MySQL性能优化从入门到精通(三)
内容简介
mysql权限管理(上一篇博客中创建的双实例还在lb中)
mysql的权限分为5个层级并存储在不同的表中
1、全局层级
这些权限存储在mysql.user表中。
2、数据库层级
这些权限存储在mysql.db和mysql.host表中。
3、表层级
这些权限存储在mysql.tables_priv表中。
4、列层级
这些权限存储在mysql.columns_priv表中。
5、子程序层级
这些权限存存储在mysql.procs_priv表中。
查看权限详情(已全局层级为例)
use mysql;
desc user;
输出
+------------------------+-----------------------------------+------+-----+-----------------------+-------+
| Field | Type | Null | Key | Default | Extra |
+------------------------+-----------------------------------+------+-----+-----------------------+-------+
| Host | char(60) | NO | PRI | | |
| User | char(32) | NO | PRI | | |
| Select_priv | enum('N','Y') | NO | | N | |
| Insert_priv | enum('N','Y') | NO | | N | |
| Update_priv | enum('N','Y') | NO | | N | |
| Delete_priv | enum('N','Y') | NO | | N | |
| Create_priv | enum('N','Y') | NO | | N | |
| Drop_priv | enum('N','Y') | NO | | N | |
| Reload_priv | enum('N','Y') | NO | | N | |
| Shutdown_priv | enum('N','Y') | NO | | N | |
| Process_priv | enum('N','Y') | NO | | N | |
| File_priv | enum('N','Y') | NO | | N | |
| Grant_priv | enum('N','Y') | NO | | N | |
| References_priv | enum('N','Y') | NO | | N | |
| Index_priv | enum('N','Y') | NO | | N | |
| Alter_priv | enum('N','Y') | NO | | N | |
| Show_db_priv | enum('N','Y') | NO | | N | |
| Super_priv | enum('N','Y') | NO | | N | |
| Create_tmp_table_priv | enum('N','Y') | NO | | N | |
| Lock_tables_priv | enum('N','Y') | NO | | N | |
| Execute_priv | enum('N','Y') | NO | | N | |
| Repl_slave_priv | enum('N','Y') | NO | | N | |
| Repl_client_priv | enum('N','Y') | NO | | N | |
| Create_view_priv | enum('N','Y') | NO | | N | |
| Show_view_priv | enum('N','Y') | NO | | N | |
| Create_routine_priv | enum('N','Y') | NO | | N | |
| Alter_routine_priv | enum('N','Y') | NO | | N | |
| Create_user_priv | enum('N','Y') | NO | | N | |
| Event_priv | enum('N','Y') | NO | | N | |
| Trigger_priv | enum('N','Y') | NO | | N | |
| Create_tablespace_priv | enum('N','Y') | NO | | N | |
| ssl_type | enum('','ANY','X509','SPECIFIED') | NO | | | |
| ssl_cipher | blob | NO | | NULL | |
| x509_issuer | blob | NO | | NULL | |
| x509_subject | blob | NO | | NULL | |
| max_questions | int(11) unsigned | NO | | 0 | |
| max_updates | int(11) unsigned | NO | | 0 | |
| max_connections | int(11) unsigned | NO | | 0 | |
| max_user_connections | int(11) unsigned | NO | | 0 | |
| plugin | char(64) | NO | | mysql_native_password | |
| authentication_string | text | YES | | NULL | |
| password_expired | enum('N','Y') | NO | | N | |
| password_last_changed | timestamp | YES | | NULL | |
| password_lifetime | smallint(5) unsigned | YES | | NULL | |
| account_locked | enum('N','Y') | NO | | N | |
+------------------------+-----------------------------------+------+-----+-----------------------+-------+
其中如下这些都是全局权限
Select_priv | enum('N','Y') | NO | | N | |
| Insert_priv | enum('N','Y') | NO | | N | |
| Update_priv | enum('N','Y') | NO | | N | |
| Delete_priv | enum('N','Y') | NO | | N | |
| Create_priv | enum('N','Y') | NO | | N | |
| Drop_priv | enum('N','Y') | NO | | N | |
| Reload_priv | enum('N','Y') | NO | | N | |
| Shutdown_priv | enum('N','Y') | NO | | N | |
| Process_priv | enum('N','Y') | NO | | N | |
| File_priv | enum('N','Y') | NO | | N | |
| Grant_priv | enum('N','Y') | NO | | N | |
| References_priv | enum('N','Y') | NO | | N | |
| Index_priv | enum('N','Y') | NO | | N | |
| Alter_priv | enum('N','Y') | NO | | N | |
| Show_db_priv | enum('N','Y') | NO | | N | |
| Super_priv | enum('N','Y') | NO | | N | |
| Create_tmp_table_priv | enum('N','Y') | NO | | N | |
| Lock_tables_priv | enum('N','Y') | NO | | N | |
| Execute_priv | enum('N','Y') | NO | | N | |
| Repl_slave_priv | enum('N','Y') | NO | | N | |
| Repl_client_priv | enum('N','Y') | NO | | N | |
| Create_view_priv | enum('N','Y') | NO | | N | |
| Show_view_priv | enum('N','Y') | NO | | N | |
| Create_routine_priv | enum('N','Y') | NO | | N | |
| Alter_routine_priv | enum('N','Y') | NO | | N | |
| Create_user_priv | enum('N','Y') | NO | | N | |
| Event_priv | enum('N','Y') | NO | | N | |
| Trigger_priv | enum('N','Y') | NO | | N | |
| Create_tablespace_priv | enum('N','Y') | NO | | N | |
常用权限
| 权限名称 | 权限级别 | 权限说明 |
|---|---|---|
| CREATE | 数据库、表或索引 | 创建数据库、表或者索引 |
| DROP | 数据库、表 | 删除数据库或表 |
| ALTER | 表 | 删除表 |
| INSERT | 表 | 插入权限 |
| DELETE | 表 | 删除数据权限 |
| UPDATE | 表 | 更新权限 |
| SELECT | 表 | 查询权限 |
| INDEX | 表 | 索引 |
mysql添加用户并添加相应的权限
添加test用户
create user test;
给test用户设置select权限
grant select on mydatabase.* to test@'%' identified by 'xxxx';
命令讲解
grant 权限 on 作用范围 to 用户@'登录IP' identified by '密码';
权限可以是一个或者多个
作用范围可以是所有的数据库的表或者指定数据的指定表
mydatabase.*:mydatabase下的所有表
mydatabase.t1:mydatabase下的t1表
登录IP可以是全部ip,指定的单个IP或者IP段
%:所有ip
192.168.100.100:指定ip
192.168.100.%:指定ip段
查看刚刚设置的权限是否生效
查询数据
select * from user;
输出
+----+--------+-----+--------+
| id | name | age | gender |
+----+--------+-----+--------+
| 1 | 张三 | 18 | 1 |
| 2 | 李四 | 18 | 1 |
| 3 | 李四 | 18 | 1 |
| 4 | 李四 | 18 | 1 |
| 5 | 李四 | 18 | 1 |
| 6 | 李四 | 18 | 1 |
| 7 | 李四 | 18 | 1 |
| 8 | 李四 | 18 | 1 |
| 9 | 李四 | 18 | 1 |
+----+--------+-----+--------+
插入数据
insert into user(name,age,gender) values('王五',18,1);
输出
ERROR 1142 (42000): INSERT command denied to user 'test'@'localhost' for table 'user'
使用root用户插入数据
insert into user(name,age,gender) values('王五',18,1);
输出
Query OK, 1 row affected (0.00 sec)
再用test用户查询数据,输出
mysql> insert into user(name,age,gender) values('王五',18,1);
ERROR 1142 (42000): INSERT command denied to user 'test'@'localhost' for table 'user'
mysql> select * from user;
+----+--------+-----+--------+
| id | name | age | gender |
+----+--------+-----+--------+
| 1 | 张三 | 18 | 1 |
| 2 | 李四 | 18 | 1 |
| 3 | 李四 | 18 | 1 |
| 4 | 李四 | 18 | 1 |
| 5 | 李四 | 18 | 1 |
| 6 | 李四 | 18 | 1 |
| 7 | 李四 | 18 | 1 |
| 8 | 李四 | 18 | 1 |
| 9 | 李四 | 18 | 1 |
| 10 | 王五 | 18 | 1 |
+----+--------+-----+--------+
10 rows in set (0.00 sec)
权限回收
mysql的权限多次设置,权限不是覆盖,而是叠加集成
先查看用户权限
show grants for test@'%';
输出
+----------------------------------------------+
| Grants for test@% |
+----------------------------------------------+
| GRANT USAGE ON *.* TO 'test'@'%' |
| GRANT SELECT ON `mydatabase`.* TO 'test'@'%' |
+----------------------------------------------+
收回test用户权限
revoke select on mydatabase.* from test@'%';
退出test登录mysql,重新登录
use mydatabase;
输出
ERROR 1044 (42000): Access denied for user 'test2'@'%' to database 'mydatabase'
特殊权限
with grant option
with grant option可以给其他mysql用户设置权限