Detailed explanation of permission management in mysql learning-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

Detailed explanation of permission management in mysql learning

迷茫

Mar 26, 2017 pm 01:24 PM

The meaning of database permissions:

In order to ensure that the business data in the database is not illegally stolen by unauthorized users, various restrictions need to be imposed on the visitors to the database, and Database Security There are three main types of security control measures. The first is user identity authentication, which can be password, magnetic card, fingerprint and other technologies. Only people with legal identities can enter the database. The second type of access permission control. Different roles have different access permissions to the database. The database object and permissions they access must be set for each role. The third type is to formulate a management system for database management. The system ultimately restrictspeople'sbehavior. By formulating corresponding rules and regulations, it can ensure that the data is processed by the right people at the right time. Proper operation.

mysqlThe check of user permissions is divided into two stages

1. Whether a link can be established with the mysql server

2. Whether there are certain Operation permissions (such as: select update, etc.)

1. Establish a link with the mysql server

How does the mysql server verify whether the user can establish Link

1. Verify where you come from host

2. Who are you user

3. Password password

How to link to mysql: C:\Users\PC003>mysql -h192.168.6.223 -uroot -pjalja

Parameter explanation: -h: Where to establish the link

　　-u： user

　　 -p：Password

mysql> select user,host,password from user;
+------+-----------+-------------------------------------------+
| user | host      | password                                  |
+------+-----------+-------------------------------------------+
| root | localhost | *CFAFE434FB0E5D64538901E668E1EACD077A54DF |
| root | %         | *CFAFE434FB0E5D64538901E668E1EACD077A54DF |
+------+-----------+-------------------------------------------+

host=localhost indicates that the default host can be used for linking (C:\Users\PC003>mysql -uroot -pjalja, C:\Users\PC003>mysql -hlocalhost -uroot -pjalja, C:\Users\PC003>mysql -h127.0.0.1 -uroot -pjalja)

host=% means that the server can be connected to the same local area network (public network) where it is located ). This method is not safe in a production environment.

host=192.168.6.224 means that the server can only establish links with the 192.168.6.224 host C:\Users\PC003>mysql -h192. 168.6.223 -uroot -pjalja

How to modify host:

mysql> update user set host=&#39;192.168.6.223&#39; where user =&#39;root&#39;

mysql> flush privileges; refresh permissions (because the modified data is in memory each time the user operates Permission-related operations must be refreshed)

Change password:

mysql> update user set password=password(&#39;111111&#39;) where user=&#39;root&#39;;
mysql> flush privileges;

2. How to check permissions in mysql

mysql There is a mysql library in the library. The user table under the library checks whether the user exists, the db table checks what operating permissions the user has on which libraries, and the tables_priv table checks what operating permissions the user has on those tables.

Create user and authorize:

grant [Permission 1, Permission 2] on *.* to user@'host' identfied by 'password';

Common permissions: all, create, drop, insert, delete, update, select

For example: grant the ls user all permissions to all databases and all tables and can log in from any host in this LAN segment.

mysql> grant all on *.* to &#39;ls&#39;@&#39;192.168.6.%&#39; identified by &#39;111111&#39;;

Use this user to log in: C:\Users\PC003>mysql -h192.168.6.223 -uls -p111111;

View the specific permissions of the ls user:

mysql> select * from  mysql.user where user=&#39;ls&#39; \G;
*************************** 1. row ***************************
                  Host: 192.168.6.%
                  User: ls
              Password: *FD571203974BA9AFE270FE62151AE967ECA5E0AA
           Select_priv: Y
           Insert_priv: Y
           Update_priv: Y
           Delete_priv: Y
           Create_priv: Y
             Drop_priv: Y
           Reload_priv: Y
         Shutdown_priv: Y
          Process_priv: Y
             File_priv: Y
            Grant_priv: N
       References_priv: Y
            Index_priv: Y
            Alter_priv: Y
          Show_db_priv: Y
            Super_priv: Y
 Create_tmp_table_priv: Y
      Lock_tables_priv: Y
          Execute_priv: Y
       Repl_slave_priv: Y
      Repl_client_priv: Y
      Create_view_priv: Y
        Show_view_priv: Y
   Create_routine_priv: Y
    Alter_routine_priv: Y
      Create_user_priv: Y
            Event_priv: Y
          Trigger_priv: Y
Create_tablespace_priv: Y
              ssl_type:
            ssl_cipher:
           x509_issuer:
          x509_subject:
         max_questions: 0
           max_updates: 0
       max_connections: 0
  max_user_connections: 0
                plugin:
 authentication_string: NULL

Permission recovery: revoke all permissions of ls

mysql> revoke all on *.* from ls@'192.168.6.%';

Authorize someone Library permissions:

mysql> grant all on blog.* to ls@'192.168.6.%'; Grant the ls user all permissions to the blog database.

In this way, the ls user has no permissions in the user table. At this time, a db-level permission check will be performed.

mysql> select * from  mysql.db where user=&#39;ls&#39; 
\G;*************************** 1. row ***************************
                 Host: 192.168.6.%
                   Db: blog                 
                   User: ls
          Select_priv: Y
          Insert_priv: Y
          Update_priv: Y
          Delete_priv: Y
          Create_priv: Y
            Drop_priv: Y
           Grant_priv: N
      References_priv: Y
           Index_priv: Y
           Alter_priv: Y
Create_tmp_table_priv: Y
     Lock_tables_priv: Y
     Create_view_priv: Y
       Show_view_priv: Y
  Create_routine_priv: Y
   Alter_routine_priv: Y
         Execute_priv: Y
           Event_priv: Y
         Trigger_priv: Y

Recover all permissions of the ls user and grant permissions to a certain table: Grant the ls user crud permissions of the user table in the blog library

mysql> revoke all on *.* from ls@&#39;192.168.6.%&#39;;
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> grant insert,update,select,delete on blog.user to ls@&#39;192.168.6.%&#39;;
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

In this way, the ls user does not have permissions at the db level. At this time, the permissions check at the tables_priv level will be performed:

mysql> select * from  mysql.tables_priv where user=&#39;ls&#39; 
\G;*************************** 1. row ***************************
       Host: 192.168.6.%
         Db: blog       
         User: ls
 Table_name: user
    Grantor: root@localhost
  Timestamp: 2017-02-09 14:35:38
 Table_priv: Select,Insert,Update,DeleteColumn_priv:1 row in set (0.00 sec)

mysql permission control Process:

#Note: MySQL's permission check can be accurate to a certain column of data.

The above is the detailed content of Detailed explanation of permission management in mysql learning. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

How does MySQL differ from SQLite?Apr 24, 2025 am 12:12 AM

The main difference between MySQL and SQLite is the design concept and usage scenarios: 1. MySQL is suitable for large applications and enterprise-level solutions, supporting high performance and high concurrency; 2. SQLite is suitable for mobile applications and desktop software, lightweight and easy to embed.

What are indexes in MySQL, and how do they improve performance?Apr 24, 2025 am 12:09 AM

Indexes in MySQL are an ordered structure of one or more columns in a database table, used to speed up data retrieval. 1) Indexes improve query speed by reducing the amount of scanned data. 2) B-Tree index uses a balanced tree structure, which is suitable for range query and sorting. 3) Use CREATEINDEX statements to create indexes, such as CREATEINDEXidx_customer_idONorders(customer_id). 4) Composite indexes can optimize multi-column queries, such as CREATEINDEXidx_customer_orderONorders(customer_id,order_date). 5) Use EXPLAIN to analyze query plans and avoid

Explain how to use transactions in MySQL to ensure data consistency.Apr 24, 2025 am 12:09 AM

Using transactions in MySQL ensures data consistency. 1) Start the transaction through STARTTRANSACTION, and then execute SQL operations and submit it with COMMIT or ROLLBACK. 2) Use SAVEPOINT to set a save point to allow partial rollback. 3) Performance optimization suggestions include shortening transaction time, avoiding large-scale queries and using isolation levels reasonably.

In what scenarios might you choose PostgreSQL over MySQL?Apr 24, 2025 am 12:07 AM

Scenarios where PostgreSQL is chosen instead of MySQL include: 1) complex queries and advanced SQL functions, 2) strict data integrity and ACID compliance, 3) advanced spatial functions are required, and 4) high performance is required when processing large data sets. PostgreSQL performs well in these aspects and is suitable for projects that require complex data processing and high data integrity.

How can you secure a MySQL database?Apr 24, 2025 am 12:04 AM

The security of MySQL database can be achieved through the following measures: 1. User permission management: Strictly control access rights through CREATEUSER and GRANT commands. 2. Encrypted transmission: Configure SSL/TLS to ensure data transmission security. 3. Database backup and recovery: Use mysqldump or mysqlpump to regularly backup data. 4. Advanced security policy: Use a firewall to restrict access and enable audit logging operations. 5. Performance optimization and best practices: Take into account both safety and performance through indexing and query optimization and regular maintenance.

What are some tools you can use to monitor MySQL performance?Apr 23, 2025 am 12:21 AM

How to effectively monitor MySQL performance? Use tools such as mysqladmin, SHOWGLOBALSTATUS, PerconaMonitoring and Management (PMM), and MySQL EnterpriseMonitor. 1. Use mysqladmin to view the number of connections. 2. Use SHOWGLOBALSTATUS to view the query number. 3.PMM provides detailed performance data and graphical interface. 4.MySQLEnterpriseMonitor provides rich monitoring functions and alarm mechanisms.

How does MySQL differ from SQL Server?Apr 23, 2025 am 12:20 AM

The difference between MySQL and SQLServer is: 1) MySQL is open source and suitable for web and embedded systems, 2) SQLServer is a commercial product of Microsoft and is suitable for enterprise-level applications. There are significant differences between the two in storage engine, performance optimization and application scenarios. When choosing, you need to consider project size and future scalability.

In what scenarios might you choose SQL Server over MySQL?Apr 23, 2025 am 12:20 AM

In enterprise-level application scenarios that require high availability, advanced security and good integration, SQLServer should be chosen instead of MySQL. 1) SQLServer provides enterprise-level features such as high availability and advanced security. 2) It is closely integrated with Microsoft ecosystems such as VisualStudio and PowerBI. 3) SQLServer performs excellent in performance optimization and supports memory-optimized tables and column storage indexes.

See all articles