MySQL 8.0文档阅读:账号管理

管理员密码

新版的linux版mysql安装后, 会自动为root设置一个临时随机密码

grep 'temporary password' /var/log/mysqld.log
2019-03-12T05:05:20.587838Z 5 [Note] [MY-010454] [Server] 
A temporary password is generated for root@localhost: hM,c;h,4r)u!

修改密码

默认要求密码包括大小写, 字母, 数字, 特殊符号

mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'qW123456!';

密码安全强度设定

https://dev.mysql.com/doc/refman/8.0/en/validate-password-options-variables.html

mysql> SHOW VARIABLES LIKE 'validate_password.%';
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password.check_user_name    | ON     |
| validate_password.dictionary_file    |        |
| validate_password.length             | 8      |
| validate_password.mixed_case_count   | 1      |
| validate_password.number_count       | 1      |
| validate_password.policy             | MEDIUM |
| validate_password.special_char_count | 1      |
+--------------------------------------+--------+
7 rows in set (0.01 sec)

可以修改强度设置

mysql> set persist validate_password.special_char_count=0;
mysql> set persist validate_password.mixed_case_count=0;
mysql> set persist validate_password.number_count=0;
mysql> set persist validate_password.length=6;

mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY '123456';

显示已创建的账号

https://dev.mysql.com/doc/refman/8.0/en/show-grants.html

mysql> select user,host from mysql.user;
+------------------+-----------+
| user             | host      |
+------------------+-----------+
| mysql.infoschema | localhost |
| mysql.session    | localhost |
| mysql.sys        | localhost |
| root             | localhost |
+------------------+-----------+

显示账号的权限

mysql> SHOW GRANTS FOR 'root'@'localhost';

注意引号问题

创建账号

https://dev.mysql.com/doc/refman/8.0/en/create-user.html

mysql> CREATE USER 'test'@'localhost' IDENTIFIED BY '123456';

设置账号权限

授权 https://dev.mysql.com/doc/refman/8.0/en/grant.html
撤回权限 https://dev.mysql.com/doc/refman/8.0/en/revoke.html

重新加载权限 https://dev.mysql.com/doc/refman/8.0/en/flush.html#flush-privileges
如果修改了某个账号权限, 这个账号下次重新登录之后, 才会使用新权限.

GRANT SELECT on *.* TO 'test'@'localhost';
REVOKE SELECT ON *.* from 'test'@'localhost';

flush privileges;

角色及权限

https://dev.mysql.com/doc/refman/8.0/en/create-role.html

CREATE ROLE 'test-role';
CREATE ROLE 'webapp'@'localhost';

grant select on *.* to 'test-role';

设置账号角色

grant 'test-role'@'%' to 'test'@'localhost';
SET DEFAULT ROLE 'test-role' to 'test'@'localhost';