MySQL權限管理
數據庫的權限管理一直是很麻煩的一件事情,由於權限是很分散的,不容易查看,也不容易修改的完善。可是MySQL的權限管理讓人眼前一亮的感受。由於什麼都是那麼一目瞭然。html
1# 查看權限
好比,咱們想要看看MySQL的root用戶,擁有什麼權限:mysql
(root@localhost)[(none)]> select user(); +----------------+ | user() | +----------------+ | root@localhost | +----------------+ 1 row in set (0.00 sec) (root@localhost)[(none)]> show grants; +----------------------------------------------------------------------------------------------------------------------------------------+ | Grants for root@localhost | +----------------------------------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*A0F874BC7F54EE086FCE60A37CE7887D8B31086B' WITH GRANT OPTION | | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION | +----------------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)
一條show grants解決了問題,而且連grant語句都給咱們了。這樣就是說,咱們稍微修修改改就可用重造出另外一個和root同樣的超級用戶了。sql
或者使用:
show grants for 'xxx'@'xxxxx';數據庫
其中第一條:ide
GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*A0F874BC7F54EE086FCE60A37CE7887D8B31086B' WITH GRANT OPTION
不光光grant 了 . 上的ALL PRIVILEGES 給'root'@'localhost' ,甚至還有驗證密碼和 WITH 信息。實際上這條語句是可用拿來建立這個用戶的。這也是一個另類的建立用戶的方法。ui
查看他人的權限:this
(root@localhost)[(none)]> show grants for test1
-> ;
+------------------------------------------------------------------------------------------------------+
| Grants for test1@% |
+------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'test1'@'%' IDENTIFIED BY PASSWORD '*CFA887C680E792C2DCF622D56FB809E3F8BE63CC' |
+------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
這裏看到用戶'test1'@'%'只有一條權限,這條權限也是默認的建立用戶語句。代理
2# 授予權限:
用戶必然是須要使用數據庫的。因此若是用戶只有usage這個沒用的權限的話,這個用戶就不須要存在了。
語法:code
(root@localhost)[(none)]> help grant
Name: 'GRANT'
Description:
Syntax:
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | tsl_option [[AND] tsl_option] ...}]
[WITH {GRANT OPTION | resource_option} ...]
GRANT PROXY ON user_specification #這個代理也是語句也是單獨存在
TO user_specification [, user_specification] ...
[WITH GRANT OPTION]
object_type: { #對象類型
TABLE
| FUNCTION
| PROCEDURE
}
priv_level: { #權限的等級分類
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
| db_name.routine_name
}
user_specification: #用戶
user [ auth_option ]
auth_option: { #驗證信息
IDENTIFIED BY 'auth_string'
| IDENTIFIED BY PASSWORD 'hash_string'
| IDENTIFIED WITH auth_plugin
| IDENTIFIED WITH auth_plugin AS 'hash_string'
}
tsl_option: { #SSL類型
SSL
| X509
| CIPHER 'cipher'
| ISSUER 'issuer'
| SUBJECT 'subject'
}
resource_option: { #資源使用定義
| MAX_QUERIES_PER_HOUR count
| MAX_UPDATES_PER_HOUR count
| MAX_CONNECTIONS_PER_HOUR count
| MAX_USER_CONNECTIONS count
}
用戶權限列表,見官方文檔:https://dev.mysql.com/doc/refman/5.6/en/grant.htmlorm
用戶test1當前是沒有任何權限的。假設咱們須要讓他訪問mysql.user表
(test1@localhost)[(none)]> use mysql; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed (test1@localhost)[mysql]> select count(*) from user; +----------+ | count(*) | +----------+ | 4 | +----------+ 1 row in set (0.00 sec) (test1@localhost)[mysql]>
創建一個新數據庫,創建一個新表,對這個表進行訪問以及控制:
(root@localhost)[mysql]> create database sample; Query OK, 1 row affected (0.00 sec) (root@localhost)[mysql]> use sample; Database changed (root@localhost)[sample]> show tables; Empty set (0.00 sec) (root@localhost)[sample]> create table smp (id int,name char(20)); Query OK, 0 rows affected (0.07 sec) (root@localhost)[sample]> grant all privileges on sample.smp to test1; Query OK, 0 rows affected (0.00 sec) (root@localhost)[sample]> select User,Table_name,Table_priv from mysql.tables_priv; +-------+------------+----------------------------------------------------------------------------------------------+ | User | Table_name | Table_priv | +-------+------------+----------------------------------------------------------------------------------------------+ | test1 | user | Select | | test1 | smp | Select,Insert,Update,Delete,Create,Drop,References,Index,Alter,Create View,Show view,Trigger | +-------+------------+----------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) (root@localhost)[sample]>
更多的怎刪改和刪除表
(test1@localhost)[sample]> insert into smp values (1,'abc'); Query OK, 1 row affected (0.00 sec) (test1@localhost)[sample]> select * from smp; +------+------+ | id | name | +------+------+ | 1 | abc | +------+------+ 1 row in set (0.00 sec) (test1@localhost)[sample]> delete from smp; Query OK, 1 row affected (0.00 sec) (test1@localhost)[sample]> select * from smp; Empty set (0.00 sec) (test1@localhost)[sample]> drep table smp; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'drep table smp' at line 1 (test1@localhost)[sample]> drop table smp; Query OK, 0 rows affected (0.00 sec)
drop table 是DDL, 這個時候table已經刪除了,再看看權限:
(root@localhost)[sample]> select User,Table_name,Table_priv from mysql.tables_priv; +-------+------------+----------------------------------------------------------------------------------------------+ | User | Table_name | Table_priv | +-------+------------+----------------------------------------------------------------------------------------------+ | test1 | user | Select | | test1 | smp | Select,Insert,Update,Delete,Create,Drop,References,Index,Alter,Create View,Show view,Trigger | +-------+------------+----------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)
權限依然存在。說明刪除表是不會刪除用戶所擁有的對象權限的。
試試看建回來:
(test1@localhost)[sample]> create table smp (id int,name char(20)); Query OK, 0 rows affected (0.00 sec) (test1@localhost)[sample]> create table smp1 (id int,name char(20)); ERROR 1142 (42000): CREATE command denied to user 'test1'@'localhost' for table 'smp1' (test1@localhost)[sample]>
成功建回來。那麼是否可用在這個數據庫中創建另一張表呢?不行。
對 sample. 層面授予權限。
(root@localhost)[sample]> grant create on sample.* to test1; Query OK, 0 rows affected (0.00 sec) (root@localhost)[sample]> select User,Table_name,Table_priv from mysql.tables_priv; +-------+------------+----------------------------------------------------------------------------------------------+ | User | Table_name | Table_priv | +-------+------------+----------------------------------------------------------------------------------------------+ | test1 | user | Select | | test1 | smp | Select,Insert,Update,Delete,Create,Drop,References,Index,Alter,Create View,Show view,Trigger | +-------+------------+----------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) (root@localhost)[sample]> show grants for test1; +------------------------------------------------------------------------------------------------------+ | Grants for test1@% | +------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'test1'@'%' IDENTIFIED BY PASSWORD '*CFA887C680E792C2DCF622D56FB809E3F8BE63CC' | | GRANT CREATE ON `sample`.* TO 'test1'@'%' | | GRANT ALL PRIVILEGES ON `sample`.`smp` TO 'test1'@'%' | | GRANT SELECT ON `mysql`.`user` TO 'test1'@'%' | +------------------------------------------------------------------------------------------------------+ 4 rows in set (0.00 sec) (root@localhost)[sample]> flush privileges; Query OK, 0 rows affected (0.00 sec)
這個時候,test1用戶有了CREATE ON sample. 。嘗試在數據庫中建立表對象。
(test1@localhost)[sample]> create table smp1 (id int,name char(20)); ERROR 1142 (42000): CREATE command denied to user 'test1'@'localhost' for table 'smp1'
失敗!很奇怪,已經有了權限,仍是失敗。嘗試從新登錄
(test1@localhost)[sample]> exit Bye [mysql@mysql01 ~]$ mysql -utest1 -S /data/mysqldata/3306/mysql.sock -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 25 Server version: 5.6.31-log Source distribution Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. (test1@localhost)[(none)]> (test1@localhost)[(none)]> (test1@localhost)[(none)]> create table smp1 (id int,name char(20)); ERROR 1046 (3D000): No database selected (test1@localhost)[(none)]> use sample; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed (test1@localhost)[sample]> create table smp1 (id int,name char(20)); Query OK, 0 rows affected (0.01 sec)
從新登錄後創建表對象成功。說明普通用戶的權限須要在登錄的時候刷新。
另類方法查看MYSQL全部權限有哪些:
mysql> grant ALL PRIVILEGES ON *.* to test@'localhost' IDENTIFIED BY 'oldboy123' with grant option;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> select user,host from mysql.user;
+------------+---------------------------+
| user | host |
+------------+---------------------------+
| mysql_user | % |
| root | 127.0.0.1 |
| rep | 192.168.1.% |
| alrin | 192.168.1.0/24 |
| alrin | 192.168.1.0/255.255.255.0 |
| root | localhost |
| test | localhost |
+------------+---------------------------+
7 rows in set (0.00 sec)
mysql> show grants for test@localhost
-> ;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for test@localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'test'@'localhost' IDENTIFIED BY PASSWORD '*FE28814B4A8B3309DAC6ED7D3237ADED6DA1E515' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> revoke insert on *.* from 'test'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'test'@'localhost';
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for test@localhost |
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE ON *.* TO 'test'@'localhost' IDENTIFIED BY PASSWORD '*FE28814B4A8B3309DAC6ED7D3237ADED6DA1E515' WITH GRANT OPTION |
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> exit
Bye
[root@mysql01 3307]# mysql -utest -poldboy123 -S /data/3307/mysql.sock -e "show grants for 'test'@'localhost'"| grep GRANT|tail -1| tr ',' '\n' > mysql_all_privileges.txt
Warning: Using a password on the command line interface can be insecure.
[root@mysql01 3307]# mysql -utest -poldboy123 -S /data/3307/mysql.sock -e "show grants for 'test'@'localhost'"| grep GRANT|tail -1| tr ',' '\n' > mysql_all_privileges.txt
[root@mysql01 3307]# cat mysql_all_privileges.txt
GRANT SELECT
UPDATE
DELETE
CREATE
DROP
RELOAD
SHUTDOWN
PROCESS
FILE
REFERENCES
INDEX
ALTER
SHOW DATABASES
SUPER
CREATE TEMPORARY TABLES
LOCK TABLES
EXECUTE
REPLICATION SLAVE
REPLICATION CLIENT
CREATE VIEW
SHOW VIEW
CREATE ROUTINE
ALTER ROUTINE
CREATE USER
EVENT
TRIGGER
CREATE TABLESPACE ON *.* TO 'test'@'localhost' IDENTIFIED BY PASSWORD '*FE28814B4A8B3309DAC6ED7D3237ADED6DA1E515' WITH GRANT OPTION
[root@mysql01 3307]# vi mysql_all_privileges.txt
GRANT SELECT
UPDATE
DELETE
INSERT
CREATE
DROP
RELOAD
SHUTDOWN
PROCESS
FILE
REFERENCES
INDEX
ALTER
SHOW DATABASES
SUPER
CREATE TEMPORARY TABLES
LOCK TABLES
EXECUTE
REPLICATION SLAVE
REPLICATION CLIENT
CREATE VIEW
SHOW VIEW
CREATE ROUTINE
ALTER ROUTINE
CREATE USER
EVENT
TRIGGER
CREATE TABLESPACE ON *.* TO 'test'@'localhost' WITH GRANT OPTION
~
~
~
~
~
~
~
~
~
~
~
~
"mysql_all_privileges.txt" 28L, 370C written
[root@mysql01 3307]#
相關文章
- 1. mysql-權限管理
- 2. MySQL權限管理
- 3. Mysql--權限管理
- 4. mysql權限管理
- 5. mysql 權限管理
- 6. MySQL 權限管理
- 7. mysql——權限管理
- 8. Mysql 權限管理
- 9. 【MySQL】MySQL之權限管理
- 10. MySQL權限管理 - mysql 帳戶權限管理
- 更多相關文章...
- • MySQL刪除用戶權限(REVOKE) - MySQL教程
- • Swarm 集羣管理 - Docker教程
- • 漫談MySQL的鎖機制
- • Docker 清理命令
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. mysql-權限管理
- 2. MySQL權限管理
- 3. Mysql--權限管理
- 4. mysql權限管理
- 5. mysql 權限管理
- 6. MySQL 權限管理
- 7. mysql——權限管理
- 8. Mysql 權限管理
- 9. 【MySQL】MySQL之權限管理
- 10. MySQL權限管理 - mysql 帳戶權限管理