Mysql learning permission management graphic code example
- 黄舟Original
- 2017-03-04 15:00:121144browse
The meaning of database permissions:
In order to ensure that the business data in the database is not illegally stolen by unauthorized users, various restrictions need to be imposed on the visitors to the database. The main database security control measures include the following Three types. The first type of user identity authentication can use passwords, magnetic cards, fingerprints and other technologies. Only people with legal identities can enter the database. The second type of access permission control. Different roles have different access permissions to the database. The database objects and permissions they access must be set for each role. The third type is to formulate a management system for database management. The system ultimately restricts people's behavior. By formulating corresponding rules and regulations, it can ensure that the data is operated appropriately by the right people at the right time.
mysql's check of user permissions is divided into two stages
1. Whether it can establish a link with the mysql server
2. Whether it has certain operation permissions (such as: select update, etc.)
1. Establish a link with the mysql server
How does the mysql server verify whether the user can establish a link
1. Verify where you are from Come to host
2, who are you user
3, password password
How to connect to mysql: C:\Users\PC003>mysql -h192.168.6.223 - uroot -pjalja
Parameter explanation: -h: Where to establish the link from
-u:user
-p:Password
mysql> select user,host,password from user; +------+-----------+-------------------------------------------+ | user | host | password | +------+-----------+-------------------------------------------+ | root | localhost | *CFAFE434FB0E5D64538901E668E1EACD077A54DF | | root | % | *CFAFE434FB0E5D64538901E668E1EACD077A54DF | +------+-----------+-------------------------------------------+
host= localhost means that the default host can be used for linking (C:\Users\PC003>mysql -uroot -pjalja, C:\Users\PC003>mysql -hlocalhost -uroot -pjalja, C:\Users\PC003>mysql -h127.0.0. 1 -uroot -pjalja)
host=% means that the server can establish links with all hosts in a local area network (public network) where it is located. This method is not safe in a production environment.
host=192.168. 6.224 means that the server can only establish a link with the 192.168.6.224 host C:\Users\PC003>mysql -h192.168.6.223 -uroot -pjalja
How to modify the host:
mysql> update user set host='192.168.6.223' where user ='root'
mysql> flush privileges;Refresh privileges (because the modified data is in memory and needs to be refreshed every time a user permissions-related operation is performed)
Change password:
mysql> update user set password=password('111111') where user='root'; mysql> flush privileges;
2. How to check permissions in mysql
There is a mysql library in mysql. The user table under the library checks whether the user exists, and the db table checks what rights the user has. What operating permissions does the library have? The tables_priv table checks what operating permissions the user has on those tables.
Create user and authorize:
grant [Permission 1, Permission 2] on *.* to user@'host' identfied by 'password';
Common permissions: all, create, drop, insert, delete, update, select
For example: grant the ls user all permissions to all databases and all tables and can log in from any host in this LAN segment.
mysql> grant all on *.* to 'ls'@'192.168.6.%' identified by '111111';
Use this user to log in: C:\Users\PC003> mysql -h192.168.6.223 -uls -p111111;
Check the specific permissions of the ls user:
mysql> select * from mysql.user where user='ls' \G;
*************************** 1. row ***************************
Host: 192.168.6.%
User: ls
Password: *FD571203974BA9AFE270FE62151AE967ECA5E0AA
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: Y
Shutdown_priv: Y
Process_priv: Y
File_priv: Y
Grant_priv: N
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: Y
Super_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Execute_priv: Y
Repl_slave_priv: Y
Repl_client_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Create_user_priv: Y
Event_priv: Y
Trigger_priv: Y
Create_tablespace_priv: Y
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin:
authentication_string: NULLPermission recovery: revoke all permissions from ls
mysql> revoke all on *.* from ls@'192.168.6.%';
Authorize permissions for a certain library:
mysql> select * from mysql.db where user='ls' \G;
*************************** 1. row ***************************
Host: 192.168.6.%
Db: blog
User: ls
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Grant_priv: N
References_priv: Y
Index_priv: Y
Alter_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Execute_priv: Y
Event_priv: Y
Trigger_priv: Y
Recover all permissions of the ls user and grant permissions to a certain table: Grant the ls user crud permissions of the user table in the blog library
mysql> revoke all on *.* from ls@'192.168.6.%'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> grant insert,update,select,delete on blog.user to ls@'192.168.6.%'; Query OK, 0 rows affected (0.00 sec) mysql> flush privileges; Query OK, 0 rows affected (0.00 sec)In this way, the ls user does not have permissions at the db level. At this time, the permissions check at the tables_priv level will be performed:
mysql> select * from mysql.tables_priv where user='ls' \G;
*************************** 1. row ***************************
Host: 192.168.6.%
Db: blog User: ls
Table_name: user
Grantor: root@localhost
Timestamp: 2017-02-09 14:35:38
Table_priv: Select,Insert,Update,DeleteColumn_priv:1 row in set (0.00 sec)
mysql permission control Process:
