MySQL用户和权限管理

元数据数据库:mysql

系统授权表:
db,host,user
columns_priv,tables_priv,procs_priv,proxies_priv

用户账号:

'USERNAME'@'HOST'

  • @'HOST':
     主机名;
     IP地址 或 Network;
     通配符:
     %,_:172.16.%.%

用户管理:CREATE USER

CREATE USER 'USER'@'HOST' [IDENTIFIED BY 'password'];
默认权限:USAGE

用户重命名:RENAME USER

RENAME USER old_user_name TO new_user_name;

删除用户:

DROP USER 'USERNAME'@'HOST';

  • 示例:删除默认的空用户
    DROP USER ''@'localhost';

修改密码:

  • 方法1:SET PASSWORD FOR 'user'@'host' = PASSWORD('password');
  • 方法2:UPDATE mysql.user SET password = PASSWORD('your_password') WHERE clause;
    此方法需要执行FLUSH PRIVILEGES;指令才能生效
  • 方法3:mysqladmin -u root -poldpass password 'newpass'

忘记管理员密码的解决办法:

  • 启动 mysqld 进程时,为其使用如下选项:
    --skip-grant-tables --skip-networking
  • 使用 UPDATE 命令修改管理员密码
  • 关闭 mysqld 进程,移除上述两个选项,重启 mysqld

权限管理

权限类别

  • 数据库级别
  • 标级别
  • 字段级别
  • 管理类
  • 程序类

管理类:

CREATE TEMPORARY TABLES
CREATE USER
FILE
SUPER
SHOW DATABASES
RELOAD
SHUTDOWN
REPLICATION SLAVE
REPLICATION CLIENT
LOCK TABLES
PROCESS

程序类:FUNCTION、PROCEDURE、TRIGGER

CREATE
ALTER
DROP
EXCUTE

库和表级别:DATABASE、TABLE

ALTER
CREATE
CREATE VIEW
DROP
INDEX
SHOW VIEW
GRANT OPTION:能将自己获得的权限转增给其他用户

数据操作:

SELECT
INSERT
DELETE
UPDATE

字段级别:

SELECT(col1,col2,...)
UPDATE(col1,col2,...)
INSERT(col1,col2,...)

所有权限:

ALL PRIVILEGES 或 ALL

授权

参考:https://dev.mysql.com/doc/refman/5.7/en/grant.html

授予权限

格式:

GRANT
    priv_type [(column_list)]
      [, priv_type [(column_list)]] ...
    ON [object_type] priv_level
    TO user_specification [, user_specification] ...
    [REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
    [WITH with_option ...]

GRANT PROXY ON user_specification
    TO user_specification [, user_specification] ...
    [WITH GRANT OPTION]

object_type:
    TABLE
  | FUNCTION
  | PROCEDURE

priv_level:
    *
  | *.*
  | db_name.*
  | db_name.tbl_name
  | tbl_name
  | db_name.routine_name

user_specification:
    user
    [
        IDENTIFIED BY [PASSWORD] 'password'
      | IDENTIFIED WITH auth_plugin [AS 'auth_string']
    ]

ssl_option:
    SSL
  | X509
  | CIPHER 'cipher'
  | ISSUER 'issuer'
  | SUBJECT 'subject'

with_option:
    GRANT OPTION
  | MAX_QUERIES_PER_HOUR count
  | MAX_UPDATES_PER_HOUR count
  | MAX_CONNECTIONS_PER_HOUR count
  | MAX_USER_CONNECTIONS count

示例:

GRANT SELECT(col1,col2),INSERT(col1,col2) ON mydb.mytbl TO 'someusser'@'somehost';

回收权限:

格式:

REVOKE
    priv_type [(column_list)]
      [, priv_type [(column_list)]] ...
    ON [object_type] priv_level
    FROM user [, user] ...

REVOKE ALL PRIVILEGES, GRANT OPTION
    FROM user [, user] ...

REVOKE PROXY ON user
    FROM user [, user] ...

示例:

REVOKE DELETE ON testdb.* FROM 'testuser'@'%';

查看指定用户获得的授权:

help SHOW GRANTS
SHOW GRANTS FOR 'user'@'host';
SHOW GRANTS FOR CURRENT_USER[()];

注意:
MariaDB服务进程启动时会读取mysql库中所有授权表至内存

  1. GRANT 或 REVOKE 等执行权限操作会保存于系统表中,MariaDB 的服务进程通常会自动重读授权表,使之生效
  2. 对于不能够或不能及时重读授权表的命令,可手动让MariaDB的服务进程重读授权表:mysql> FLUSH PRIVILEGES;

你可能感兴趣的:(MySQL用户和权限管理)