MySQL中,用户是如何定义的?
用户名@主机域才是一个用户
root@'10.0.0.5%' 包含:50~59 单独 5
root@'10.0.0.%'
root@'10.0.%'
root@'10.%'
root@'%'
root@'10.0.0.0/255.255.255.0'
#root@'10.0.0.0/24' 不可以1.创建用户并赋予密码
#create user username@'主机域'
mysql> create user qls3@'localhost' identified by '123';
2.授权
mysql> grant select on *.* to qls2@'%';
#5.6
grant 一个不存在的用户,并给权限和密码
grant all on *.* to root@'%' identified by '123';
#5.7需要先创建用户
create user
grant不可以授权一个不存在的用户1.drop删除用户,drop是sql语句
drop user
mysql> drop user qls2@'%'; = #userdel zls
2.delete是删除表中的数据
mysql> delete from mysql.user; = #> /etc/passwd1.1 mysqladmin
[root@db01 ~]# mysqladmin -uroot -p1 password '123' 1.2 update(不需要知道原来的密码)
#进入mysql库user表中修改
password password('1')是调用的函数并加密
where是条件,不加所有用户都改成1了
mysql> update mysql.user set password=password('1') where user='root' and host='localhost';
#flush生效(慎用)
mysql> flush privileges; 1.3 set(修改当前登录的密码)
mysql> set password=password('1'); 1.4 grant(修改密码也可授予权限)
mysql> grant all on *.* to root@'localhost' identified by '123'; INSERT,SELECT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE 切记不要随便给all权限,delete也不用给,后面会讲到用updata做伪删除
#grant命令给用户权限
grant select,insert,update,delete on *.* to dev1@'%' identified by '123';
??
所有权限(grant) mysql.表(作用对象) 用户名@'主机域' 密码:123
grant all on *.* to root1@'%' identified by '123';
grant all privileges on *.* to root2@'%' identified by '123';
注意:all和all privileges 一个权限
#查看dev1@%用户的权限?
mysql> show grants for dev1@'%';#dev1@'%'用户有增删改查权限
mysql> show grants for dev1@'%';
+------------------------------------------------------------------------------------------------------------------------------+
| Grants for dev1@% |
+------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO 'dev1'@'%' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257' |
+------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.01 sec)
#回收查询权限
mysql> revoke select on *.* from dev1@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for dev1@'%';
+----------------------------------------------------------------------------------------------------------------------+
| Grants for dev1@% |
+----------------------------------------------------------------------------------------------------------------------+
| GRANT INSERT, UPDATE, DELETE ON *.* TO 'dev1'@'%' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257' |
+----------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)*.* [当前MySQL实 例中所有库下的所有表]
wordpress.* [当前MySQL实例中wordpress库中所有表(单库级别)]
wordpress.user [当前MySQL实例中wordpress库中的user表(单表级别)]
举例:给dev1@10.0.0.%用户在mysql库user表只开启一个查询权限
grant select on mysql.user to dev1@'10.0.0.%' identified by '123';思考:是否能只开一个库中某表下的某字段的权限??企业中经常用到的脱敏来举例。
4:脱敏
脱离敏感信息(敏感数据)用户的:身份证,手机,QQ,微信
单列级别:
mysql> select user,host,password from mysql.user;
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| root | db01 | |
| root | 127.0.0.1 | |
| root | ::1 | |
| | localhost | |
| | db01 | |
+------+-----------+-------------------------------------------+
#创建一个账户只给mysql.user表下user,host列查看权限,不允许查看password权限
grant select(user,host) on mysql.user to no_vip@'localhost' identified by '123';
测试:
#使用no_vip用户登录mysql,查看数据库
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.01 sec)
#查看user表下的user和host字段
mysql> select user,host from mysql.user;
+--------+-----------+
| user | host |
+--------+-----------+
| root | 127.0.0.1 |
| root | ::1 |
| | db01 |
| root | db01 |
| | localhost |
| no_vip | localhost |
| root | localhost |
+--------+-----------+
7 rows in set (0.00 sec)
#查看password字段
mysql> select password from mysql.user;
ERROR 1143 (42000): SELECT command denied to user 'no_vip'@'localhost' for column 'password' in table 'user'用户基础信息表, 用户敏感信息表
id name gender age id name shenfenzheng phone qq wechat 5:如果开发谁,给我开一个用户?
1.你要什么权限?
2.哪个库?哪个表?
3.用户名 密码 有没有要求?
4.你要在哪连接?
5.发邮件
思考以下场景:
开发:你把root用户给我呗?
你:千万不要给root权限,如果运维老大要让你给,你要跟老大讲清楚利害性,如果还是坚持,那么将用户邮件给老大,至于给与不给在老大手里。锅不能自己背。
因为万一库被删了,运维是第一责任人。
案例:
#创建wordpress数据库
create database wordpress;
#使用wordpress库
use wordpress;
#创建t1、t2表
create table t1 (id int);
create table t2 (id int);
mysql> show tables from wordpress;
+---------------------+
| Tables_in_wordpress |
+---------------------+
| t1 |
| t2 |
+---------------------+
#创建blog库
create database blog;
#使用blog库
use blog;
#创建t1表
create table tb1 (id int);
mysql> show tables from blog;
+----------------+
| Tables_in_blog |
+----------------+
| tb1 |
+----------------+
1、grant select on *.* to wordpress@’10.0.0.5%’ identified by ‘123’;
#给wordpress@'10.0.0.5%'用户针对所有库下的所有表 查询 权限 ,密码是 123
2、grant insert,delete,update on wordpress.* to wordpress@’10.0.0.5%’ identified by ‘123’;
#给wordpress@'10.0.0.5%'用户针对wordpress库下的所有表,插入,删除,修改权限,密码是123
3、grant all on wordpress.t1 to wordpress@’10.0.0.5%’ identified by ‘123’;
#给wordpress@'10.0.0.5%'用户针对wordpress库下的t1表所有权限,密码是 123问: 一个客户端程序使用wordpress用户登陆到10.0.0.51的MySQL后,
1、对t1表的管理能力? 1+2+3
2、对t2表的管理能力?1+2
3、对tb1表的管理能力?1
总结:
1.如果在不同级别都包含某个表的管理能力时,权限是相加关系。
2.我们不推荐,重复定义权限
3.企业中,一般使用,单库级别定义 wordpress.*
mysql
[root@db01 ~]# mysql -uroot -p123 -e "show variables like 'server_id'"
Warning: Using a password on the command line interface can be insecure.
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| server_id | 0 |
+---------------+-------+原文:https://www.cnblogs.com/captain-jiang/p/12067732.html