TiDB入门篇-用户管理与安全

简介

简单的介绍用户的管理和安全。

操作

创建用户和创建角色&修改密码

mysql --host 192.168.66.10 --port 4000 -u root -p
#创建一个用户
create user'jack'@'192.168.66.10' identified by 'pingcap';
#创建2个新角色
create role r_manager,r_staff;
#查询mysql.user表的user,host 和 authentication_string 列,确认新的用户和角色是否已经被创建了
select user,host,authentication_string from mysql.user\G

mysql> select user,host,authentication_string from mysql.user\G
*************************** 1. row ***************************
                 user: root
                 host: %
authentication_string: 
*************************** 2. row ***************************
                 user: jack
                 host: 192.168.66.10
authentication_string: *926E4B88EB93FD344DF0870EE025D6EB153C02DE
*************************** 3. row ***************************
                 user: r_manager
                 host: %
authentication_string: 
*************************** 4. row ***************************
                 user: r_staff
                 host: %
authentication_string: 
4 rows in set (0.00 sec)

#上面创建的角色是没有密码的
查询角色r_staff的详细信息
select * from mysql.user where user='r_staff' \G
Account_locked: Y
authentication_string: 为空

#修改jack的密码
alter user 'jack'@'192.168.66.10' identified by 'tidb';
exit;
#测试登录
mysql --host 192.168.66.10 --port 4000 -u jack -ptidb

角色和用户的删除


mysql --host 192.168.66.10 --port 4000 -u root -p
#删除角色
drop role r_staff;
select * from mysql.user where user='r_staff';

mysql> select * from mysql.user where user='r_staff';
Empty set (0.00 sec)

#删除用户
drop user 'jack'@'192.168.66.10';
select * from mysql.user where user='jack';

权限管理


mysql --host 192.168.66.10 --port 4000 -u root -p
#删除角色
drop role r_staff;
select * from mysql.user where user='r_staff';

mysql> select * from mysql.user where user='r_staff';
Empty set (0.00 sec)

#删除用户
drop user 'jack'@'192.168.66.10';
select * from mysql.user where user='jack';

#权限管理
use test;
create table emp (id int,name varchar(20));
insert into emp values(1,'tom');
insert into emp values(1,'jack');
create user'jack'@'192.168.66.10' identified by 'pingcap';
create role r_mgr,r_emp;
#将test库下面的emp的读权限赋值给角色r_emp
grant select on test.emp to r_emp;
#将test库下面的所有表的insert,update和delete 权限赋权给角色r_mgr;
grant insert,update,delete on test.* to r_mgr;

create table dept (id int,dname varchar(20));
insert into dept values(1,'dev');
insert into dept values(2,'sales');

grant select on test.dept to 'jack'@'192.168.66.10';

#用jack用户登录看下效果
mysql --host 192.168.66.10 --port 4000 -u jack -ppingcap

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| INFORMATION_SCHEMA |
| test               |
+--------------------+
2 rows in set (0.00 sec)

mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| dept           |
+----------------+
1 row in set (0.00 sec)

mysql> select * from dept;
+------+-------+
| id   | dname |
+------+-------+
|    1 | dev   |
|    2 | sales |
+------+-------+
2 rows in set (0.00 sec)

delete from dept;
mysql> delete from dept;
ERROR 1142 (42000): DELETE command denied to user 'jack'@'192.168.66.10' for table 'dept'

赋予用户角色

#将角色r_emp赋予 r_mgr 和用户'jack'@'192.168.66.10'
grant r_emp to r_mgr,'jack'@'192.168.66.10';
#jack用户重新登录
mysql --host 192.168.66.10 --port 4000 -u jack -ppingcap
use test;
select current_role();
#登录进来以后没有看到任何角色
Database changed
mysql> select current_role();
+----------------+
| current_role() |
+----------------+
| NONE           |
+----------------+
1 row in set (0.00 sec)

show grants;

mysql> show grants;
+-----------------------------------------------------+
| Grants for User                                     |
+-----------------------------------------------------+
| GRANT USAGE ON *.* TO 'jack'@'192.168.66.10'        |
| GRANT SELECT ON test.dept TO 'jack'@'192.168.66.10' |
| GRANT 'r_emp'@'%' TO 'jack'@'192.168.66.10'         |
+-----------------------------------------------------+
3 rows in set (0.01 sec)

#开启角色功能才能有对应的角色权限
set role all;
select current_role();

mysql> select current_role();
+----------------+
| current_role() |
+----------------+
| `r_emp`@`%`    |
+----------------+
1 row in set (0.00 sec)

mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| dept           |
| emp            |
+----------------+
2 rows in set (0.00 sec)

你可能感兴趣的:(Tidb入门到小工,tidb,安全,mysql)