MySQL用户和权限管理
2020-03-27 本文已影响0人
Simon_Ye
元数据数据库:mysql
系统授权表:
db,host,user
columns_priv,tables_priv,procs_priv,proxies_priv
用户账号:
'USERNAME'@'HOST'
- @'HOST':
主机名;
IP地址 或 Network;
通配符:
%,_:172.16.%.%
用户管理:CREATE USER
CREATE USER 'USER'@'HOST' [IDENTIFIED BY 'password'];
默认权限:USAGE
用户重命名:RENAME USER
RENAME USER old_user_name TO new_user_name;
删除用户:
DROP USER 'USERNAME'@'HOST';
- 示例:删除默认的空用户
DROP USER ''@'localhost';
修改密码:
- 方法1:
SET PASSWORD FOR 'user'@'host' = PASSWORD('password'); - 方法2:
UPDATE mysql.user SET password = PASSWORD('your_password') WHERE clause;
此方法需要执行FLUSH PRIVILEGES;指令才能生效 - 方法3:mysqladmin -u root -poldpass password 'newpass'
忘记管理员密码的解决办法:
- 启动 mysqld 进程时,为其使用如下选项:
--skip-grant-tables --skip-networking - 使用 UPDATE 命令修改管理员密码
- 关闭 mysqld 进程,移除上述两个选项,重启 mysqld
权限管理
权限类别
- 数据库级别
- 标级别
- 字段级别
- 管理类
- 程序类
管理类:
CREATE TEMPORARY TABLES
CREATE USER
FILE
SUPER
SHOW DATABASES
RELOAD
SHUTDOWN
REPLICATION SLAVE
REPLICATION CLIENT
LOCK TABLES
PROCESS
程序类:FUNCTION、PROCEDURE、TRIGGER
CREATE
ALTER
DROP
EXCUTE
库和表级别:DATABASE、TABLE
ALTER
CREATE
CREATE VIEW
DROP
INDEX
SHOW VIEW
GRANT OPTION:能将自己获得的权限转增给其他用户
数据操作:
SELECT
INSERT
DELETE
UPDATE
字段级别:
SELECT(col1,col2,...)
UPDATE(col1,col2,...)
INSERT(col1,col2,...)
所有权限:
ALL PRIVILEGES 或 ALL
授权
参考:https://dev.mysql.com/doc/refman/5.7/en/grant.html
授予权限
格式:
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
[WITH with_option ...]
GRANT PROXY ON user_specification
TO user_specification [, user_specification] ...
[WITH GRANT OPTION]
object_type:
TABLE
| FUNCTION
| PROCEDURE
priv_level:
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
| db_name.routine_name
user_specification:
user
[
IDENTIFIED BY [PASSWORD] 'password'
| IDENTIFIED WITH auth_plugin [AS 'auth_string']
]
ssl_option:
SSL
| X509
| CIPHER 'cipher'
| ISSUER 'issuer'
| SUBJECT 'subject'
with_option:
GRANT OPTION
| MAX_QUERIES_PER_HOUR count
| MAX_UPDATES_PER_HOUR count
| MAX_CONNECTIONS_PER_HOUR count
| MAX_USER_CONNECTIONS count
示例:
GRANT SELECT(col1,col2),INSERT(col1,col2) ON mydb.mytbl TO 'someusser'@'somehost';
回收权限:
格式:
REVOKE
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
FROM user [, user] ...
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...
REVOKE PROXY ON user
FROM user [, user] ...
示例:
REVOKE DELETE ON testdb.* FROM 'testuser'@'%';
查看指定用户获得的授权:
help SHOW GRANTS
SHOW GRANTS FOR 'user'@'host';
SHOW GRANTS FOR CURRENT_USER[()];
注意:
MariaDB服务进程启动时会读取mysql库中所有授权表至内存
- GRANT 或 REVOKE 等执行权限操作会保存于系统表中,MariaDB 的服务进程通常会自动重读授权表,使之生效
- 对于不能够或不能及时重读授权表的命令,可手动让MariaDB的服务进程重读授权表:
mysql> FLUSH PRIVILEGES;
