MySQL 8.0用户及安全管理
用户的功能
1、登录数据库 2、管理数据库对象
注意:mysql的用户和系统登录的用户没有关系
用户的组成
用户名@'白名单'
白名单:
% 10.0.0.10 10.0.0.% 10.0.0.5% 10.0.0.0/255.255.254.0 oldguo.com db01 127.0.0.1 localhost ----> socket
用户的管理
创建用户(密码加密插件的区别)
sha2 : 8.0新的特性 create user test@'localhost' identified by '123456'; native: 兼容老版本 create user test@'10.0.0.%' identified with mysql_native_password by '123456';
mysql> select user,host,authentication_string,plugin from mysql.user where user='test'; +------+-----------+------------------------------------------------------------------------+-----------------------+ | user | host | authentication_string | plugin | +------+-----------+------------------------------------------------------------------------+-----------------------+ | test | 10.0.0.% | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 | mysql_native_password | | test | localhost | $A$005$N]i!&l5mc<\]LLWHVU6M3YoRDkeSbKtTpDAary4WGFMtmapVJxyNwnd0 | caching_sha2_password | +------+-----------+------------------------------------------------------------------------+-----------------------+ 2 rows in set (0.01 sec)
删除用户
mysql> drop user test@'10.0.0.%'; Query OK, 0 rows affected (0.00 sec)
修改用户
mysql> alter user test@'localhost' identified with mysql_native_password by '123'; Query OK, 0 rows affected (0.00 sec)
由于加密插件导致无法登录
- 主从复制
- 高可用
- 老版本开发工具
mysql> create user test1@'%' identified by '123456'; Query OK, 0 rows affected (0.00 sec)
用户资源管理
密码过期时间
mysql> select @@default_password_lifetime; +-----------------------------+ | @@default_password_lifetime | +-----------------------------+ | 0 | 默认:密码永不过期 +-----------------------------+ 1 row in set (0.00 sec)
设置密码时效
# 设置密码有效期为180天
mysql> SET PERSIST default_password_lifetime = 180; Query OK, 0 rows affected (0.00 sec) mysql> select @@default_password_lifetime; +-----------------------------+ | @@default_password_lifetime | +-----------------------------+ | 180 | +-----------------------------+ 1 row in set (0.00 sec)
CREATE USER 'test'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY; ALTER USER test@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY; CREATE USER 'test'@'localhost' PASSWORD EXPIRE NEVER; ALTER USER 'test'@'localhost' PASSWORD EXPIRE NEVER;
密码重用
默认随意重复使用
password_history=6 # 6次之内不能重复使用此密码 password_reuse_interval=365 # 365天之内不能重复使用此密码
用户的锁定与解锁
ALTER USER 'app_dev'@'localhost' ACCOUNT LOCK; ALTER USER 'app_dev'@'localhost' ACCOUNT UNLOCK;
权限管理
权限列表
mysql> show privileges;
常用权限:
Alter
Alter routine
Create
Create routine
Create role
Create temporary tables
Create view
Create user
Delete
Drop
Drop role
Event
Execute
File
Grant option
Index
Insert
Lock tables
Process
Proxy
References
Reload
Replication client
Replication slave
Select
Show databases
Show view
Shutdown
Super
Trigger
Create tablespace
Update
授权
8.0版本不能授权和设置密码一起写,多次授权同一用户是叠加权限而不是覆盖
mysql> grant all on *.* to zh@'localhost';
查看权限
mysql> show grants for zh@'localhost' ; +----------------------------------------+ | Grants for zh@localhost | +----------------------------------------+ | GRANT USAGE ON *.* TO `zh`@`localhost` | ##Usage表示只有连接库权限 +----------------------------------------+ 1 row in set (0.00 sec)
对某一列授权
回收权限
mysql> revoke delete on *.* from zh@'localhost'; Query OK, 0 rows affected (0.01 sec) mysql> revoke select(id) on test.account from user1@'10.0.0.%'; Query OK, 0 rows affected (0.00 sec)
基于role的创建和授权
查看所有role
生产中的用户类型权限规范
管理员 : ALL 开发 : Create ,Create routine,Create temporary tables,Create view,Delete ,Event ,Execute,Insert ,References,Select,Show databases ,Show view ,Trigger,Update 监控 : select , replication slave , client supper 备份 : ALL 主从 : replication slave 业务 : insert , update , delete ,select
posted on 2020-05-24 22:05 hopeless-dream 阅读(603) 评论(0) 编辑 收藏 举报
