1,MySQL權限體系
mysql 的權限體系大體分爲5個層級:
全局層級:
全局權限適用於一個給定服務器中的全部數據庫。這些權限存儲在mysql.user表中。GRANT ALL ON .和REVOKE ALL ON .只授予和撤銷全局權限。
數據庫層級:
數據庫權限適用於一個給定數據庫中的全部目標。這些權限存儲在mysql.db表中。GRANT ALL ON db_name.和REVOKE ALL ON db_name.只授予和撤銷數據庫權限。
表層級:
表權限適用於一個給定表中的全部列。這些權限存儲在mysql.talbes_priv表中。GRANT ALL ON db_name.tbl_name和REVOKE ALL ON db_name.tbl_name只授予和撤銷表權限。
列層級:
列權限適用於一個給定表中的單一列。這些權限存儲在mysql.columns_priv表中。當使用REVOKE時,您必須指定與被受權列相同的列。
子程序層級:
CREATE ROUTINE, ALTER ROUTINE, EXECUTE和GRANT權限適用於已存儲的子程序。這些權限能夠被授予爲全局層級和數據庫層級。並且,除了CREATE ROUTINE外,這些權限能夠被授予爲子程序層級,並存儲在mysql.procs_priv表中。css
這些權限信息存儲在下面的系統表中:
mysql.user
mysql.db
mysql.host
mysql.table_priv
mysql.column_priv
mysql. procs_priv
當用戶鏈接進來,mysqld會經過上面的這些表對用戶權限進行驗證!html
2, 千里追蹤之5表
相對於oracle來講,mysql的特性是能夠限制ip,用戶user、ip地址host、密碼passwd這3個是用戶管理的基礎,權限的細節基本在mysql.user、mysql.db、mysql.host、mysql.table_priv、mysql.column_priv這幾張表就能夠看到不少細節,接下來仔細分析這些表就能夠知道權限的奧祕。mysql
<版權全部,文章容許轉載,但必須以連接方式註明源地址,不然追究法律責任!>
原博客地址: http://blog.csdn.net/mchdba/article/details/45921045
原做者:黃杉 (mchdba)sql
演示過程當中須要創建用戶來演示,先簡單介紹下如何建立用戶:
GRANT priv_type ON database.table
TO user[IDENTIFIED BY [PASSWORD] ‘password’]
[,user [IDENTIFIED BY [PASSWORD] ‘password’]…]數據庫
示例:
GRANT SELECT, INSERT, UPDATE, DELETE ON d3307.* TO zengxiaoteng@’%’ IDENTIFIED BY ‘0523’;安全
2.1db表
2.1.1 表結構以下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
<code class=
"hljs objectivec"
>mysql>
desc
mysql.db;
+
-----------------------+---------------+------+-----+---------+-------+
| Field | Type |
Null
|
Key
|
Default
| Extra |
+
-----------------------+---------------+------+-----+---------+-------+
| Host |
char
(60) |
NO
| PRI | | |
| Db |
char
(64) |
NO
| PRI | | |
|
User
|
char
(16) |
NO
| PRI | | |
| Select_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Insert_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Update_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Delete_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Create_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Drop_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Grant_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| References_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Index_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Alter_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Create_tmp_table_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Lock_tables_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Create_view_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Show_view_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Create_routine_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Alter_routine_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Execute_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Event_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Trigger_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
+
-----------------------+---------------+------+-----+---------+-------+
22
rows
in
set
(0.02 sec)
mysql></code>
|
2.1.2分析以下:
db表存儲了全部對一個數據庫的全部操做權限。建立用戶的時候,都會往Host字段,User字段,Password字段錄入用戶信息;服務器
而當執行 GRANT SELECT,INSERT ON d3307.* TO u4@’%’ IDENTIFIED BY ‘u40523’;相似的受權語句的話,Select_priv和Insert_priv字段的值會變成Y其它字段仍然是N;
當你執行了GRANT ALL ON d3307.* TO u4@’%’ IDENTIFIED BY ‘u40523’;相似的複製語句的話,後面的字段都會變成Y的值;
2.1.3 建立單個select、insert授予權限
建立用戶:markdown
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
>
GRANT
SELECT
,
INSERT
ON
d3307.*
TO
user4@
'192.168.52'
IDENTIFIED
BY
'user0523'
;</code></code>
|
應該除了Host、db、user字段有值,除了Select_priv、Insert_priv值爲Y外,其它的都是N。oracle
查看mysql.db表的記錄正是如此,以下所示:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
>mysql>
SELECT
*
FROM
mysql.`db`
where
user
=
'user4'
\G;
*************************** 1. row ***************************
Host: 192.168.52
Db: d3307
User
: user4
Select_priv: Y
Insert_priv: Y
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Execute_priv: N
Event_priv: N
Trigger_priv: N
1 row
in
set
(0.01 sec)
ERROR:
No
query specified
mysql></code></code></code>
|
2.1.4 授予ALL權限
執行sql語句創建用戶:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
>
GRANT
ALL
ON
d3307.*
TO
dba5@
'192.168.52.1'
IDENTIFIED
BY
'dba0523'
;</code></code></code></code>
|
創建用戶的時候,以下所示,除了Host、db、user字段外,全部的*_priv字段記錄都會變成Y值,(Grant_priv仍然是N值除非加了WITH* GRANT OPTION執行GRANT ALL ON d3307.* TO dba5@’192.168.52.1’ IDENTIFIED BY ‘dba0523’ WITH GRANT OPTION ;)
以下所示:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
>mysql>
SELECT
*
FROM
mysql.`db`
where
user
=
'dba5'
\G;
*************************** 1. row ***************************
Host: 192.168.52.1
Db: d3307
User
: dba5
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Grant_priv: N
References_priv: Y
Index_priv: Y
Alter_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Execute_priv: Y
Event_priv: Y
Trigger_priv: Y
1 row
in
set
(0.00 sec)
ERROR:
No
query specified
mysql></code></code></code></code></code>
|
2.2 user表
2.2.1 表結構:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
>mysql>
desc
mysql.
user
;
+
------------------------+-----------------------------------+------+-----+---------+-------+
| Field | Type |
Null
|
Key
|
Default
| Extra |
+
------------------------+-----------------------------------+------+-----+---------+-------+
| Host |
char
(60) |
NO
| PRI | | |
|
User
|
char
(16) |
NO
| PRI | | |
|
Password
|
char
(41) |
NO
| | | |
| Select_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Insert_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Update_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Delete_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Create_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Drop_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Reload_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Shutdown_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Process_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| File_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Grant_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| References_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Index_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Alter_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Show_db_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Super_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Create_tmp_table_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Lock_tables_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Execute_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Repl_slave_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Repl_client_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Create_view_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Show_view_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Create_routine_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Alter_routine_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Create_user_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Event_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Trigger_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| Create_tablespace_priv | enum(
'N'
,
'Y'
) |
NO
| | N | |
| ssl_type | enum(
''
,
'ANY'
,
'X509'
,
'SPECIFIED'
) |
NO
| | | |
| ssl_cipher | blob |
NO
| |
NULL
| |
| x509_issuer | blob |
NO
| |
NULL
| |
| x509_subject | blob |
NO
| |
NULL
| |
| max_questions |
int
(11) unsigned |
NO
| | 0 | |
| max_updates |
int
(11) unsigned |
NO
| | 0 | |
| max_connections |
int
(11) unsigned |
NO
| | 0 | |
| max_user_connections |
int
(11) unsigned |
NO
| | 0 | |
| plugin |
char
(64) | YES | | | |
| authentication_string | text | YES | |
NULL
| |
| password_expired | enum(
'N'
,
'Y'
) |
NO
| | N | |
+
------------------------+-----------------------------------+------+-----+---------+-------+
43
rows
in
set
(0.10 sec)
mysql>
</code></code></code></code></code>
|
2.2.2 分析
存儲用戶記錄的表,存儲了用戶的信息,每一次建立用戶的時候,都會往這個表裏錄入記錄,當你執行了,都會往Host字段,User字段,Password字段錄入數據,可是後面的Select_priv、Insert_priv、Update_priv等字段的值,只有賦予GRANT ALL ON . TO timdba@’192.%’ IDENTIFIED BY ‘timdba0523’;相似的對全部庫的操做權限的時候纔會被記錄成Y,不然都記錄成N。
2.2.3 建立對庫全部表有操做權限的普通用戶
建立用戶:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
>
GRANT
SELECT
,
UPDATE
ON
d3307.*
TO
user6@
'192.168.52.1'
IDENTIFIED
BY
'user0523'
;</code></code></code></code></code></code>
|
分析結果:存儲在mysql.user表裏面的記錄當中,Host、User、Password是有值的,可是其它的Select_priv等*_priv字段值都是N。
驗證結果,去查看錶裏的存儲記錄,以下所示:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
>mysql>
SELECT
*
FROM
mysql.
user
where
user
=
'user6'
\G;
*************************** 1. row ***************************
Host: 192.168.52.1
User
: user6
Password
: *A4D1F6ACEBC5D3EB0F6D33C7DCC629E8BE55B75A
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
Event_priv: N
Trigger_priv: N
Create_tablespace_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin: mysql_native_password
authentication_string:
password_expired: N
1 row
in
set
(0.00 sec)
ERROR:
No
query specified
mysql></code></code></code></code></code></code></code>
|
2.2.4 建立對於全部表有操做權限的用戶
建立用戶:
|
1
2
3
4
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
>mysql>
GRANT
SELECT
,
UPDATE
ON
*.*
TO
user7@
'%'
IDENTIFIED
BY
'user0523'
;
Query OK, 0
rows
affected (0.00 sec)
mysql></code></code></code></code></code></code></code></code>
|
分析:
基本的Host、User、Password字段有記錄值,而後grant了select和update因此關於*_priv字段中select和update字段有值爲Y,其它*_priv字段值應該是N。
查看記錄結果,分享正確,以下所示:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
>mysql>
SELECT
*
FROM
mysql.
user
where
user
=
'user7'
\G;
*************************** 1. row ***************************
Host: %
User
: user7
Password
: *A4D1F6ACEBC5D3EB0F6D33C7DCC629E8BE55B75A
Select_priv: Y
Insert_priv: N
Update_priv: Y
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
Event_priv: N
Trigger_priv: N
Create_tablespace_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin: mysql_native_password
authentication_string:
password_expired: N
1 row
in
set
(0.00 sec)
ERROR:
No
query specified
mysql></code></code></code></code></code></code></code></code></code>
|
2.3 tables_priv表
2.3.1 查看錶結構
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
>mysql>
desc
mysql.tables_priv;
+
-------------+-----------------------------------------------------------------------------------------------------------------------------------+------+-----+-------------------+-----------------------------+
| Field | Type |
Null
|
Key
|
Default
| Extra |
+
-------------+-----------------------------------------------------------------------------------------------------------------------------------+------+-----+-------------------+-----------------------------+
| Host |
char
(60) |
NO
| PRI | | |
| Db |
char
(64) |
NO
| PRI | | |
|
User
|
char
(16) |
NO
| PRI | | |
| Table_name |
char
(64) |
NO
| PRI | | |
| Grantor |
char
(77) |
NO
| MUL | | |
|
Timestamp
|
timestamp
|
NO
| |
CURRENT_TIMESTAMP
|
on
update
CURRENT_TIMESTAMP
|
| Table_priv |
set
(
'Select'
,
'Insert'
,
'Update'
,
'Delete'
,
'Create'
,
'Drop'
,
'Grant'
,
'References'
,
'Index'
,
'Alter'
,
'Create View'
,
'Show view'
,
'Trigger'
) |
NO
| | | |
| Column_priv |
set
(
'Select'
,
'Insert'
,
'Update'
,
'References'
) |
NO
| | | |
+
-------------+-----------------------------------------------------------------------------------------------------------------------------------+------+-----+-------------------+-----------------------------+
8
rows
in
set
(0.00 sec)
mysql>
</code></code></code></code></code></code></code></code></code>
|
2.3.2 分析:
記錄了對一個表的單獨受權記錄,只有執行grant insert on dbname.tablename to user1@’%’identified by ‘pwd’;相似的受權記錄纔會在這個表裏錄入受權信息;其中各個字段涵義以下:
字段 |
存儲的數據 |
|---|---|
Host字段 |
用戶的登陸ip範圍 |
User字段 |
表所在的數據庫名稱 |
Table_name字段 |
受權的表的名稱 |
Grantor字段 |
執行grant創建用戶的受權者 |
Timestamp字段 |
0000-00-00 00:00:00 |
Table_priv字段 |
所授予的操做表的權限,好比select、udate、delete等 |
Column_priv字段 |
對這個表的某個字段單獨授予的權限 |
另外當賦予all在某張表上的時候,Table_priv列會多處全部關於表的受權記錄,描述以下:
Select,Insert,Update,Delete,Create,Drop,References,Index,Alter,Create View,Show view,Trigger。
2.3.3 建立單獨操做這個表的用戶
建立用戶:
|
1
2
3
4
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
>mysql>
GRANT
INSERT
,
SELECT
,
UPDATE
ON
d3307.t
TO
user8@
'192.168.52.1'
IDENTIFIED
BY
'dba0523'
;
Query OK, 0
rows
affected (0.00 sec)
mysql></code></code></code></code></code></code></code></code></code></code>
|
分析結果:
應該是Host、Db、User、Table_name、Grantor、Timestamp、Table_priv是有值的,可是Column_priv沒有值,由於沒有單獨對某一個列作了受權限制的。
查看權限,以下所示:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
>mysql>
SELECT
*
FROM
mysql.tables_priv
where
user
=
'user8'
\G;
*************************** 1. row ***************************
Host: 192.168.52.1
Db: d3307
User
: user8
Table_name: t
Grantor: root@localhost
Timestamp
: 0000-00-00 00:00:00
Table_priv:
Select
,
Insert
,
Update
Column_priv:
1 row
in
set
(0.00 sec)
ERROR:
No
query specified
mysql></code></code></code></code></code></code></code></code></code></code></code>
|
2.3.4 單獨爲某個列受權
受權語句操做:
|
1
2
3
4
5
6
7
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
>mysql>
GRANT
UPDATE
(created_time)
ON
d3307.t
TO
user8@
'192.168.52.1'
;
Query OK, 0
rows
affected (0.00 sec)
mysql>
GRANT
SELECT
(uname)
ON
d3307.t
TO
user8@
'192.168.52.1'
;
Query OK, 0
rows
affected (0.00 sec)
mysql></code></code></code></code></code></code></code></code></code></code></code></code>
|
分析:
單獨爲某個列受權,會記錄在這個表的Column_priv字段裏面,會記錄下對單個列的受權操做記錄
查看記錄:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
>mysql>
SELECT
*
FROM
mysql.tables_priv
where
user
=
'user8'
\G;
*************************** 1. row ***************************
Host: 192.168.52.1
Db: d3307
User
: user8
Table_name: t
Grantor: root@localhost
Timestamp
: 0000-00-00 00:00:00
Table_priv:
Select
,
Insert
,
Update
Column_priv:
Select
,
Update
1 row
in
set
(0.00 sec)
ERROR:
No
query specified
mysql></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
並且還會在另一個權限表mysql.columns_priv留下記錄單獨的受權記錄,以下所示:
|
1
2
3
4
5
6
7
8
9
10
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
>mysql>
SELECT
*
FROM
mysql.columns_priv
WHERE
USER
=
'user8'
;
+
--------------+-------+-------+------------+--------------+---------------------+-------------+
| Host | Db |
User
| Table_name | Column_name |
Timestamp
| Column_priv |
+
--------------+-------+-------+------------+--------------+---------------------+-------------+
| 192.168.52.1 | d3307 | user8 | t | created_time | 0000-00-00 00:00:00 |
Update
|
| 192.168.52.1 | d3307 | user8 | t | uname | 0000-00-00 00:00:00 |
Select
|
+
--------------+-------+-------+------------+--------------+---------------------+-------------+
2
rows
in
set
(0.00 sec)
mysql></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
2.4 columns_priv表
2.4.1 表結構以下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
>mysql>
desc
mysql.columns_priv;
+
-------------+----------------------------------------------+------+-----+-------------------+-----------------------------+
| Field | Type |
Null
|
Key
|
Default
| Extra |
+
-------------+----------------------------------------------+------+-----+-------------------+-----------------------------+
| Host |
char
(60) |
NO
| PRI | | |
| Db |
char
(64) |
NO
| PRI | | |
|
User
|
char
(16) |
NO
| PRI | | |
| Table_name |
char
(64) |
NO
| PRI | | |
| Column_name |
char
(64) |
NO
| PRI | | |
|
Timestamp
|
timestamp
|
NO
| |
CURRENT_TIMESTAMP
|
on
update
CURRENT_TIMESTAMP
|
| Column_priv |
set
(
'Select'
,
'Insert'
,
'Update'
,
'References'
) |
NO
| | | |
+
-------------+----------------------------------------------+------+-----+-------------------+-----------------------------+
7
rows
in
set
(0.04 sec)
mysql>
</code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
2.4.2 分析
單獨對某一列有操做權限的時候,會將權限信息記錄在這個表裏面,好比新創建一個帳號GRANT UPDATE(uname) ON d3307.t TO user9@’192.168.52.%’ IDENTIFIED BY ‘user0520’; 那麼就會在這個表上錄入受權信息記錄,重點看Column_name字段和Column_priv字段的值。
2.4.3 實際操做
建立用戶操做:
|
1
2
3
4
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
>mysql>
GRANT
UPDATE
(uname)
ON
d3307.t
TO
user9@
'192.168.52.%'
IDENTIFIED
BY
'user0520'
;
Query OK, 0
rows
affected (0.00 sec)
mysql></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
查看結果,會在這個columns_priv表留下一條記錄:
|
1
2
3
4
5
6
7
8
9
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
>mysql>
SELECT
*
FROM
mysql.columns_priv
WHERE
USER
=
'user9'
;
+
--------------+-------+-------+------------+-------------+---------------------+-------------+
| Host | Db |
User
| Table_name | Column_name |
Timestamp
| Column_priv |
+
--------------+-------+-------+------------+-------------+---------------------+-------------+
| 192.168.52.% | d3307 | user9 | t | uname | 0000-00-00 00:00:00 |
Update
|
+
--------------+-------+-------+------------+-------------+---------------------+-------------+
1 row
in
set
(0.00 sec)
mysql></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
2.5 procs_priv表
2.5.1 表結構
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
>mysql>
desc
proxies_priv;
+
--------------+------------+------+-----+-------------------+-----------------------------+
| Field | Type |
Null
|
Key
|
Default
| Extra |
+
--------------+------------+------+-----+-------------------+-----------------------------+
| Host |
char
(60) |
NO
| PRI | | |
|
User
|
char
(16) |
NO
| PRI | | |
| Proxied_host |
char
(60) |
NO
| PRI | | |
| Proxied_user |
char
(16) |
NO
| PRI | | |
| With_grant | tinyint(1) |
NO
| | 0 | |
| Grantor |
char
(77) |
NO
| MUL | | |
|
Timestamp
|
timestamp
|
NO
| |
CURRENT_TIMESTAMP
|
on
update
CURRENT_TIMESTAMP
|
+
--------------+------------+------+-----+-------------------+-----------------------------+
7
rows
in
set
(0.04 sec)
mysql></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
2.6.2分析:
procs_priv表能夠對存儲過程和存儲函數進行權限設置。主要字段:proc_priv。
3,建立用戶
3.一、CREATE USER建立用戶
使用CREATE USER語句建立用戶,必需要擁有CREATE USER權限。其格式以下:
|
1
2
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
>
CREATE
USER
user
[IDENTIFIED
BY
[
PASSWORD
]
'password'
],
[
user
[IDENTIFIED
BY
[
PASSWORD
]
'password'
]]...</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
其中,user參數表示新建用戶的帳戶,user由用戶名(User)和主機名(Host)構成;IDENTIFIED BY關鍵字用來設置用戶的密碼;password參數表示用戶的密碼;若是密碼是一個普通的字符串,就不須要使用PASSWORD關鍵字。能夠沒有初始密碼。
例如
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
>
CREATE
USER
'sys'
@
'%'
IDENTIFIED
BY
'sys'
;</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
執行以後user表會增長一行記錄,但權限暫時所有爲‘N’。
3.二、用INSERT語句新建普通用戶
可使用INSERT語句直接將用戶的信息添加到mysql.user表。但必須擁有mysql.user表的INSERT權限。
另外,ssl_cipher、x509_issuer、x509_subject等必需要設置值,不然INSERT語句沒法執行。
示例:
INSERT INTO mysql.user(Host,User,Password,ssl_cipher,x509_issuer,x509_subject) VALUES(‘%’,’newuser1’,PASSWORD(‘123456’),」,」,」)
執行INSERT以後,要使用命令:FLUSH PRIVILEGES;命令來使用戶生效。
3.三、用GRANT語句來新建普通用戶
用GRANT來建立新的用戶時,可以在建立用戶時爲用戶受權。但須要擁有GRANT權限。
語法以下:
|
1
2
3
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
>
GRANT
priv_type
ON
database
.
table
TO
user
[IDENTIFIED
BY
[
PASSWORD
]
'password'
]
[,
user
[IDENTIFIED
BY
[
PASSWORD
]
'password'
]...]</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
priv_type:參數表示新yoghurt的權限;
databse.table:參數表示新用戶的權限範圍;
user:參數新用戶的帳戶,由用戶名和主機構成;
IDENTIFIED BY關鍵字用來設置密碼;
password:新用戶密碼;
PS:GRANT語句能夠同時建立多個用戶。.與db.*的區別在於。.對全部數據庫生效,因此user表的SELECT會變爲Y。而db.*user表爲’N’,更改的是Db表。
4,刪除用戶
4.1 drop user刪除用戶
DROP USER語句刪除普通用戶,須要擁有DROP USER權限。
語法以下:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
>
DROP
USER
user
[,
user
]...</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
user是須要刪除的用戶,由用戶名(User)和主機名(Host)構成。
4.2 DELETE語句刪除普通用戶
可使用DELETE語句直接將用戶的信息從mysql.user表中刪除。但必須擁有對mysql.user表的DELETE權限。DELETE FROM mysql.user WHERE Host = ‘%’ AND User = ‘admin’; 刪除完成後,同樣要FLUSH PRIVILEGES才生效。
5,修改用戶密碼
5.1 使用mysqladmin命令來修改root用戶的密碼
語法:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
>mysqladmin -u -username -p
password
"new_password"
</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
新密碼(new_password)必須用括號括起來,單引號會報錯。
示例,修改中要輸入舊的密碼來驗證:
|
1
2
3
4
5
6
7
8
9
10
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
>[root@data02 ~]# mysqladmin -u timman -p
password
"tim"
--socket=/usr/local/mysql3307/mysql.sock
Enter
password
:
[root@data02 ~]#
[root@data02 ~]# mysql
--socket=/usr/local/mysql3307/mysql.sock -utimman -ptim -e "select @@port";
+
--------+
| @@port |
+
--------+
| 3307 |
+
--------+
[root@data02 ~]#</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
5.2 修改user表
UPDATE user表的passwor字段的值,也能夠達到修改密碼的目的;
|
1
2
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
>
UPDATE
user
SET
Password
=
PASSWORD
(
'123'
)
WHERE
USER
=
'myuser'
;
FLUSH
PRIVILEGES
;</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
刷新後生效。
5.3 使用SET語句來修改密碼
使用root用戶登陸到MySQL服務器後,可使用SET語句來修改密碼:
修改本身的密碼,不須要用戶名
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
>
SET
PASSWORD
=
PASSWORD
(
"123"
);</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
修改其餘用戶密碼:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs ruleslanguage"
>
SET
PASSWORD
FOR
'myuser'
@
'%'
=
PASSWORD
(
"123456"
)
FOR
用戶名@主機名</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
5.4 GRANT語句來修改普通用戶的密碼
使用GRANT語句修改普通用戶的密碼,必須擁有GRANT權限。
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs ruleslanguage"
><code class=
"hljs sql"
>
GRANT
priv_type
ON
database
.
table
TO
user
[IDENTIFIED
BY
[
PASSWORD
]
'password'
]</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
示例:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs ruleslanguage"
><code class=
"hljs sql"
><code class=
"hljs sql"
>
GRANT
SELECT
ON
*.*
TO
'user10'
@
'%'
IDENTIFIED
BY
'123'
</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
5.5 忘記用戶密碼的解決辦法
普通用戶,直接用root超級管理員登陸進去修改密碼就能夠了,可是若是root密碼丟失了,怎麼辦呢?
5.5.1 msyqld_saft方式找回密碼
中止mysql:service mysqld stop;
安全模式啓動:mysqld_safe –skip-grant-tables &
無密碼回車鍵登陸:mysql -uroot –p
重置密碼:use mysql; update user set password=password(「」) where user=’root’ and host=’localhost’; flush privileges;
正常啓動:service mysql restart
再使用mysqladmin: mysqladmin password ‘123456’
5.5.2 使用普通帳號來找回密碼
–>(1):有一個修改test庫的用戶:grant create,delete,update,insert,select on d3307.* to test@’%’ identified by ‘t1’;
–>(2):複製user表文件到test庫下而且賦予mysql用戶訪問權限:
cp /home/data/mysql/data/mysql/user.* /home/data/mysql/data/test/;chown mysql.mysql /home/data/mysql/data/test/user.*
–>(3):mysql -utest -pt1登陸修改root密碼:
–>(4):將test庫的user表文件覆蓋 mysql庫的user表文件
cp /home/data/mysql/data/mysql/user.* /tmp/; mv /home/data/mysql/data/test/user.* /home/data/mysql/data/mysql/ ; chown mysql.mysql /home/data/mysql/data/mysql/user.*;
–>(5):查找mysql進程號,而且發送SIGHUP信號,從新加載權限表。
pgrep -n mysql; kill -SIGHUP 12234;
–>(6):無密碼登陸,再使用mysqladmin從新設置密碼。
PS:請參考第20課的視頻,那裏有詳細的記錄整個過修改密碼的過程。
6,收回用戶權限
查看權限:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs ruleslanguage"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
>SHOW GRANTS; SHOW GRANTS
FOR
user10@
'%'
; </code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
或者直接執行sql命令去mysql數據庫下的user表中查看存儲着用戶的基本權限:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs ruleslanguage"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
>
SELECT
*
FROM
mysql.
user
WHERE
USER
=
'user10'
AND
HOST=
'%'
; </code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
使用revoke關鍵字來收回權限:
|
1
2
3
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs ruleslanguage"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs css"
>
REVOKE
priv_type[(column_list)]
ON
database
.
table
FROM
user
[,
user
]</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
示例:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs ruleslanguage"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs css"
><code class=
"hljs vbnet"
>
REVOKE
EXECUTE
ON
d3307.*
FROM
user10@
'%'
;</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
7,數據庫用戶劃分
7.1 普通數據管理用戶:
賦予對業務表的查詢維護權限便可,受權sql以下:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs ruleslanguage"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs css"
><code class=
"hljs vbnet"
><code class=
"hljs sql"
>
GRANT
SELECT
,
INSERT
,
UPDATE
,
DELETE
ON
d3307.*
TO
zengxiaoteng@
'%'
IDENTIFIED
BY
'0523'
;</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
7.2 開發人員帳戶:
賦予增刪改查的權限,受權sql以下:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs ruleslanguage"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs css"
><code class=
"hljs vbnet"
><code class=
"hljs sql"
><code class=
"hljs sql"
>
GRANT
SELECT
,
INSERT
,
DELETE
,
UPDATE
ON
d3307.*
TO
huyan@
'%'
IDENTIFIED
BY
'0523'
; </code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
授予建立、修改、刪除 MySQL 數據表結構權限。
|
1
2
3
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs ruleslanguage"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs css"
><code class=
"hljs vbnet"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
>
GRANT
CREATE
ON
d3307.*
TO
huyan@’192.168.52.11’;
GRANT
ALTER
ON
d3307.*
TO
huyan@’192.168.52.11’;
GRANT
DROP
ON
d3307.*
TO
huyan@’192.168.52.11’;</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
授予操做 MySQL 外鍵權限:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs ruleslanguage"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs css"
><code class=
"hljs vbnet"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs sql"
>
GRANT
REFERENCES
ON
d3307.*
TO
huyan@’192.168.52.11’;</code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code></code>
|
授予操做 MySQL 臨時表權限:
|
1
|
<code class=
"hljs objectivec"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs sql"
><code class=
"hljs markdown"
><code class=
"hljs sql"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs mathematica"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs lasso"
><code class=
"hljs markdown"
><code class=
"hljs asciidoc"
><code class=
"hljs lasso"
><code class=
"hljs smalltalk"
><code class=
"hljs asciidoc"
><code class=
"hljs r"
><code class=
"hljs sql"
><code class=
"hljs r"
><code class=
"hljs r"
><code class=
"hljs lasso"
><code class=
"hljs asciidoc"
><code class=
"hljs sql"
><code class=
"hljs sql"
><code class=
"hljs ruleslanguage"
><code class=
"hljs sql"
><code class=
"hljs sql"
|