用户账户管理:
'Username'@'Hostname'
Username:任意的字符串组合,只能包含基本意义的字符;可以包含"_"、"."、"-";
Hostname:可以为FQDN(完全合格域名),域名,IP地址,可使用MySQL通配符"_"代表任意单个字符"%"代表任意多个任意字符;
创建用户账户:
CREATE USER语句:
CREATE USER user [IDENTIFIED BY [PASSWORD] 'password' | IDENTIFIED WITH auth_plugin [AS 'auth_string']]
示例:
MariaDB [mysql]> create user 'testuser'@'%';
MariaDB [mysql]> create user 'testuser'@'%' identified by 'qhdlink';
也可以使用DML语句创建用户账户:
INSERT INTO mysql.user SET User='testuser',Host='%',Password=PASSWORD('qhdlink');
示例:
MariaDB [mysql]> insert into user set User='user1',Host='%',Password=PASSWORD('qhdlink'),ssl_cipher='',x509_issuer='',x509_subject='',authentication_string='';
重命名用户账户:
RENAME USER语句:
RENAME USER old_user TO new_user [, old_user TO new_user] ...
示例:
MariaDB [mysql]> rename user 'testuser'@'%' to 'test'@'172.16.%.%';
也可以使用DML语句重命名用户账户:
示例:
MariaDB [mysql]> update user set User='user01',Host='172.16.75.%' where User='user1';
删除用户账户:
DROP USER语句:
DROP USER user [, user] ...
示例:
MariaDB [mysql]> drop user 'test'@'172.16.%.%';
也可以使用DML语句删除用户账户:
示例:
MariaDB [mysql]> delete from user where User='user01';
用户账户的密码管理:
1.SET PASSWORD语句:
SET PASSWORD [FOR user] = { PASSWORD('cleartext password') | OLD_PASSWORD('cleartext password') | 'encrypted password' }
示例:
MariaDB [mysql]> set password for 'test'@'%' = PASSWORD('qhdlink');
2.也可以使用DML语句修改用户账户密码:(向该数据库中插入一条数据)
示例:
MariaDB [mysql]> update user set Password=PASSWORD('qhdlink.com') where User='test';
3.mysqladmin工具:
# mysqladmin -uUSERNAME -hHOSTNAME -p password 'NEW_PASSWORD'
注意:执行此操作的MySQL用户需要对mysql.user表有修改权限;
忘记MySQL管理员的密码的解决办法:
方法一:
1.停止当前的MySQL或MariaDB服务;
2. 在/etc/my.cnf文件中加入下列两条服务器参数:
skip-grant-tables = ON
skip-networking = ON
3.启动MySQL或MariaDB服务,使用mysql或mysqladmin客户端工具以空秘密的root用户登录,进行root用户的密码修改;
4.从/etc/my.cnf中删除上述两条服务器参数,再重启服务即可;
方法二:
1.停止当前的MySQL或MariaDB服务;
2.使用命令启动MySQL服务:
# mysqld_safe --skip-grant-tables --skip-networking
3.启动另一个会话连接,并使用mysql或mysqladmin客户端工具以空密码的root用户的身份修改其密码;
4.kill掉此前的mysqld-safe及衍生的mysqld服务;
5.再正常启动服务即可;
用户授权管理(当用户不存在时自动创建该用户):
GRANT语句:
GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
[WITH with_option ...]
priv_type:
SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, RELOAD, REPLICATION CLIENT, REPLICATION SLAVE, SHUTDOWN, FILE, SHOW DATABASES, PROCESS, SUPER
object_type:
TABLE | FUNCTION | PROCEDURE
priv_level:
* | *.* | db_name.* | db_name.tbl_name | tbl_name | db_name.routine_name
*:表示所有的数据库;
*.*:表示所有数据库中的所有表对象;
db_name.*:表示指定数据库中的所有表对象;
db_name.tbl_name:表示指定数据库中的指定的表对象;
tbl_name:表示当前正在使用的数据库中的指定的表对象;
db_name.routine_name:表示指定数据库中的指定存储函数后存储过程对象;通常需要使用object_type参数共同决定;
user_specification:
user [ IDENTIFIED BY [PASSWORD] 'password' | IDENTIFIED WITH auth_plugin [AS 'auth_string' ] ]
ssl_option:
SSL | X509 | CIPHER 'cipher' | ISSUER 'issuer' | SUBJECT 'subject'
with_option:
GRANT OPTION | MAX_QUERIES_PER_HOUR count | MAX_UPDATES_PER_HOUR count | MAX_CONNECTIONS_PER_HOUR count | MAX_USER_CONNECTIONS count
示例:
MariaDB [mysql]> grant all privileges on hellodb.* to 'test'@'%';
MariaDB [mysql]> grant select,update on hellodb.students to 'test'@'%';
MariaDB [mysql]> grant select(Name,Age,ClassID) on hellodb.students to 'test'@'%';
也可以对某些基本表创建视图之后,再对视图进行用户权限授权:
MariaDB [hellodb]> create view stu_base as select Name,Age,ClassID from students;
MariaDB [hellodb]> grant all on hellodb.stu_base to 'test'@'%';
取消授权/收回授权:
REVOKE语句:
REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ...
ON [object_type] priv_level
FROM user [, user] ...
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...
示例:
MariaDB [mysql]> revoke delete on hellodb.* from 'test'@'%';
MariaDB [mysql]> revoke all on hellodb.students from 'test'@'%';
MariaDB [mysql]> revoke select(Age,ClassID) on hellodb.students from 'test'@'%';
注意:在取消已经做出的授权时,REVOKE语句所指定的priv_level部分应该和授权时GRANT语句所指定的priv_level保持绝对一致;否则判定此次取消授权的操作失败;
示例:前提是testdb数据库中包含有tb1和tb2两张表;
MariaDB [testdb]> grant all on testdb.* to 'test'@'%';
MariaDB [testdb]> revoke all on testdb.tb2 from 'test'@'%';
ERROR 1147 (42000): There is no such grant defined for user 'test' on host '%' on table 'tb2'
正确的取回授权的方式:
MariaDB [testdb]> revoke all on testdb.* from 'test'@'%';
MariaDB [testdb]> grant all on testdb.tb1 to 'test'@'%';
此时,'test'@'%'用户就只有对testdb数据库中tb2表有所有操作权限;
查看用户的授权:
SHOW GRANTS语句:
SHOW GRANTS [FOR user]