Home >Backend Development >PHP Tutorial >Related management analysis of MySQL database account authorization (1)_PHP tutorial
MySQL administrators should know how to set up MySQL user accounts, indicate which users can connect to the server, where to connect from, and what they can do after connecting. MySQL 3.22.11 began to introduce two statements to make this job easier: the GRANT statement creates a MySQL user and specifies its permissions, and the REVOKE statement removes permissions. Two statements act as a front-end to the MySQL database and provide an alternative to directly manipulating the contents of these tables. The CREATE and REVOKE statements affect 4 tables: Authorization table
Contents
user Users who can connect to the server and any global permissions they have
db Database-level permissions
tables_priv Table-level permissions
columns_priv Column-level permissions
There is also a fifth authorization table (host), but it is not affected by GRANT and REVOKE.
When you issue a GRANT statement to a user, a record is created for that user in the user table. If the statement specifies any global permissions (administrative permissions or permissions that apply to all databases), these are also recorded in the user table. If you specify database, table, and column-level permissions, they are recorded in the db, tables_priv, and columns_priv tables respectively.
Using GRANT and REVOKE is easier than modifying the authorization table directly. However, it is recommended that you read the "MySQL Security Guide". These tables are extremely important, and as an administrator, you should understand how they go beyond the functional level of GRANT and REVOKE statements.
In the following chapters, we will introduce how to set up a MySQL user account and authorize it. We also cover how to revoke authority and remove users from the authorization table.
You may also want to consider using the mysqlAccess and mysql_setpermission scripts, which are part of the MySQL distribution. They are Perl scripts that provide an alternative to the GRANT statement for setting user accounts. mysql_setpermission requires DBI support to be installed.
1. Create a user and authorize
The syntax of the GRANT statement looks like this:
GRANT privileges (columns) ON what TO user IDENTIFIED BY "password" WITH GRANT OPTION
To use this statement, you need to fill in the following sections:
privileges
Privileges granted to the user, the following table lists the privileges available for the GRANT statement Permission specifier:
Permission specifier