MySQL服务器通过MySQL权限表来控制用户对数据库的访问,MySQL权限表存放在mysql数据库里,由mysql_install_db脚本初始化。这些MySQL权限表分别user,db,table_priv,columns_priv和host。下面分别介绍一下这些表的结构和内容:
user权限表:记录允许连接到服务器的用户帐号信息,里面的权限是全局级的。
db权限表:记录各个帐号在各个数据库上的操作权限。
table_priv权限表:记录数据表级的操作权限。
columns_priv权限表:记录数据列级的操作权限。
host权限表:配合db权限表对给定主机上数据库级操作权限作更细致的控制。这个权限表不受GRANT和REVOKE语句的影响。
案例分析:
一、创建用户并授权(root用户)
[root@mysrv ~]# mysql -u root -poracle
mysql> select version()\g
+-------------------------------------------+
| version() |
+-------------------------------------------+
| 5.6.25-enterprise-commercial-advanced-log |
+-------------------------------------------+
1 row in set (0.00 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| prod |
| test |
+--------------------+
5 rows in set (0.01 sec)
1、建立tom用户并授权(特权管理用户)
mysql> grant all on prod.* to 'tom'@'%' identified by 'tom' with grant option;
Query OK, 0 rows affected (0.00 sec)
查看用户创建是否成功:
mysql> select user,host from user ;
+-------+-----------+ | user | host | +-------+-----------+ | tom | % | | root | 127.0.0.1 | | root | ::1 | | | localhost | | root | localhost | | scott | localhost | | | mysrv | | root | mysrv | +-------+-----------+ 8 rows in set (0.00 sec)查看tom用户的授权:
mysql> show grants for tom;
+----------------------------------------------------------------------------------------------------+
| Grants for tom@% |
+----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tom'@'%' IDENTIFIED BY PASSWORD '*71FF744436C7EA1B954F6276121DB5D2BF68FC07' |
| GRANT ALL PRIVILEGES ON `prod`.* TO 'tom'@'%' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------+
GRANT 语法:
GRANT privileges (columns)
ON what
TO user IDENTIFIED BY "password"
WITH GRANT OPTION
权限列表:
ALTER: 修改表和索引。
CREATE: 创建数据库和表。
DELETE: 删除表中已有的记录。
DROP: 抛弃(删除)数据库和表。
INDEX: 创建或抛弃索引。
INSERT: 向表中插入新行。
REFERENCE: 未用。
SELECT: 检索表中的记录。
UPDATE: 修改现存表记录。
FILE: 读或写服务器上的文件。
PROCESS: 查看服务器中执行的线程信息或杀死线程。
RELOAD: 重载授权表或清空日志、主机缓存或表缓存。
SHUTDOWN: 关闭服务器。
ALL: 所有权限,ALL PRIVILEGES同义词。
USAGE: 特殊的 "无权限" 权限。
用 户账户包括 "username" 和 "host" 两部分,后者表示该用户被允许从何地接入。tom@'%' 表示任何地址,默认可以省略。还可以是 "tom@192.168.1.%"、"tom@%.abc.com" 等。数据库格式为 db@table,可以是 "test.*" 或 "*.*",前者表示 test 数据库的所有表,后者表示所有数据库的所有表。
子句 "WITH GRANT OPTION" 表示该用户可以为其他用户分配权限。
2、我们用 root 再创建几个用户,然后由 test 数据库的管理员tom为他们分配权限。
mysql> create user 'tom1' identified by 'tom1' ,'tom2' identified by 'tom2';
Query OK, 0 rows affected (0.00 sec)
mysql> select user,host from user ;
+-------+-----------+ | user | host | +-------+-----------+ | tom | % | | tom1 | % | | tom2 | % | | root | 127.0.0.1 | | root | ::1 | | | localhost | | root | localhost | | scott | localhost | | | mysrv | | root | mysrv | +-------+-----------+ 10 rows in set (0.00 sec)root用户退出,tom登陆,并授权用户访问prod库
[root@mysrv ~]# mysql -u tom -ptom
ERROR 1045 (28000): Access denied for user 'tom'@'localhost' (using password: YES)
tom用户竟不能登陆!!!
再对tom用户授权:
mysql> grant all on prod.* to 'tom'@'localhost' identified by 'tom' with grant option;;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for tom;
+----------------------------------------------------------------------------------------------------+
| Grants for tom@% |
+----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tom'@'%' IDENTIFIED BY PASSWORD '*71FF744436C7EA1B954F6276121DB5D2BF68FC07' |
| GRANT ALL PRIVILEGES ON `prod`.* TO 'tom'@'%' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> use mysql;
Database changed
mysql> select user,host from user ;
+-------+-----------+ | user | host | +-------+-----------+ | tom | % | | tom1 | % | | tom2 | % | | root | 127.0.0.1 | | root | ::1 | | | localhost | | root | localhost | | scott | localhost | | tom | localhost | | | mysrv | | root | mysrv | +-------+-----------+ 11 rows in set (0.00 sec)tom登陆:
[root@mysrv ~]# mysql -u tom -ptom prod
mysql> select database();
+------------+
| database() |
+------------+
| prod |
+------------+
1 row in set (0.01 sec)
mysql> select current_user();
+----------------+
| current_user() |
+----------------+
| tom@localhost |
+----------------+
1 row in set (0.00 sec)
创建表:
mysql> show tables;
+----------------+
| Tables_in_prod |
+----------------+
| t1 |
+----------------+
1 row in set (0.00 sec)
mysql> create table t2 as select * from t1;
Query OK, 3 rows affected (0.15 sec)
Records: 3 Duplicates: 0 Warnings: 0
查看表信息:
mysql> desc t2;
+-------+-------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+-------+
| id | int(11) | YES | | NULL | |
| name | varchar(10) | YES | | NULL | |
+-------+-------------+------+-----+---------+-------+
2 rows in set (0.01 sec)
mysql> show create table t2;
+-------+---------------------------------------------------------------------------------------------------------------------------+
| Table | Create Table |
+-------+---------------------------------------------------------------------------------------------------------------------------+
| t2 | CREATE TABLE `t2` (
`id` int(11) DEFAULT NULL,
`name` varchar(10) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1 |
+-------+---------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.01 sec)
mysql> show create table t2\G;
*************************** 1. row ***************************
Table: t2
Create Table: CREATE TABLE `t2` (
`id` int(11) DEFAULT NULL,
`name` varchar(10) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1
1 row in set (0.00 sec)
mysql> select * from t2;
+------+-------+
| id | name |
+------+-------+
| 10 | tom |
| 20 | jerry |
| 30 | rose |
+------+-------+
3 rows in set (0.00 sec)
3、tom用户为tom1,tom2授权
mysql> grant select on prod.* to tom1;
Query OK, 0 rows affected (0.00 sec)
mysql> grant select on prod.* to tom2;
Query OK, 0 rows affected (0.02 sec)
mysql> grant insert,update on prod.* to tom2;
Query OK, 0 rows affected (0.00 sec)
tom2登陆(从远程登陆):
C:\Users\Administrator>mysql -h 192.168.8.240 -utom2 -ptom2
mysql> select database();
+------------+
| database() |
+------------+
| NULL |
+------------+
1 row in set (0.00 sec)
mysql> use prod;
Database changed
mysql> select database();
+------------+
| database() |
+------------+
| prod |
+------------+
1 row in set (0.00 sec)
mysql> select current_user();
+----------------+
| current_user() |
+----------------+
| tom2@% |
+----------------+
1 row in set (0.00 sec)
mysql> show grants for tom2;
+------------------------------------------------------------------+
| Grants for tom2@% |
+------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tom2'@'%' IDENTIFIED BY PASSWORD
| GRANT SELECT, INSERT, UPDATE ON `prod`.* TO 'tom2'@'%' |
+------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show tables;
+----------------+
| Tables_in_prod |
+----------------+
| t1 |
| t2 |
+----------------+
2 rows in set (0.00 sec)
mysql> select * from t1;
+------+-------+
| id | name |
+------+-------+
| 10 | tom |
| 20 | jerry |
| 30 | rose |
+------+-------+
3 rows in set (0.00 sec)
mysql> select * from t2;
+------+-------+
| id | name |
+------+-------+
| 10 | tom |
| 20 | jerry |
| 30 | rose |
+------+-------+
3 rows in set (0.00 sec)
mysql> insert into t1 values (40,'john');
Query OK, 1 row affected (0.00 sec)
mysql> commit;
Query OK, 0 rows affected (0.09 sec)
mysql> select * from t1;
+------+-------+
| id | name |
+------+-------+
| 10 | tom |
| 20 | jerry |
| 30 | rose |
| 40 | john |
+------+-------+
4 rows in set (0.00 sec)
mysql> update t1 set name='ellen' where id=40;
Query OK, 1 row affected (0.01 sec)
Rows matched: 1 Changed: 1 Warnings: 0
mysql> select * from t1;
+------+-------+
| id | name |
+------+-------+
| 10 | tom |
| 20 | jerry |
| 30 | rose |
| 40 | ellen |
+------+-------+
4 rows in set (0.00 sec)
mysql> delete from t1;
ERROR 1142 (42000): DELETE command denied to user 'tom2'@'192.168.8.254' for tab
le 't1'
mysql> commit;
Query OK, 0 rows affected (0.05 sec)
mysql> select * from t1;
+------+-------+
| id | name |
+------+-------+
| 10 | tom |
| 20 | jerry |
| 30 | rose |
| 40 | ellen |
+------+-------+
4 rows in set (0.00 sec)
4、回收tom2的update权限:
mysql> revoke update on prod.* from tom2;
Query OK, 0 rows affected (0.00 sec)
tom2再重新登陆:
C:\Users\Administrator>mysql -h 192.168.8.240 -utom2 -ptom2
mysql> use prod;
Database changed
mysql> update t1 set name='lily' where id=10;
ERROR 1142 (42000): UPDATE command denied to user 'tom2'@'192.168.8.254' for tab
le 't1'
---update失败!
二、修改用户口令:
1、root用户修改普通用户口令
mysql> set password for tom1=password('oracle');
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
tom1重新登陆:
C:\Users\Administrator>mysql -h 192.168.8.240 -utom1 -ptom1
Warning: Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'tom1'@'192.168.8.254' (using passwor
d: YES)
---旧口令登陆失败!
C:\Users\Administrator>mysql -h 192.168.8.240 -utom1 -poracle
mysql>
2、普通用户修改自己密码:
C:\Users\Administrator>mysql -h 192.168.8.240 -utom1 -poracle
mysql> set password=password('tom1');
Query OK, 0 rows affected (0.00 sec)
重新登陆:
C:\Users\Administrator>mysql -h 192.168.8.240 -utom1 -ptom1
mysql>
---新密码登陆成功 !
三、删除用户:
1、回收用户所有权限
mysql> revoke all on prod.* from tom2;
Query OK, 0 rows affected (0.01 sec)
2、删除用户
mysql> drop user tom2;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> select user,host from user;
+-------+-----------+ | user | host | +-------+-----------+ | jerry | % | | rose | % | | tom | % | | tom1 | % | | root | 127.0.0.1 | | root | ::1 | | | localhost | | jerry | localhost | | root | localhost | | rose | localhost | | scott | localhost | | tom | localhost | | | mysrv | | root | mysrv | +-------+-----------+ 14 rows in set (0.00 sec)------- 摘要 --------------------------------------
创建用户:
GRANT insert, update ON testdb.* TO user1@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
CREATE USER user2 IDENTIFIED BY 'password';
分配权限:
GRANT select ON testdb.* TO user2;
查看权限:
SHOW GRANTS FOR user1;
修改密码:
SET PASSWORD FOR user1 = PASSWORD('newpwd');
SET PASSWORD = PASSWORD('newpwd');
移除权限:
REVOKE all ON *.* FROM user1;
删除用户:
DROP USER user1;
数据库列表:
SHOW DATABASES;
数据表列表:
SHOW TABLES;
当前数据库:
SELECT DATABASE();
当前用户:
SELECT USER();
数据表结构:
DESCRIBE table1;
刷新权限:
FLUSH PRIVILEGES;
grant和revoke可以在几个层次上控制访问权限
1,整个服务器,使用 grant ALL 和revoke ALL
2,整个数据库,使用on database.*
3,特点表,使用on database.table
4,特定的列
5,特定的存储过程
user表中host列的值的意义
% 匹配所有主机
localhost localhost不会被解析成IP地址,直接通过UNIXsocket连接
127.0.0.1 会通过TCP/IP协议连接,并且只能在本机访问;
::1 ::1就是兼容支持ipv6的,表示同ipv4的127.0.0.1
grant 普通数据用户,查询、插入、更新、删除 数据库中所有表数据的权利。
grant select on testdb.* to common_user@’%’
grant insert on testdb.* to common_user@’%’
grant update on testdb.* to common_user@’%’
grant delete on testdb.* to common_user@’%’
或者,用一条 MySQL 命令来替代:
grant select, insert, update, delete on testdb.* to common_user@’%’
grant 数据库开发人员,创建表、索引、视图、存储过程、函数。。。等权限。
grant 创建、修改、删除 MySQL 数据表结构权限。
grant create on testdb.* to developer@’192.168.0.%’;
grant alter on testdb.* to developer@’192.168.0.%’;
grant drop on testdb.* to developer@’192.168.0.%’;
grant 操作 MySQL 外键权限。
grant references on testdb.* to developer@’192.168.0.%’;
grant 操作 MySQL 临时表权限。
grant create temporary tables on testdb.* to developer@’192.168.0.%’;
grant 操作 MySQL 索引权限。
grant index on testdb.* to developer@’192.168.0.%’;
grant 操作 MySQL 视图、查看视图源代码 权限。
grant create view on testdb.* to developer@’192.168.0.%’;
grant show view on testdb.* to developer@’192.168.0.%’;
grant 操作 MySQL 存储过程、函数 权限。
grant create routine on testdb.* to developer@’192.168.0.%’; -- now, can show procedure status
grant alter routine on testdb.* to developer@’192.168.0.%’; -- now, you can drop a procedure
grant execute on testdb.* to developer@’192.168.0.%’;
grant 普通 DBA 管理某个 MySQL 数据库的权限。
grant all privileges on testdb to dba@’localhost’
其中,关键字 “privileges” 可以省略。
grant 高级 DBA 管理 MySQL 中所有数据库的权限。
grant all on *.* to dba@’localhost’
MySQL grant 权限,分别可以作用在多个层次上。
1. grant 作用在整个 MySQL 服务器上:
grant select on *.* to dba@localhost; -- dba 可以查询 MySQL 中所有数据库中的表。
grant all on *.* to dba@localhost; -- dba 可以管理 MySQL 中的所有数据库
2. grant 作用在单个数据库上:
grant select on testdb.* to dba@localhost; -- dba 可以查询 testdb 中的表。
3. grant 作用在单个数据表上:
grant select, insert, update, delete on testdb.orders to dba@localhost;
4. grant 作用在表中的列上:
grant select(id, se, rank) on testdb.apache_log to dba@localhost;
5. grant 作用在存储过程、函数上:
grant execute on procedure testdb.pr_add to ’dba’@’localhost’
grant execute on function testdb.fn_add to ’dba’@’localhost’
注意:修改完权限以后 一定要刷新服务,或者重启服务,刷新服务用:FLUSH PRIVILEGES。
How to install MySQL on Linux systemApr 29, 2025 pm 03:57 PMInstalling MySQL on Linux can be done through the package manager. The specific steps are as follows: 1. On Ubuntu, use apt to update the package list and install the MySQL server; 2. On CentOS, use yum to install the MySQL community version and start the service. After installation, basic configuration needs to be performed, such as setting the root password and creating database and users.
Creation and usage scenarios of MySQL viewsApr 29, 2025 pm 03:54 PMMySQL views are virtual tables generated based on SQL queries. 1. Create a view: Use the CREATEVIEW statement combined with SELECT query. 2. Usage scenarios: simplify complex queries, data abstraction and ensure data consistency. 3. Optimization strategy: simplify underlying queries, use indexes, and consider materialized views.
Specify character sets and collations when creating databases in MySQLApr 29, 2025 pm 03:51 PMWhen creating a database in MySQL, character sets and collation rules should be specified to ensure data accuracy and improve query performance. 1) Use the CREATEDATABASEmy_databaseCHARACTERSETutf8mb4COLLATIONutf8mb4_unicode_ci command to create a database, select the utf8mb4 character set and utf8mb4_unicode_ci collation. 2) utf8mb4 supports more Unicode characters, while utf8mb4_unicode_ci provides case-insensitive comparisons. 3) Ensure that the application layer and database layer use the same character set and collation rules to avoid potential problems.
How to sort and rank data in MySQLApr 29, 2025 pm 03:48 PMIn MySQL, sorting uses the ORDERBY clause, and ranking uses the RANK(), DENSE_RANK(), and ROW_NUMBER() functions. 1. Sort: Use ORDERBY clause, such as SELECT*FROMemployeesORDERBYsalaryDESC; 2. Ranking: Use window functions, such as SELECTemployee_name, salary, RANK()OVER(ORDERBYsalaryDESC)ASrankFROMemployees; these operations are based on SQL query optimizer and execution engine, and are often used to sort quickly or merge sort, and ranking depends on window function calculation.
Creation and calling methods of MySQL stored proceduresApr 29, 2025 pm 03:45 PMTo create and call stored procedures in MySQL, follow the following steps: 1. Create stored procedures: Use the CREATEPROCEDURE statement to define stored procedures, including names, parameters, and SQL statements. 2. Compile stored procedures: MySQL compiles stored procedures into executable code and stores them. 3. Call stored procedure: use CALL statement and pass parameters. 4. Execute stored procedures: MySQL executes the SQL statements in it, processes parameters and returns the result.
How to set up MySQL service automatically startsApr 29, 2025 pm 03:42 PMThe MySQL service can be set to automatically start on Windows, Linux, and macOS. 1) On Windows, use the command "scconfigmysqlstart=auto" to configure. 2) On Linux, enable it using "sudosystemctlenablemysql". 3) On macOS, create and load the launchd configuration file to achieve automatic startup.
How to view detailed structure information of MySQL tablesApr 29, 2025 pm 03:39 PMThe methods to view the MySQL table structure include: 1. Use the DESCRIBE command to view column information; 2. Use the SHOWCREATETABLE command to view table creation statements; 3. Use information_schema to query more detailed information. These methods help to quickly understand table structure and improve work efficiency.
Detailed explanation of the installation steps of MySQL on macOS systemApr 29, 2025 pm 03:36 PMInstalling MySQL on macOS can be achieved through the following steps: 1. Install Homebrew, using the command /bin/bash-c"$(curl-fsSLhttps://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)". 2. Update Homebrew and use brewupdate. 3. Install MySQL and use brewinstallmysql. 4. Start MySQL service and use brewservicesstartmysql. After installation, you can use mysql-u
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Atom editor mac version download
The most popular open source editor
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
MantisBT
Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.
Zend Studio 13.0.1
Powerful PHP integrated development environment
