8 mysql用戶和權限管理

mysql用戶和賬號，實現用戶認證

1）用戶公開，任何人都能看到；密碼使用mysql中password函數生成

2）賬號密碼不能用登陸linux系統

3）用戶名@主機

---

用戶和權限表

mysql啓動後，此處的表從磁盤加載到內存，可提升mysql的性能

1）user: Contains user accounts, global privileges, and other non-privilege columns.

   user: 用戶賬號、全局權限

用戶賬號 用戶名@主機

    用戶名：16位之內

    主機: 1)主機名：www.hiyang.com

           2)IP或網絡地址，IP/255.255.255.0

            3)通配符，192.168.%.%，%.hiyang.com

登陸mysql時不反解析主機名，能夠加快登陸速度，登陸時使用--skip-name-resolve選項

2）db: Contains database-level privileges.

   db: 庫級別權限

3）host: Obsolete.

   host: 廢棄，整合進入user

4）tables_priv: Contains table-level privileges.

    tables_priv： 表級別權限

5）columns_priv: Contains column-level privileges.

columns_priv:列級別權限

6）procs_priv: Contains stored procedure and function privileges.

procs_priv:  存儲過程和存儲函數相關的權限

7）proxies_priv: Contains proxy-user privileges.

proxies_priv:代理用戶權限

建立臨時表，位於內存中，空間大小有限（heap：16M），不容許隨意建立

CREATE TEMPORARY TABLES

觸發器：主動數據庫，和記錄日誌相關 user: log

---

建立用戶

方式1，自動讀入內存，不用flush

create user username@‘hostname’ [identified by ‘password’]

mysql> create user test@"192.168.8.0/24" identified by 'test';

mysql> show grants for test@"192.168.8.0/24" ;

+------------------------------------------------------------------------------------------------------------------+

| Grants for test@192.168.8.0/24                                                                                   |

+------------------------------------------------------------------------------------------------------------------+

| GRANT USAGE ON *.* TO 'test'@'192.168.8.0/24' IDENTIFIED BY PASSWORD '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29' |

+------------------------------------------------------------------------------------------------------------------+

方式2

GRANT  priv_type [(column_list)]  [, priv_type [(column_list)]] ...  ON [object_type] priv_level  TO user_specification [, user_specification] ... [REQUIRE {NONE | tsl_option [[AND] tsl_option] ...}]  [WITH {GRANT OPTION | resource_option} ...]

GRANT PROXY ON user_specification  TO user_specification [, user_specification] ... [WITH GRANT OPTION]

object_type: {

    TABLE  | FUNCTION  | PROCEDURE }

priv_level: {

    *  | *.*  | db_name.*  | db_name.tbl_name  | tbl_name  | db_name.routine_name

}

user_specification:

    user [ auth_option ]

auth_option: {

    IDENTIFIED BY 'auth_string'

  | IDENTIFIED BY PASSWORD 'hash_string'

  | IDENTIFIED WITH auth_plugin

  | IDENTIFIED WITH auth_plugin AS 'hash_string'

}

tsl_option: {

    SSL

  | X509

  | CIPHER 'cipher'

  | ISSUER 'issuer'

  | SUBJECT 'subject'

}

resource_option: { 資源使用限定

  | MAX_QUERIES_PER_HOUR count；限定每小時登陸的次數

  | MAX_UPDATES_PER_HOUR count

  | MAX_CONNECTIONS_PER_HOUR count

  | MAX_USER_CONNECTIONS count

}

方式3

insert into mysql.user 

查看某個用戶的權限

show grants for user@hostname

添加受權後， 部分受權生效須要，如 insert

1）flush privileges

2）用戶會話從新鏈接

受權指定字段

mysql> grant update(name) on tdb.testdb to test1@"192.168.8.%";

super權限 *.*

mysql> grant super on *.* to test1@"192.168.8.%";

---

刪除用戶

drop user user@hostname

重命名

rename user old_ user@hostname  to new_ user@hostname

---

取消受權 revoke，不用flush

mysql> revoke select on tdb.* from test1@'192.168.8.%';

來自爲知筆記(Wiz)