记录 MySQL的学习过程（3） 用户权限篇

mysql的权限

1.用户的定义

  用户名@'白名单'

username@'%'
username@'localhost'
username@'10.0.0.%'
username@'10.0.0.5%'
username@'10.0.0.0/255.255.254.0'
username@'10.0.%.%'

2.用户的增删改查

a.创建，查询用户
mysql> create user tomuser@'10.0.0.%' identified by 'password';
Query OK, 0 rows affected (0.01 sec)

mysql> select user,host from mysql.user;
+---------------+-----------+
| user          | host      |
+---------------+-----------+
| tomuser       | 10.0.0.%  |
| mysql.session | localhost |
| mysql.sys     | localhost |
| root          | localhost |
+---------------+-----------+
4 rows in set (0.00 sec)


在mysql 8.0之前
还可以直接使用grant命令来实现上面的效果，但是8.0开始就必须先create用户再授权

mysql> grant all on *.* to jerry@'10.0.0.%' identified by 'password';
Query OK, 0 rows affected, 1 warning (0.00 sec)


b.修改用户信息

 alter user jerry@'10.0.0.%' identified by '123456';

c.删除用户

 drop user jerry@'10.0.0.%';
 

3.权限管理


8.0之前可以直接给权限，比如select update ，8.0之后使用role 设定权限绑定role然后赋给用户

权限列表

ALL:
SELECT,INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW

DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT,

CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE
ALL : 以上所有权限，一般是普通管理员拥有的
with grant option：超级管理员才具备的，给别的用户授权的功能（放到命令的最后面）

授权命令


 grant all on *.* to jerry@'10.0.0.%' identified by 'password';

 grant 权限 on 库.表 to 用户@'白名单' identified by '密码';

4.小练习

a.创建一个管理员用户 root 可以访问10网段，管理以及授权

grant all on *.* to root@'10.0.0.%' identified by '123' with grant option;

b.创建一个应用用户wordpress 可以使用10网段，在wordpress库下进行select insert update delete 操作


grant SELECT,INSERT,UPDATE,DELETE on wordpress.* to wordpress@'10.0.0.%' identified by '123';


5.权限回收

先来查看用户权限
mysql> show grants for  wordpress@'10.0.0.%';
+---------------------------------------------------------------------------------+
| Grants for wordpress@10.0.0.%                                                   |
+---------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'wordpress'@'10.0.0.%'                                    |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `wordpress`.* TO 'wordpress'@'10.0.0.%' |
+---------------------------------------------------------------------------------+

其中 GRANT USAGE ON *.* TO 'wordpress'@'10.0.0.%'  这一条在创建用户后默认就会存在，表示拥有可以仅登录的权限

下面我们回收这个用户的delete权限，使用revoke命令


mysql> revoke delete on wordpress.* from 'wordpress'@'10.0.0.%';
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for  wordpress@'10.0.0.%';
+-------------------------------------------------------------------------+
| Grants for wordpress@10.0.0.%                                           |
+-------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'wordpress'@'10.0.0.%'                            |
| GRANT SELECT, INSERT, UPDATE ON `wordpress`.* TO 'wordpress'@'10.0.0.%' |
+-------------------------------------------------------------------------+
2 rows in set (0.00 sec)