MySQL Crash Course #20# Chapter 28. Managing Security

限制用户的操作权限并不是怕有人恶意搞破坏,而是为了减少失误操作的可能性。

详细文档:https://dev.mysql.com/doc/refman/8.0/en/user-account-management.html

关于用户的信息都存储在 mysql 数据库下的 user 表中,查看所有用户名:

mysql> USE mysql;

mysql> SELECT user FROM user;
+------------------+
| user             |
+------------------+
| root             |
| root             |
| root             |
| debian-sys-maint |
| root             |
+------------------+
5 rows in set (0.04 sec)

创建新用户:

CREATE USER 'new_guy'@'localhost' IDENTIFIED BY '123456';
-- 创建一个叫 new_guy 的账号,只允许在 localhost 登陆,密码为 123456

明文密码会被加密为 HASH 码存储到 user 表中:

mysql> SELECT host, user, password FROM user WHERE user='new_guy';

+-----------+---------+-------------------------------------------+
| host      | user    | password                                  |
+-----------+---------+-------------------------------------------+
| localhost | new_guy | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+-----------+---------+-------------------------------------------+
1 row in set (0.00 sec)

 可以通过下面的语句查看用户的详细信息:

SELECT * FROM user WHERE user='new_guy'\G

没有被赋予任何权限的新用户几乎是什么都做不了:

-- 授权
GRANT SELECT ON mysqlCrash.* TO 'new_guy'@'localhost';
-- 剥夺权限
REVOKE SELECT ON mysqlCrash.* FROM 'new_guy'@'localhost';
-- 查看用户权限
SHOW GRANTS FOR 'new_guy'@'localhost';

GRANT and REVOKE can be used to control access at several levels:

  • Entire server, using GRANT ALL and REVOKE ALL

  • Entire database, using ON database.*

  • Specific tables, using ON database.table

  • Specific columns

  • Specific stored procedures

Table 28.1 lists each of the rights and privileges that may be granted or revoked.

Table 28.1. Rights and Privileges

Privilege

Description

ALL

All privileges except GRANT OPTION

ALTER

Use of ALTER TABLE

ALTER ROUTINE

Use of ALTER PROCEDURE and DROP PROCEDURE

CREATE

Use of CREATE TABLE

CREATE ROUTINE

Use of CREATE PROCEDURE

CREATE TEMPORARY TABLES

Use of CREATE TEMPORARY TABLE

CREATE USER

Use of CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES

CREATE VIEW

Use of CREATE VIEW

DELETE

Use of DELETE

DROP

Use of DROP TABLE

EXECUTE

Use of CALL and stored procedures

FILE

Use of SELECT INTO OUTFILE and LOAD DATA INFILE

GRANT OPTION

Use of GRANT and REVOKE

INDEX

Use of CREATE INDEX and DROP INDEX

INSERT

Use of INSERT

LOCK TABLES

Use of LOCK TABLES

PROCESS

Use of SHOW FULL PROCESSLIST

RELOAD

Use of FLUSH

REPLICATION CLIENT

Access to location of servers

REPLICATION SLAVE

Used by replication slaves

SELECT

Use of SELECT

SHOW DATABASES

Use of SHOW DATABASES

SHOW VIEW

Use of SHOW CREATE VIEW

SHUTDOWN

Use of mysqladmin shutdown (used to shut down MySQL)

SUPER

Use of CHANGE MASTER, KILL, LOGS, PURGE MASTER, and SET GLOBAL. Also allows mysqladmin debug login.

UPDATE

Use of UPDATE

USAGE

No access

删除用户用 DROP USER xxx 就可以了。

更多杂七杂八的操作,请参考 MySQL 8.0 Reference Manual  /  

 

posted @ 2018-04-25 20:46  xkfx  阅读(182)  评论(0编辑  收藏  举报