privileges and characteristics. For
example:

CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
GRANT ALL ON db1. TO 'jeffrey'@'localhost';
GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';
GRANT USAGE ON .* TO 'jeffrey'@'localhost' WITH MAX_QUERIES_PER_HOUR 90;

However, if an account named in a GRANT statement does not already
exist, GRANT may create it under the conditions described later in the
discussion of the NO_AUTO_CREATE_USER SQL mode.

The REVOKE statement is related to GRANT and enables administrators to
remove account privileges. See [HELP REVOKE].

When successfully executed from the mysql program, GRANT responds with
Query OK, 0 rows affected. To determine what privileges result from the
operation, use SHOW GRANTS. See [HELP SHOW GRANTS].

URL: http://dev.mysql.com/doc/refman/5.1/en/grant.html

首先方法1 
方法1:
CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
GRANT ALL ON db1.* TO 'jeffrey'@'localhost';
mysql> create user oldboy@'localhost' identified by 'oldboy123';  創建一個用戶名爲oldboy密碼爲oldboy123的用戶
Query OK, 0 rows affected (0.00 sec)
//此部分在dba第三 章有詳細解釋,請轉至第三章 創建mysql用戶及賦予用戶權限 *****

我們具體的操作如下:
首先,我們查看用戶

@university> select user,host from mysql.user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| root | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
4 rows in set (0.00 sec)

沒有我們想要的majihui用戶

我們接下來在192.168.83.181 這臺服務器上用root用戶去連0.36上的mysql 看能否鏈接創建數據
[root@hadoop01-181 ~]# mysql -uroot -pxxxxx -h192.168.0.36 -P3306
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| freeswitch |
| gpush |
| ivargo_pay |
| mysql |
| openfire |
| performance_schema |
| sys |

23 rows in set (0.01 sec)
我們可以查看
我們接下來試着插入一個數據 

insert into student values(20090001,'馬吉輝','男',26,'CS');
mysql> insert into student values(20090001,'馬吉輝','男',26,'CS');
Query OK, 1 row affected (0.01 sec)
mysql> select * from student;
+-----------+-----------+------+------+-------+
| Sno       | Sname     | Ssex | Sage | Sdept |
+-----------+-----------+------+------+-------+
| 100215122 | 劉晨      | 女   |   19 | CS    |
| 100215123 | 王敏      | 女   |   18 | MA    |
| 100215124 | 張立      | 男   |   19 | IS    |
| 200215121 | 李勇      | 男   |   20 | CS    |
| 20090001  | 馬吉輝    | 男   |   26 | CS    |
+-----------+-----------+------+------+-------+
5 rows in set (0.00 sec)

接下來,我們的實際操作
接下來,我們要創建一個用戶majihui 只對university 庫下的所有表有權限。
方法1:
create user majihui@'localhost' identified by 'majihui123'; 創建一個用戶名爲majihui密碼爲majihui123的用戶
grant all on university.* to majihui@'localhost'; (把majihui庫中的所有表的權限 給majihui用戶)

方法2:一條命令搞定
mysql> grant all on oldboy. to oldboy@'localhost' identified by 'oldboy123';
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
提示:相當於
useradd oldboy && echo "oldboy123"|password -stdin oldboy
列表說明如下
grant all on oldboy. to oldboy@'localhost' identified by 'oldboy123';
授權命令 對於權限 目標:庫和表 用戶名和主機 用戶密碼

//我們的實際操作如下: //我們之前用的是majihui@'localhost' 要改成 majihui@'%'
@(none)> create user majihui@'%' identified by 'majihui123';
Query OK, 0 rows affected (0.01 sec)
@(none)> select user,host from mysql.user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| root | % |
| majihui | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
5 rows in set (0.00 sec)
@(none)> grant all on university. to majihui@'%';
Query OK, 0 rows affected, 1 warning (0.01 sec)
@(none)> show grants for majihui@'%';
+---------------------------------------------------------+
| Grants for majihui@% |
+---------------------------------------------------------+
| GRANT USAGE ON . TO 'majihui'@'%' |
| GRANT ALL PRIVILEGES ON university. TO 'majihui'@'%' |
+---------------------------------------------------------+
2 rows in set (0.00 sec)

[root@hadoop01-181 ~]# mysql -umajihui -pmajihui123 -h192.168.0.36 -P3306
Warning: Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'majihui'@'192.168.83.181' (using password: YES)
[root@hadoop01-181 ~]# mysql -umajihui -pmajihui123 -hlocalhost -P3306
Warning: Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'majihui'@'localhost' (using password: YES)

我們要把localhost改成 %
UPDATE mysql.user SET host='%' WHERE user='majihui';
@(none)> UPDATE mysql.user SET host='%' WHERE user='majihui';
Query OK, 1 row affected (0.01 sec)
Rows matched: 1 Changed: 1 Warnings: 0

@(none)> select user,host from mysql.user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| majihui | % |
| root | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
5 rows in set (0.00 sec)

@(none)> flush privileges;
Query OK, 0 rows affected (0.00 sec)

grant all on university.* to majihui@'%';

再執行這個就可以鏈接了
[root@hadoop01-181 ~]# mysql -umajihui -pmajihui123 -h192.168.0.36 -P3306
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| university |
+--------------------+
2 rows in set (0.00 sec)

mysql> delete from student where Sname='馬吉輝';
Query OK, 1 row affected (0.00 sec)

mysql> select * from student;
+-----------+--------+------+------+-------+
| Sno | Sname | Ssex | Sage | Sdept |
+-----------+--------+------+------+-------+
| 100215122 | 劉晨 | 女 | 19 | CS |
| 100215123 | 王敏 | 女 | 18 | MA |
| 100215124 | 張立 | 男 | 19 | IS |
| 200215121 | 李勇 | 男 | 20 | CS |
+-----------+--------+------+------+-------+
4 rows in set (0.00 sec)

//成功了,majihui這個用戶對university.*下的所有庫有增刪改查的權限

接下來收回權限
REVOKE INSERT ON university. FROM 'majihui'@'%'; 回收權限
@(none)> REVOKE INSERT ON university. FROM 'majihui'@'%';
Query OK, 0 rows affected (0.00 sec)

刪除majihui這個用戶
@(none)> select user,host from mysql.user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| majihui | % |
| root | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
5 rows in set (0.00 sec)

@(none)> delete from mysql.user where user='majihui';
Query OK, 1 row affected (0.01 sec)

@(none)> select user,host from mysql.user;
+---------------+-----------+
| user | host |
+---------------+-----------+
| root | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
4 rows in set (0.00 sec)

創建vargo這個用戶,單獨的對university.下所有表 只有可讀的權限。也就是隻有select的權限
具體操作如下
create user vargo@'%' identified by 'vargo123';
grant select on university. to vargo@'%';
@(none)> grant select on university.* to vargo@'%';
Query OK, 0 rows affected (0.01 sec)

@(none)> show grants for vargo@'%'
-> ;
+-----------------------------------------------+
| Grants for vargo@% |
+-----------------------------------------------+
| GRANT USAGE ON . TO 'vargo'@'%' |
| GRANT SELECT ON university.* TO 'vargo'@'%' |
+-----------------------------------------------+
2 rows in set (0.00 sec)

然後我們登錄
[root@hadoop01-181 ~]# mysql -uvargo -pvargo123 -h192.168.0.36 -P3306
mysql> select * from student;
+-----------+--------+------+------+-------+
| Sno | Sname | Ssex | Sage | Sdept |
+-----------+--------+------+------+-------+
| 100215122 | 劉晨 | 女 | 19 | CS |
| 100215123 | 王敏 | 女 | 18 | MA |
| 100215124 | 張立 | 男 | 19 | IS |
+-----------+--------+------+------+-------+
3 rows in set (0.00 sec)

mysql> delete from student where Sname='張立';
ERROR 1142 (42000): DELETE command denied to user 'vargo'@'192.168.83.181' for table 'student'
mysql> insert into student values(200215121,'李勇','男',20,'CS');
ERROR 1142 (42000): INSERT command denied to user 'vargo'@'192.168.83.181' for table 'student'

成功了//

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

mysql系列【你不知道的索引優化】(面試必問)

前言:相信大家面試的時候肯定被問過這個問題,但很多都是因爲不夠深入,或者瞭解片面而導致好的機會和你失之交臂,其實這個問題答得好是非常加分的,好了不多說了開始… 目錄1、什麼是索引?1.1、B+Tree結構瞭解一下1.2、索引到

Jar壳虫 2020-06-27 23:29:58

mysql系列【mysql優化完結篇】(面試必問)

前言 hello,大家好!博主上篇內容【mysql索引優化】 也是mysql優化的一部分,因爲所以這一塊相對來說內容比較多,所以單獨抽取出來;大家都知道mysql優化是面試中的常客,也是重頭戲,希望這篇內容能給到大家幫助 目錄

Jar壳虫 2020-06-27 23:29:58

數據庫如何實現彈性伸縮

1.寫在前面 在之前文章中,探討過到底爲什麼要雲原生,以及雲原生的核心應該是【彈性伸縮】和【按需計費】。並且簡單描述了下應用層做到【彈性伸縮】所需要解決的問題。 所以本文主要是繼續探討一下,彈性伸縮如何應用在數據庫上。以及目前業界一些案例

Aaron_涛 2020-06-21 20:08:30

MySQL針對某個字段去重查詢

 select * from table group by name   這樣就會去重,默認會取出來每個分組的第一行數據。     如果SQL語句還有limit,order by等條件,必須放在group by後面。 這樣就達到了既去重,

十年蹉跎君莫笑 2020-06-21 02:21:04

MySQL數據庫忘記密碼或是不知道密碼 解決方案

忘記MySQL數據庫密碼就進不去數據庫,也就無法修改密碼,解決方法如下: 1:打開cmd命令符,先關閉正在運行的數據庫,輸入如下命令:net stop mysql       2:打開mysql.exe和mysqld.exe所在的文件夾,

疯狗挨踢 2020-06-19 01:46:53

MySQL-事物隔離級別

 事物隔離級別 讀未提交 讀已提交 可重複度 可串行化 查看事物隔離級別 默認隔離級別爲:可重複度 // MySQL事物隔離級別 select @@tx_isolation; // Oracle數據庫支持READ COMMITTED

好记性不如烂笔头_ 2020-06-16 06:05:15

MySQL-慢查詢、執行計劃

慢查詢日誌記錄 查看是否開啓 show variables like 'log_slow_queries'; 查看慢查詢日誌記錄時間閾值 show variables like 'long_query_time'; 慢查詢配置

好记性不如烂笔头_ 2020-06-16 06:05:15

MySQL-B+Tree索引

總結的很好 結構圖 性質(m叉B+樹): 樹中每個結點至多有m個孩子。 除根結點和葉子結點外,其它每個結點至少有[m/2]個孩子。 若根結點不是葉子結點,則至少有2個孩子。 所有葉子結點都出現在同一層。 每個非終端節點中包含n個關鍵字

好记性不如烂笔头_ 2020-06-16 06:05:15

MySQL 事務(Transaction)篇

一、事務的定義 1、定義: 事務也稱一個最小的不可再分的工作單元,是由一個或多個SQL語句所組成的操作序列,通常一個事務對應一個完整的業務(insert、update、delete語句共同聯合完成),用來維護數據庫的完整性,保證成

DT开发者 2020-06-16 03:19:39

MySQL存儲引擎--MyISAM

MyISAM存儲引擎是MySQL中常見的存儲引擎,曾是MySQL的默認存儲引擎。MyISAM存儲引擎是基於ISAM存儲引擎發展起來的。MyISAM增加了很多有用的擴展。 OK,現在我們來看下MyISAM存儲引擎的文件類型,存儲格式和優缺點

LinkinPark8林肯 2020-06-13 16:56:36

DDL語句--刪除表

刪除表是指刪除數據庫中已經存在的表。刪除表時,會刪除表中的所有數據。因此,我們在刪除表的時候要特別小心。 MySQL中通過DROP TABLE語句來刪除表。由於創建表時可能存在外鍵約束,一些表成爲了與之關聯的表的父類。要刪除這些表,情況

LinkinPark8林肯 2020-06-13 16:56:36

DDL語句--刪除數據庫

刪除數據庫是指在數據庫系統中刪除已經存在的數據庫。 刪除數據庫之後,原來分配的空間將被收回。值得注意的是,刪除數據庫會刪除該數據庫中所有的表和所有數據,因此應該特別小心。 mysql中,刪除數據庫是通過sql語句DROP DATABA

LinkinPark8林肯 2020-06-13 16:56:36

mysql工具篇--Navicat使用詳解

原文出處:http://blog.163.com/magicc_love/blog/static/185853662201341410816902/。感謝作者的無私分享。 Navicat for mysql 是個人使用了幾款mysql客戶

LinkinPark8林肯 2020-06-13 16:56:36

MySQL 事務(Transaction)篇(一)

DT开发者 2020-05-19 06:39:34

MySql系列的一個彙總篇!

陈永佳 2020-03-28 02:24:51