Because of the current business needs, it is necessary to open and authorize a mysql link account for a certain developer in order to better manage the data.
Prerequisites need to enter the mysql command line interface (shell)
View user permissions
show grants;
result:
+-------------------------------------------------------------+
| Grants for root@% |
+-------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION |
+-------------------------------------------------------------+
1 row in set (0.01 sec)
Create mysql user
mysql> CREATE USER 'username'@'host' IDENTIFIED BY 'password';
Command description:
- username: the newly created username, the login name used to link the database
- host: Specify the host on which the user can log in. If it is a local user, localhost can be used. If you want the user to log in from any remote host, you can use the wildcard%
- password: the login password of the user, the password can be empty, if it is empty, the user can log in to the server without a password
List some common creation examples:
mysql> CREATE USER 'mumu'@'localhost' IDENTIFIED BY '123456'; # 只能本地登录
mysql> CREATE USER 'thomas'@'192.168.1.73' IDENDIFIED BY '123456';# 仅限192.168.1.73登录
mysql> CREATE USER 'lin'@'%' IDENTIFIED BY '123456'; # 任意远程主机,需要密码
mysql> CREATE USER 'huea'@'%' IDENTIFIED BY '';# 任意远程主机,无需密码
mysql> CREATE USER 'thomas'@'%';# 任意远程主机,无需密码
The above has completed the creation of the user, and the user can successfully connect, but once the database is added, deleted, modified, and checked, an error will be reported:
(INSERT、DROP、UPDATE、SELECT、CREATE, ALTER等)command denied to user 'xxx'@'localhost' for table 'table'
This problem occurs because the user does not have these permissions. The solution is to authorize the user to add, delete, modify, and check permissions.
User authorization
mysql> GRANT privileges ON databasename.tablename TO 'username'@'host'
Command description:
- privileges: The permissions to be granted to the user, such as INSERT, DROP, UPDATE, SELECT, CREATE, ALTER, etc.
- databasename: database, if you want to grant the user the corresponding operation permissions on all databases and tables, it can be expressed, such as .*
- tablename: data table, if you want to grant the user the corresponding operation permissions on all databases and tables, it can be expressed, such as .*
- username: username, login name used to link to the database
- host: Specify the host on which the user can log in. If it is a local user, localhost can be used. If you want the user to log in from any remote host, you can use the wildcard%
List some common creation examples:
mysql> GRANT SELECT, INSERT ON test.user TO 'thomas'@'%'; # 给thomas分配test库的user表查询、插入权限
mysql> GRANT ALL ON *.* TO 'thomas'@'%'; # 给thomas分配所有库所有表的所有权限
mysql> GRANT ALL ON test.* TO 'thomas'@'%'; # 给thomas分配test库的所有表的所有权限
Note: In the above authorization method, the user is authorized to authorize, the user does not have the authority to create new users, and does not have the authority to authorize users
- Create user
mysql> CREATE USER 'lin'@'%' IDENTIFIED BY '123456';
1227 - Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation
- User authorization
mysql> GRANT INSERT ON `comment`.* TO 'lin'@'%';
1044 - Access denied for user 'lin'@'%' to database 'comment'
If you want the created user to be authorized to create and authorize permissions, you need to use the following command:
mysql> GRANT privileges ON databasename.tablename TO 'username'@'host' WITH GRANT OPTION;
That is, add'WITH GRANT OPTION' after the general authorized command. If you want the executed command to take effect immediately, you can execute the following command after executing the statement:
mysql> FLUSH PRIVILEGES;
The essence of the FLUSH PRIVILEGES command is to extract the user information/privilege settings in the current user and privilige tables from the mysql library (the built-in library of the MySQL database) into the memory. After the MySQL user data and permissions are modified, if you want to take effect directly without restarting the MySQL service, then you need to execute this command. Usually after modifying the settings of the ROOT account, if you are afraid that you will not be able to log in after restarting, you can see whether the permission settings take effect directly after flushing. Without taking too much risk!!
Set and change user password
SET PASSWORD FOR 'username'@'host' = '123456';
ALTER USER 'root'@'localhost' IDENTIFIED BY '123456';
If it is currently logged in user:
SET PASSWORD = '123456';
Revoke user permissions
The syntax of REVOKE is similar to GRANT, just replace the keyword "to" with "from":
REVOKE privilege ON databasename.tablename FROM 'lin'@'host';
delete users
DROP USER 'lin'@'host';