mysql权限相关

Posted aaallenn

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了mysql权限相关相关的知识,希望对你有一定的参考价值。

mysql权限相对于oracle的权限来说简单的就像1+1一样,可能是我目前学到的比较简单吧

1、创建用户并授予权限,语法结构和oracle一样

--创建用户
create user yuanqk@localhost identified by yuanqk2010 --授权,此处是将所有权限授给[email protected]用户
grant all on yuanqk_gbk.
* to yuanqk@localhost
--上面两条命令可以合成一条,效果一样 grant all on yuanqk_gbk.
* to yuanqk@localhost identified by yuanqk2010

mysql> grant all on yuanqk_gbk.* to ‘yuanqk‘@‘localhost‘ identified by ‘yuanqk2010‘;
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for [email protected];
+----------------------------------------------------------------------------+
| Grants for [email protected] |
+----------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘yuanqk‘@‘localhost‘ IDENTIFIED BY PASSWORD <secret> |
| GRANT ALL PRIVILEGES ON `yuanqk_gbk`.* TO ‘yuanqk‘@‘localhost‘ |
+----------------------------------------------------------------------------+
2 rows in set (0.00 sec)


mysql>

[[email protected] mysql]# mysql -uyuanqk -pyuanqk2010 -S /data/3306/mysql.sock   <===使用yuanqk用户登录
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 5.5.60-log MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.

mysql>
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| yuanqk_gbk |            <===只有yuanqk_gbk库的相关权限
+--------------------+
2 rows in set (0.00 sec)

mysql>

--关于@localhost,该参数应该是控制哪些客户端可以连接mysql服务器的意思吧---------
--在创建个用户[email protected]‘172.168.179.%‘,这应该表示172.168.179这个网段的地址都可以通过test1用户连接到mysql数据库中

mysql> create user [email protected]‘172.168.179.%‘ identified by ‘test‘;
Query OK, 0 rows affected (0.00 sec)


mysql>

 

--测试连接,没有问题

[[email protected] mysql]# mysql -utest -ptest -h 172.168.179.252 -S /data/3306/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 5.5.60-log MySQL Community Server (GPL)


Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.


Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.


Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.


mysql>

--还可以这样创建,但是我测试连接总是报错,无法连接,不知道是否真的可以这么设置,不过没关系,知道1种方法就够用了

mysql> create user [email protected]‘172.168.179.0/24‘ identified by ‘test1‘;
Query OK, 0 rows affected (0.00 sec)

 --测试连接,报下面的错,不知道是什么原因

[[email protected] mysql]# mysql -utest1 -ptest1 -h 172.168.179.252 -S /data/3306/mysql.sock
ERROR 1045 (28000): Access denied for user ‘test1‘@‘172.168.179.252‘ (using password: YES)

--如果想让test1可以连接到数据库,那么可以在数据库中重新创建个test1用户,但是@后面跟‘%‘,表示所有客户端都可以连接

mysql> grant all on yuanqk.* to [email protected]‘%‘ identified by ‘test1‘;
Query OK, 0 rows affected (0.00 sec)


[[email protected] mysql]# mysql -utest1 -ptest1 -h 172.168.179.252 -S /data/3306/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 24
Server version: 5.5.60-log MySQL Community Server (GPL)


Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.


Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.


Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.


mysql>

mysql> select user,host from mysql.user;
+---------+------------------+
| user | host |
+---------+------------------+
| test1 | % |                     <===但是这个时候数据库中会有两个test1用户
| root | 127.0.0.1 |
| test | 172.168.179.% |
| test1 | 172.168.179.0/24 |      <===但是这个时候数据库中会有两个test1用户
| root | ::1 |
| | localhost |
| root | localhost |
| yuanqk | localhost |
| yuanqk1 | localhost |
| | mysql |
| root | mysql |
+---------+------------------+
11 rows in set (0.00 sec)


mysql>

 

--可以考虑将[email protected]‘172.168.179.0/24‘这个用户删除掉

mysql> drop user [email protected]‘172.168.179.0/24‘;
Query OK, 0 rows affected (0.00 sec)


mysql>

--删除用户时,如果host字段对应的是主机名,且是大写的时候,好像是drop不掉的,这个时候可以用delete命令

-----------关于@localhost还可以这么配置--------------------

mysql> create user [email protected]‘172.168.179.0/255.255.255.0‘ identified by ‘test2‘;
Query OK, 0 rows affected (0.00 sec)

mysql>

[[email protected] mysql]# mysql -utest2 -ptest2 -h 172.168.179.252 -S /data/3306/mysql.sock
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 26
Server version: 5.5.60-log MySQL Community Server (GPL)

Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.

mysql>

 

-------好,继续总结权限相关的东西----------------------------

--刚才通过grant all给用户授权,这样对于用户来说可能权限过大,有很多不需要的权限,那么就可以使用revoke来回收,语法结构和oracle也是一样的。

mysql> revoke insert on yuanqk_gbk.* from [email protected];
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for [email protected];
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for [email protected] |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘yuanqk‘@‘localhost‘ IDENTIFIED BY PASSWORD ‘*7B7BAF90C18E5D56BEBC190308B11429F282F5D5‘ |
| GRANT SELECT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER ON `yuanqk_gbk`.* TO ‘yuanqk‘@‘localhost‘ |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql>

--下面就是mysql中的权限,还要加上INSERT,如果要最小化权限,那就根据实际情况,从下面的权限中挑出需要的权限,然后授予用户即可

[email protected] Desktop]# mysql -uroot -pyuanqk -S /data/3306/mysql.sock -e "show grants for [email protected]" |grep GRANT|tail -1 |tr ‘,‘ ‘\n‘
GRANT SELECT
UPDATE
DELETE
CREATE
DROP
REFERENCES
INDEX
ALTER
CREATE TEMPORARY TABLES
LOCK TABLES
EXECUTE
CREATE VIEW
SHOW VIEW
CREATE ROUTINE
ALTER ROUTINE
EVENT
TRIGGER ON `yuanqk_gbk`.* TO ‘yuanqk‘@‘localhost‘
[[email protected] Desktop]#

2、回收权限,这个上面记录过了

mysql> revoke insert on yuanqk_gbk.* from [email protected];
Query OK, 0 rows affected (0.00 sec)

3、从mysql的表中也可以看到用户拥有哪些权限

mysql> use mysql
Database changed
mysql> 
mysql> desc user;
+------------------------+-----------------------------------+------+-----+---------+-------+
| Field                  | Type                              | Null | Key | Default | Extra |
+------------------------+-----------------------------------+------+-----+---------+-------+
| Host                   | char(60)                          | NO   | PRI |         |       |
| User                   | char(16)                          | NO   | PRI |         |       |
| Password               | char(41)                          | NO   |     |         |       |
| Select_priv            | enum(N,Y)                     | NO   |     | N       |       |
| Insert_priv            | enum(N,Y)                     | NO   |     | N       |       |
| Update_priv            | enum(N,Y)                     | NO   |     | N       |       |
| Delete_priv            | enum(N,Y)                     | NO   |     | N       |       |
| Create_priv            | enum(N,Y)                     | NO   |     | N       |       |
| Drop_priv              | enum(N,Y)                     | NO   |     | N       |       |
| Reload_priv            | enum(N,Y)                     | NO   |     | N       |       |
| Shutdown_priv          | enum(N,Y)                     | NO   |     | N       |       |
| Process_priv           | enum(N,Y)                     | NO   |     | N       |       |
| File_priv              | enum(N,Y)                     | NO   |     | N       |       |
| Grant_priv             | enum(N,Y)                     | NO   |     | N       |       |
| References_priv        | enum(N,Y)                     | NO   |     | N       |       |
| Index_priv             | enum(N,Y)                     | NO   |     | N       |       |
| Alter_priv             | enum(N,Y)                     | NO   |     | N       |       |
| Show_db_priv           | enum(N,Y)                     | NO   |     | N       |       |
| Super_priv             | enum(N,Y)                     | NO   |     | N       |       |
| Create_tmp_table_priv  | enum(N,Y)                     | NO   |     | N       |       |
| Lock_tables_priv       | enum(N,Y)                     | NO   |     | N       |       |
| Execute_priv           | enum(N,Y)                     | NO   |     | N       |       |
| Repl_slave_priv        | enum(N,Y)                     | NO   |     | N       |       |
| Repl_client_priv       | enum(N,Y)                     | NO   |     | N       |       |
| Create_view_priv       | enum(N,Y)                     | NO   |     | N       |       |
| Show_view_priv         | enum(N,Y)                     | NO   |     | N       |       |
| Create_routine_priv    | enum(N,Y)                     | NO   |     | N       |       |
| Alter_routine_priv     | enum(N,Y)                     | NO   |     | N       |       |
| Create_user_priv       | enum(N,Y)                     | NO   |     | N       |       |
| Event_priv             | enum(N,Y)                     | NO   |     | N       |       |
| Trigger_priv           | enum(N,Y)                     | NO   |     | N       |       |
| Create_tablespace_priv | enum(N,Y)                     | NO   |     | N       |       |
| ssl_type               | enum(‘‘,ANY,X509,SPECIFIED) | NO   |     |         |       |
| ssl_cipher             | blob                              | NO   |     | NULL    |       |
| x509_issuer            | blob                              | NO   |     | NULL    |       |
| x509_subject           | blob                              | NO   |     | NULL    |       |
| max_questions          | int(11) unsigned                  | NO   |     | 0       |       |
| max_updates            | int(11) unsigned                  | NO   |     | 0       |       |
| max_connections        | int(11) unsigned                  | NO   |     | 0       |       |
| max_user_connections   | int(11) unsigned                  | NO   |     | 0       |       |
| plugin                 | char(64)                          | YES  |     |         |       |
| authentication_string  | text                              | YES  |     | NULL    |       |
+------------------------+-----------------------------------+------+-----+---------+-------+
42 rows in set (0.00 sec)

mysql> 

 
































































































以上是关于mysql权限相关的主要内容,如果未能解决你的问题,请参考以下文章

mysql权限相关

mysql 5.7中的用户权限分配相关解读!

flush privileges刷新MySQL的系统权限相关表

mysql 用户 登陆 权限相关

说说MySQL权限

部分代码片段