MySQL中的账号与权限管理
MySQL权限管理
权限系统的工作原理
权限表的存取
表名 | user | db | host |
用户列 | User | Host | Host |
Password | Db | Db | |
权限列 | Select_priv | User | Select_priv |
Insert_priv | Select_priv | Insert_priv | |
Update_priv | Insert_priv | Update_priv | |
Delete_priv | Update_priv | Delete_priv | |
Create_priv | Delete_priv | Create_priv | |
Drop_priv | Create_priv | Drop_priv | |
Reload_priv | Drop_priv | Grant_priv | |
Shutdown_priv | Grant_priv | References_priv | |
Process_priv | References_priv | Index_priv | |
File_priv | Index_priv | Alter_priv | |
Grant_priv | Alter_priv | Create_tmp_table_priv | |
References_priv | Create_tmp_table_priv | Lock_tables_priv | |
Index_priv | Lock_tables_priv | Create_view_priv | |
Alter_priv | Create_view_priv | Show_view_priv | |
Show_db_priv | Show_view_priv | Create_routine_priv | |
Super_priv | Create_routine_priv | Alter_routine_priv | |
Create_tmp_table_priv | Alter_routine_priv | Execute_priv | |
Lock_tables_priv | Execute_priv | Trigger_priv | |
Execute_priv | Event_priv | ||
Repl_slave_priv | Trigger_priv | ||
Repl_client_priv | |||
Create_view_priv | |||
Show_view_priv | |||
Create_routine_priv | |||
Alter_routine_priv | |||
Create_user_priv | |||
Event_priv | |||
Trigger_priv | |||
Create_tablespace_priv | |||
安全列 | ssl_type | ||
ssl_cipher | |||
x509_issuer | |||
x509_subject | |||
max_questions | |||
max_updates | |||
max_connections | |||
max_user_connections |
- 先从user表中的host、user和passwd这3个字段中判断连接的IP、用户名和密码是否存在于表中,如果存在,则通过身份验证,否则拒绝连接。
- 如果通过身份验证,则按照以下权限表的顺序得到数据库权限:user->db->tables_priv->coloumns_priv。
mysql> grant select on *.* to cqh@localhost;
Query OK, 0 rows affected (0.05 sec)
mysql> select * from user where user='cqh' and host='localhost' \G
*************************** 1. row ***************************
Host: localhost
User: cqh
Password:
Select_priv: Y
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
...
mysql> select * from db where user='cqh';
Empty set (0.00 sec)
mysql> revoke select on *.* from cqh@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> grant select on test.* to cqh@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> select * from user where user='cqh' and host='localhost' \G
*************************** 1. row ***************************
Host: localhost
User: cqh
Password:
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
Event_priv: N
Trigger_priv: N
Create_tablespace_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin:
authentication_string: NULL
1 row in set (0.00 sec)
mysql> select * from db where user='cqh'\G
*************************** 1. row ***************************
Host: localhost
Db: test
User: cqh
Select_priv: Y
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Execute_priv: N
Event_priv: N
Trigger_priv: N
1 row in set (0.00 sec)
账号管理
方式一.创建账号
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
[WITH with_option ...]
GRANT PROXY ON user_specification
TO user_specification [, user_specification] ...
[WITH GRANT OPTION]
object_type:
TABLE
| FUNCTION
| PROCEDURE
mysql> grant all privileges on *.* to cqh@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> select * from user where user='cqh' and host='localhost' \G
*************************** 1. row ***************************
Host: localhost
User: cqh
Password:
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: Y
Shutdown_priv: Y
Process_priv: Y
File_priv: Y
Grant_priv: N
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: Y
Super_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Execute_priv: Y
Repl_slave_priv: Y
Repl_client_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Create_user_priv: Y
Event_priv: Y
Trigger_priv: Y
Create_tablespace_priv: Y
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin:
authentication_string: NULL
1 row in set (0.00 sec)
mysql> grant all privileges on *.* to cqh@localhost with grant option;
Query OK, 0 rows affected (0.00 sec)
mysql> select * from user where user='cqh' and host='localhost' \G
*************************** 1. row ***************************
Host: localhost
User: cqh
Password:
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: Y
Shutdown_priv: Y
Process_priv: Y
File_priv: Y
Grant_priv: Y
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: Y
Super_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Execute_priv: Y
Repl_slave_priv: Y
Repl_client_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Create_user_priv: Y
Event_priv: Y
Trigger_priv: Y
Create_tablespace_priv: Y
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin:
authentication_string: NULL
1 row in set (0.00 sec)
mysql> grant all privileges on *.* to cqh@localhost identified by '123' with grant option;
Query OK, 0 rows affected (0.00 sec)
mysql> select * from user where user='cqh' and host='localhost' \G
*************************** 1. row ***************************
Host: localhost
User: cqh
Password: *23AE809DDACAF96AF0FD78ED04B6A265E05AA257
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: Y
Shutdown_priv: Y
Process_priv: Y
File_priv: Y
Grant_priv: Y
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: Y
Super_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Execute_priv: Y
Repl_slave_priv: Y
Repl_client_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Create_user_priv: Y
Event_priv: Y
Trigger_priv: Y
Create_tablespace_priv: Y
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin:
authentication_string: NULL
1 row in set (0.00 sec)
mysql> grant select,insert,update,delete on test.* to 'chenqionghe'@'%' identified by '123';
Query OK, 0 rows affected (0.00 sec)
mysql> select * from user where user='chenqionghe' and host='%' \G
*************************** 1. row ***************************
Host: %
User: chenqionghe
Password: *23AE809DDACAF96AF0FD78ED04B6A265E05AA257
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
Event_priv: N
Trigger_priv: N
Create_tablespace_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin:
authentication_string: NULL
1 row in set (0.00 sec)
mysql> select * from db where user='chenqionghe' and host='%' \G
*************************** 1. row ***************************
Host: %
Db: test
User: chenqionghe
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: N
Drop_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Execute_priv: N
Event_priv: N
Trigger_priv: N
1 row in set (0.00 sec)
- Host值可以是主机名或IP号,或“localhost"批出本地主机
- 可以在Host列值使用通配符字符“%”和“_”。
- Host值“%”匹配任何主机名,空Host值等价于“%”。它们的含义与LIKE操作符的模式匹配操作相同。例如,“%”的Host值与所有主机名匹配,而“%.mysql.com”匹配mysql.com域的所有主机。
Host值 | User值 | 被条目匹配的连接 |
cqh.loc.gov | cqh | cqh,从cqh.loc.gov连接 |
cqh.loc.gov | 任何用户,从cqh.loc.gov连接 | |
% | cqh | cqh,从任何主机连接 |
% | 任何用户,从任何主机连接 | |
%.loc.gov | cqh | cqh,从在loc.gov域的任何主机连接 |
x.y.% | cqh | cqh,从x.y.net、x.y.com、x.y.edu等连接 |
114.115.166.177 | cqh | cqh,从有114.115.166.177IP地址的主机连接 |
114.115.166.% | cqh | cqh,从144.155.166C类子网的任何主机连接 |
- 服务器在启动时读入user表后进行排序;
- 然后当用户试图连接时,以排序的顺序浏览条目;
- 服务器使用与客户端和用户名匹配的第一行。
mysql> grant super,process,file on *.* to 'cqh2'@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> grant super,process,file on test.* to 'cqh2'@'%';
ERROR 1221 (HY000): Incorrect usage of DB GRANT and GLOBAL PRIVILEGES
mysql> grant usage on *.* to 'cqh3'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
[root@iZ28dr6w0qvZ ~]# mysql -ucqh3
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1640
Server version: 5.5.37-log MySQL Community Server (GPL)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
mysql> grant select,insert,update,delete on test.* to 'chenqionghe'@'%' identified by '123';
方式二:直接操作权限表
直接操作权限表如下:
[root@iZ28dr6w0qvZ ~]# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1560
Server version: 5.5.37-log MySQL Community Server (GPL)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use mysql;
Database changed
mysql> insert into db (host,db,user,select_priv,insert_priv,update_priv,delete_priv) values ('%','test','chenqionghe','Y','Y','Y','Y');
Query OK, 1 row affected (0.00 sec)
mysql> flush privileges; mysql> exit;
Bye
[root@iZ28dr6w0qvZ ~]# mysql -ucqh3
ERROR 1045 (28000): Access denied for user 'cqh3'@'localhost' (using password: NO)
[root@iZ28dr6w0qvZ ~]# mysql -ucqh3 -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1643
Server version: 5.5.37-log MySQL Community Server (GPL)
Copyright (c) 2000, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.00 sec)
查看和更改账号的权限
查看权限
show grants for user@host;
mysql> show grants for cqh@localhost;
+---------------------------------------------------------------------------------------------------------------------------------------+
| Grants for cqh@localhost |
+---------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'cqh'@'localhost' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257' WITH GRANT OPTION |
| GRANT SELECT ON `test`.* TO 'cqh'@'localhost' |
+---------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for chenqionghe;
+------------------------------------------------------------------------------------------------------------+
| Grants for chenqionghe@% |
+------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'chenqionghe'@'%' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257' |
+------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> select * from SCHEMA_PRIVILEGES where grantee="'cqh'@'localhost'";
+-------------------+---------------+--------------+----------------+--------------+
| GRANTEE | TABLE_CATALOG | TABLE_SCHEMA | PRIVILEGE_TYPE | IS_GRANTABLE |
+-------------------+---------------+--------------+----------------+--------------+
| 'cqh'@'localhost' | def | test | SELECT | NO |
+-------------------+---------------+--------------+----------------+--------------+
1 row in set (0.00 sec)
更改权限
mysql> show grants for cqh3@localhost;
+------------------------------------------+
| Grants for cqh3@localhost |
+------------------------------------------+
| GRANT USAGE ON *.* TO 'cqh3'@'localhost' |
+------------------------------------------+
1 row in set (0.00 sec)
mysql> grant select on *.* to 'cqh3'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for cqh3@localhost;
+-------------------------------------------+
| Grants for cqh3@localhost |
+-------------------------------------------+
| GRANT SELECT ON *.* TO 'cqh3'@'localhost' |
+-------------------------------------------+
1 row in set (0.00 sec)
mysql> show grants for cqh3@localhost;
+-------------------------------------------+
| Grants for cqh3@localhost |
+-------------------------------------------+
| GRANT SELECT ON *.* TO 'cqh3'@'localhost' |
+-------------------------------------------+
1 row in set (0.00 sec)
mysql> grant select,insert on *.* to 'cqh3'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for cqh3@localhost;
+---------------------------------------------------+
| Grants for cqh3@localhost |
+---------------------------------------------------+
| GRANT SELECT, INSERT ON *.* TO 'cqh3'@'localhost' |
+---------------------------------------------------+
1 row in set (0.00 sec)
REVOKE
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
FROM user [, user] ...
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...
REVOKE PROXY ON user
FROM user [, user] ...
mysql> revoke select,insert on *.* from cqh3@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for cqh3@localhost;
+------------------------------------------+
| Grants for cqh3@localhost |
+------------------------------------------+
| GRANT USAGE ON *.* TO 'cqh3'@'localhost' |
+------------------------------------------+
1 row in set (0.00 sec)
mysql> show grants for cqh3@localhost;
+------------------------------------------+
| Grants for cqh3@localhost |
+------------------------------------------+
| GRANT USAGE ON *.* TO 'cqh3'@'localhost' |
+------------------------------------------+
1 row in set (0.00 sec)
mysql> revoke usage on *.* from cqh@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for cqh3@localhost;
+------------------------------------------+
| Grants for cqh3@localhost |
+------------------------------------------+
| GRANT USAGE ON *.* TO 'cqh3'@'localhost' |
+------------------------------------------+
1 row in set (0.00 sec)
修改密码
shell> mysqladmin -u user_name -h host_name password "newpwd"
SET PASSWORD FOR 'chenqionghe'@'%' = PASSWORD('cqh123');
SET PASSWORD = PASSWORD('cqh123');
GRANT USAGE ON *.* TO 'chenqionghe'@'%' IDENTIFIED BY 'cqh123';
mysql> INSERT INTO user (Host,User,Password) VALUES('%','chenqionghe',PASSWORD('333333'));
mysql> FLUSH PRIVILEGES;
mysql> UPDATE user SET Password = PASSWORD('333333') WHERE Host='%' AND User='chenqionghe';
mysql> FLUSH PRIVILEGES;
删除账号
DROP USER user [, user] ...
mysql> show grants for cqh3@localhost;
+------------------------------------------+
| Grants for cqh3@localhost |
+------------------------------------------+
| GRANT USAGE ON *.* TO 'cqh3'@'localhost' |
+------------------------------------------+
1 row in set (0.00 sec)
mysql> drop user cqh3@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for cqh3@localhost;
ERROR 1141 (42000): There is no such grant defined for user 'cqh3' on host 'localhost'
MySQL中的账号与权限管理的更多相关文章
- 在MySql中实现MemberShip的权限管理
步骤: 1.在MySql种创建一个数据库,名称任意取,我们只是要得到一个空的数据库,我们假设这个数据库的名称为authentication. 2.在VS种创建一个Web应用程序,File——new—— ...
- Mysql数据库用户及用户权限管理,Navicat设置用户权限
Mysql数据库用户及用户权限管理,Navicat设置用户权限 一.Mysql数据库的权限 1.1 mysql数据库用户权限级别 1.2 mysql数据库用户权限 1.3 存放用户权限表的说明 二.用 ...
- 练习:python 操作Mysql 实现登录验证 用户权限管理
python 操作Mysql 实现登录验证 用户权限管理
- mysql用户授权、数据库权限管理、sql语法详解
mysql用户授权.数据库权限管理.sql语法详解 —— NiceCui 某个数据库所有的权限 ALL 后面+ PRIVILEGES SQL 某个数据库 特定的权限SQL mysql 授权语法 SQL ...
- Yii框架中使用SRBAC作为权限管理模块时遇到的问题
Yii框架中使用SRBAC作为权限管理模块时遇到的问题 看到Yii中提供RBAC的插件,SRBAC,就想用用. 结果按照手册上的安装办法,整来整去,安装完了,可就是进不了权限管理界面. 最后想到, ...
- HDFS、Yarn、Hive…MRS中使用Ranger实现权限管理全栈式实践
摘要:Ranger为组件提供基于PBAC的鉴权插件,供组件服务端运行,目前支持Ranger鉴权的组件有HDFS.Yarn.Hive.HBase.Kafka.Storm和Spark2x,后续会支持更多组 ...
- MySQL学习笔记二:权限管理
1. 创建和删除用户,mysql中的用户是由用户名和主机名来确定的 create user "user_name@host_name" identified by passwd; ...
- MaxCompute 项目子账号做权限管理
场景: 一个企业使用多款阿里云产品,MaxCompute是其中一个产品,用的是同个主账号,主账号不是由使用MaxCompute的大数据同学管理, 大数据同学使用的是子账号.大数据同学日常需要给Max ...
- ci中简单实用的权限管理
实用的权限管理 对多数网站来说,使用完整的rbac权限管理杀鸡用牛刀绝对的吃力不讨好,因为我们只是简单分角色然后对角色进行管理行使其相对于的角色赋予的权限; 在实际的开发中用位运算来对权限进行验证是十 ...
随机推荐
- solr课程学习系列-solr服务器配置(2)
本文是solr课程学习系列的第2个课程,对solr基础知识不是很了解的请查看solr课程学习系列-solr的概念与结构(1) 本文以windows的solr6服务器搭建为例. 一.solr的工作环境: ...
- 【转】Android布局优化之ViewStub
ViewStub是Android布局优化中一个很不错的标签/控件,直接继承自View.虽然Android开发人员基本上都听说过,但是真正用的可能不多. ViewStub可以理解成一个非常轻量级的Vie ...
- Zabbix监控Windows事件日志
1.zabbix_agentd.win文件修改: LogFile=c:\zabbix\zabbix_agentd.log Server=1.16.2.4 ServerActive=1.16.2.4 H ...
- delphi使用outputdebugstring调试程序和写系统日志
delphi使用outputdebugstring调试程序和写系统日志 procedure TForm1.btn1Click(Sender: TObject); begin OutputDebugSt ...
- velocity 显示List和Map方法
一.遍历个map类型 1.先看后台java程序Java代码 Map<String,String> paramValues=new HashMap<String, String ...
- JavaScript-求时间差
var date1=new Date(); //开始时间 alert("aa"); var date2=new Date(); //结束时间 var date3=date2.get ...
- 40页PPT勾画“互联网颠覆性思维”----诠释互联网思维
本文PPT内容涉及移动互联网的三个分支——移动电商.在线教育和新媒体. 不同领域一直是可以相互借鉴.相互渗透.相互学习的,在盈利模式和思维方式上有很多是共通的.
- golang全文搜索--使用sphinx
不多废话,测试环境 `ubuntu 13.10` ## 安装 sudo apt-get install sphinxsearch ## 配置 nano /etc/sphinxsearch/sphinx ...
- 火狐 SSL 收到了一个弱临时 Diffie-Hellman 密钥的解决办法
连接 https网址 时发生错误. 在服务器密钥交换握手信息中 SSL 收到了一个弱临时 Diffie-Hellman 密钥. (错误码: ssl_error_weak_server_ephemera ...
- ORACLE 10g 64位下载地址
http://download.oracle.com/otn/nt/oracle10g/10201/102010_win64_x64_database.zip http://download.orac ...