查看用户权限、授予用户权限、收回用户权限命令总结:
| 项 | 命令示例 |
|---|---|
| 查看用户权限 | show grants; show grants for chushiyan@localhost; |
| 授予用户权限 | grant insert on test.* to chushiyan@localhost; grant delete on test.* to chushiyan@localhost; grant update on test.* to chushiyan@localhost; grant select on test.* to chushiyan@localhost; |
| 收回用户权限 | revoke insert,delete,update,select on test.* from chushiyan@localhost; revoke all on test.* from chushiyan@localhost; revoke all ,grant option from chushiyan@localhost; |
具体详情见下。
一、查看用户权限
(一)使用show grant命令查看用户权限
1、查询当前用户权限:
show grants;
示例:
mysql> show grants;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*7BB4897EB74329520EE1456DDA7DC45ED2CA2AD0' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
2、查看指定用户的权限
show grants for chushiyan@localhost;
首先创建用户chushiyan,然后授予test库的查询权限
create user chushiyan@localhost identified by “123456”;
grant select on test.* to chushiyan@localhost;
查看用户chushiyan的权限:
mysql> show grants for chushiyan@localhost ;
+------------------------------------------------------------------------------------------------------------------+
| Grants for chushiyan@localhost |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'chushiyan'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT SELECT ON `test`.* TO 'chushiyan'@'localhost' |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
show grants命令将授权语句都打印出来了。第一条记录是使用create user命令创建用户chushiyan时默认的授权,第二条就是我们授予的test库的查询权限。
(二)使用select直接查询mysql.user表查看用户权限
SELECT * FROM mysql.user WHERE user='chushiyan'\G
注释:\G使查询到的每列打印到单独的行,也有’;'的作用
mysql> SELECT * FROM mysql.user WHERE user='chushiyan'\G
*************************** 1. row ***************************
Host: localhost
User: chushiyan
Password: *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
1 row in set (0.00 sec)
二、授予用户权限
示例:授予test库中所有表的增删改查权限:
grant insert on test.* to chushiyan@localhost;
grant delete on test.* to chushiyan@localhost;
grant update on test.* to chushiyan@localhost;
grant select on test.* to chushiyan@localhost;
授权后查看该用户的权限:
mysql> show grants for chushiyan@localhost ;
+------------------------------------------------------------------------------------------------------------------+
| Grants for chushiyan@localhost |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'chushiyan'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.* TO 'chushiyan'@'localhost' |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
那mysql中都有哪些权限?
mysql中用户的权限:
| 权限类型 | 权限说明 |
|---|---|
| All/All Privileges | 代表全局或者全数据库对象级别的所有权限 |
| Alter | 代表允许修改表结构的权限,但必须要求有create和insert权限配合。如果是rename表名,则要求有alter和drop原表, create和insert新表的权限 |
| Alter routine | 代表允许修改或者删除存储过程、函数的权限 |
| Create | 代表允许创建新的数据库和表的权限 |
| Create routine | 代表允许创建存储过程、函数的权限 |
| Create tablespace | 代表允许创建、修改、删除表空间和日志组的权限 |
| Create temporary tables | 代表允许创建临时表的权限 |
| Create user | 代表允许创建、修改、删除、重命名user的权限 |
| Create view | 代表允许创建视图的权限 |
| Delete | 允许执行delete操作 |
| Drop | 代表允许删除数据库、表、视图的权限,包括truncate table命令 |
| Event | 代表允许查询,创建,修改,删除MySQL事件 |
| Execute | 代表允许执行存储过程和函数的权限 |
| File | 代表允许在MySQL可以访问的目录进行读写磁盘文件操作,可使用的命令包括load data infile,select … into outfile,load file()函数 |
| Grant option | 代表是否允许此用户授权或者收回给其他用户你给予的权限,重新付给管理员的时候需要加上这个权限 |
| Index | 代表是否允许创建和删除索引 |
| Insert | 代表是否允许在表里插入数据,同时在执行analyze table,optimize table,repair table语句的时候也需要insert权限 |
| Lock tables | 代表允许对拥有select权限的表进行锁定,以防止其他链接对此表的读或写 |
| Process | 代表允许查看MySQL中的进程信息,比如执行show processlist, mysqladmin processlist, show engine等命令 |
| Reference | 是在5.7.6版本之后引入,代表是否允许创建外键 |
| Reload | 代表允许执行flush命令,指明重新加载权限表到系统内存中,refresh命令代表关闭和重新开启日志文件并刷新所有的表 |
| lication client | 代表允许执行show master status,show slave status,show binary logs命令 |
| Replication slave | 代表允许slave主机通过此用户连接master以便建立主从复制关系 |
| Select | 允许执行select操作 |
| Show databases | 代表允许执行show databases命令查看所有的数据库名 |
| Show view | 代表允许执行show create view命令查看视图创建的语句 |
| Shutdown | 代表允许关闭数据库实例,执行语句包括mysqladmin shutdown |
| Super | 代表允许执行一系列数据库管理命令,包括kill强制关闭某个连接命令, change master to创建复制关系命令,以及create/alter/drop server等命令 |
| Trigger | 代表允许创建,删除,执行,显示触发器的权限 |
| Update | 允许执行update操作 |
| Usage | 是创建一个用户之后的默认权限,其本身代表连接登录权限。使用create user语句创建的用户,默认就拥有这个usage权限,但是除了能登录之外, |
三、收回用户权限
(一)收回指定权限
收回前面授予test库中所有表的增删改查权限:
revoke insert,delete,update,select on test.* from chushiyan@localhost;
或者也可以通过下面命令收回对test库中所有表的所有权限:
revoke all privileges on test.* from chushiyan@localhost;
# 当然省略privileges也可以:
revoke all on test.* from chushiyan@localhost;
特殊情况:
1、usage权限是用户一经创建就拥有的,使用revoke命令无法收回:
mysql> revoke usage on *.* from chushiyan@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for chushiyan@localhost ;
+------------------------------------------------------------------------------------------------------------------+
| Grants for chushiyan@localhost |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'chushiyan'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
+------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
(二)收回所有权限
下面这个命令会收回该用户所有权限(当然除了用户一创建就有的usage权限)
revoke all ,grant option from chushiyan@localhost;
mysql> revoke all ,grant option from chushiyan@localhost;
Query OK, 0 rows affected (0.01 sec)
mysql> show grants for chushiyan@localhost ;
+------------------------------------------------------------------------------------------------------------------+
| Grants for chushiyan@localhost |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'chushiyan'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
+------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)