用戶帳戶管理:
'Username'@'Hostname'
Username:任意的字符串組合,只能包含基本意義的字符;能夠包含"_"、"."、"-";
Hostname:能夠爲FQDN(徹底合格域名),域名,IP地址,可以使用MySQL通配符"_"表明任意單個字符"%"表明任意多個任意字符;
建立用戶帳戶:
CREATE USER語句:
CREATE USER user [IDENTIFIED BY [PASSWORD] 'password' | IDENTIFIED WITH auth_plugin [AS 'auth_string']]
示例:
MariaDB [mysql]> create user 'testuser'@'%';
MariaDB [mysql]> create user 'testuser'@'%' identified by 'qhdlink';
也可使用DML語句建立用戶帳戶:
INSERT INTO mysql.user SET User='testuser',Host='%',Password=PASSWORD('qhdlink');
示例:
MariaDB [mysql]> insert into user set User='user1',Host='%',Password=PASSWORD('qhdlink'),ssl_cipher='',x509_issuer='',x509_subject='',authentication_string='';
重命名用戶帳戶:
RENAME USER語句:
RENAME USER old_user TO new_user [, old_user TO new_user] ...
示例:
MariaDB [mysql]> rename user 'testuser'@'%' to 'test'@'172.16.%.%';
也可使用DML語句重命名用戶帳戶:
示例:
MariaDB [mysql]> update user set User='user01',Host='172.16.75.%' where User='user1';
刪除用戶帳戶:
DROP USER語句:
DROP USER user [, user] ...
示例:
MariaDB [mysql]> drop user 'test'@'172.16.%.%';
也可使用DML語句刪除用戶帳戶:
示例:
MariaDB [mysql]> delete from user where User='user01';
用戶帳戶的密碼管理:
1.SET PASSWORD語句:
SET PASSWORD [FOR user] = { PASSWORD('cleartext password') | OLD_PASSWORD('cleartext password') | 'encrypted password' }
示例:
MariaDB [mysql]> set password for 'test'@'%' = PASSWORD('qhdlink');
2.也可使用DML語句修改用戶帳戶密碼:(向該數據庫中插入一條數據)
示例:
MariaDB [mysql]> update user set Password=PASSWORD('qhdlink.com') where User='test';
3.mysqladmin工具:
# mysqladmin -uUSERNAME -hHOSTNAME -p password 'NEW_PASSWORD'
注意:執行此操做的MySQL用戶須要對mysql.user表有修改權限;
忘記MySQL管理員的密碼的解決辦法:
方法一:
1.中止當前的MySQL或MariaDB服務;
2. 在/etc/my.cnf文件中加入下列兩條服務器參數:
skip-grant-tables = ON
skip-networking = ON
3.啓動MySQL或MariaDB服務,使用mysql或mysqladmin客戶端工具以空祕密的root用戶登陸,進行root用戶的密碼修改;
4.從/etc/my.cnf中刪除上述兩條服務器參數,再重啓服務便可;
方法二:
1.中止當前的MySQL或MariaDB服務;
2.使用命令啓動MySQL服務:
# mysqld_safe --skip-grant-tables --skip-networking
3.啓動另外一個會話鏈接,並使用mysql或mysqladmin客戶端工具以空密碼的root用戶的身份修改其密碼;
4.kill掉此前的mysqld-safe及衍生的mysqld服務;
5.再正常啓動服務便可;
用戶受權管理(當用戶不存在時自動建立該用戶):
GRANT語句:
GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
[WITH with_option ...]
priv_type:
SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, RELOAD, REPLICATION CLIENT, REPLICATION SLAVE, SHUTDOWN, FILE, SHOW DATABASES, PROCESS, SUPER
object_type:
TABLE | FUNCTION | PROCEDURE
priv_level:
* | *.* | db_name.* | db_name.tbl_name | tbl_name | db_name.routine_name
*:表示全部的數據庫;
*.*:表示全部數據庫中的全部表對象;
db_name.*:表示指定數據庫中的全部表對象;
db_name.tbl_name:表示指定數據庫中的指定的表對象;
tbl_name:表示當前正在使用的數據庫中的指定的表對象;
db_name.routine_name:表示指定數據庫中的指定存儲函數後存儲過程對象;一般須要使用object_type參數共同決定;
user_specification:
user [ IDENTIFIED BY [PASSWORD] 'password' | IDENTIFIED WITH auth_plugin [AS 'auth_string' ] ]
ssl_option:
SSL | X509 | CIPHER 'cipher' | ISSUER 'issuer' | SUBJECT 'subject'
with_option:
GRANT OPTION | MAX_QUERIES_PER_HOUR count | MAX_UPDATES_PER_HOUR count | MAX_CONNECTIONS_PER_HOUR count | MAX_USER_CONNECTIONS count
示例:
MariaDB [mysql]> grant all privileges on hellodb.* to 'test'@'%';
MariaDB [mysql]> grant select,update on hellodb.students to 'test'@'%';
MariaDB [mysql]> grant select(Name,Age,ClassID) on hellodb.students to 'test'@'%';
也能夠對某些基本表建立視圖以後,再對視圖進行用戶權限受權:
MariaDB [hellodb]> create view stu_base as select Name,Age,ClassID from students;
MariaDB [hellodb]> grant all on hellodb.stu_base to 'test'@'%';
取消受權/收回受權:
REVOKE語句:
REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ...
ON [object_type] priv_level
FROM user [, user] ...
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...
示例:
MariaDB [mysql]> revoke delete on hellodb.* from 'test'@'%';
MariaDB [mysql]> revoke all on hellodb.students from 'test'@'%';
MariaDB [mysql]> revoke select(Age,ClassID) on hellodb.students from 'test'@'%';
注意:在取消已經作出的受權時,REVOKE語句所指定的priv_level部分應該和受權時GRANT語句所指定的priv_level保持絕對一致;不然斷定這次取消受權的操做失敗;
示例:前提是testdb數據庫中包含有tb1和tb2兩張表;
MariaDB [testdb]> grant all on testdb.* to 'test'@'%';
MariaDB [testdb]> revoke all on testdb.tb2 from 'test'@'%';
ERROR 1147 (42000): There is no such grant defined for user 'test' on host '%' on table 'tb2'
正確的取回受權的方式:
MariaDB [testdb]> revoke all on testdb.* from 'test'@'%';
MariaDB [testdb]> grant all on testdb.tb1 to 'test'@'%';
此時,'test'@'%'用戶就只有對testdb數據庫中tb2表有全部操做權限;
查看用戶的受權:
SHOW GRANTS語句:
SHOW GRANTS [FOR user]