MySQL的安全设置

Posted 2022-04-12 Weikun Xing

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了MySQL的安全设置相关的知识，希望对你有一定的参考价值。

mysql通过两个模块实现数据库资源的安全访问控制，即身份认证模块和权限验证模块。

文章目录

用户管理
权限管理
角色管理

用户管理

创建用户登录

创建用户tempuser，其口令为temp

mysql> create USER tempuser@localhost IDENTIFIED BY 'temp';

use mysql;
select * from user;

mysql -utempuser -p
Enter password: ****
Welcome to the MySQL monitor.

修改用户密码

mysql> set password for tempuser@localhost='root';

修改用户名

mysql> rename user tempuser@localhost to temp_u@localhost;

删除用户

mysql> drop user temp_u@localhost;

mysql> select * from mysql.user where user='temp_u' and host='localhost';
Empty set (0.04 sec)

权限管理

权限管理主要包括两个内容：授予权限和撤销权限

授予权限

授予MySQL字段级别权限

mysql> create user column_user@localhost identified by 'password';
Query OK, 0 rows affected (0.08 sec)

mysql> grant select(ename,sal,empno),update(sal)
    -> on table company.emp
    -> to column_user@localhost
    -> with grant option;
Query OK, 0 rows affected (0.05 sec)

重新以column_user登录

select ename,sal from company.emp;

mysql> select job,comm from company.emp;
ERROR 1143 (42000): SELECT command denied to user 'column_user'@'localhost' for column 'job' in table 'emp'

授予MySQL表级别权限

退出重新以root登录
权限授予与撤销需root用户操作

mysql> rename user column_user@localhost to test_user@localhost;
Query OK, 0 rows affected (0.06 sec)

mysql> grant alter,select,insert(empno,ename)
    -> on table company.emp
    -> to test_user@localhost;

授予MySQL存储程序级别权限

mysql> use company;
Database changed
mysql> grant execute on procedure emp_p to test_user@localhost;

mysql> call emp_p;
+---------+---------+
| v_ename | v_job   |
+---------+---------+
| SCOTT   | ANALYST |
+---------+---------+

mysql> grant alter routine,execute on function sum_fn to test_user@localhost;

mysql> select sum_fn(3);
+-----------+
| sum_fn(3) |
+-----------+
|         6 |
+-----------+

授予MySQL数据库级别权限

mysql -uroot -p

mysql> grant create,select,drop on company.* to test_user@localhost;

授予MySQL服务器管理员级别权限

mysql> grant all privileges on *.* to test_user@localhost;

撤销权限

撤销指定权限

revoke execute on procedure emp_p from test_user@localhost;

撤销所有权限

revoke all privileges,grant option from test_user@localhost;

查看权限

mysql> show grants for test_user@localhost;
+-----------------------------------------------+
| Grants for test_user@localhost                |
+-----------------------------------------------+
| GRANT USAGE ON *.* TO `test_user`@`localhost` |
+-----------------------------------------------+

角色管理

创建角色

create role 
'app'@localhost,
'ops'@localhost,
'dev_read'@localhost,
'dev_write'@localhost

use mysql;
select * from user
where host='localhost' and user in ('app','ops','dev_read','dev_write');

授予角色权限

grant select,insert,update,delete on company.* to 'app'@localhost;
grant all privileges on company.* to 'ops'@localhost;
grant select on company.* to 'dev_read'@localhost;
grant insert,update,delete on company.* to 'dev_write'@localhost;

use mysql;
select * from db
where host='localhost' and user in ('app','ops','dev_read','dev_write');

授予用户角色

grant 'app'@localhost to 'test_user'@localhost;

查看角色是否分配正确

show grants for test_user@localhost;

用户在使用角色权限前必须先激活角色

set global activate_all_roles_on_login=on;

撤销用户角色

revoke 'app'@localhost from 'test_user'@localhost;

删除角色

drop role 
'app'@localhost,
'ops'@localhost,
'dev_read'@localhost,
'dev_write'@localhost

以上是关于MySQL的安全设置的主要内容，如果未能解决你的问题，请参考以下文章