MySQL user management and authorization
One, user management
1.1 New user
CREATE USER '用户名'@i来源地址’「IDENTIFIED BY [PASSwORD] '密码'];
'Username'
specifies the username that will be created
'Source address'
specifies which hosts the newly created user can log in on. It can be in the form of IP address, network segment, and host name. Local users can use localhost, and any host can log in with wildcard%
'Password'
if the plaintext passwords, enter the 'password', is inserted into the database automatically encrypted by Nysql;
if encrypted passwords need to use the SELECT PASSWORD ( 'password'); obtaining the ciphertext, add PASSWORD in the statement ' Ciphertext';
if the "IDENTIFIED BY" part is omitted, the user's password will be empty (not recommended)
1.2 View user information
The created user is saved in the user table of the mysql database
use mysql;
select user,authentication_string,Host from user;
1.3 Rename user
RENAME USER 'zhangsan'@'localhost' TO 'lisi'@'localhost';
1.4 Delete user
DROP USER 'lisi'@'localhost' ;
1.5 Modify the password of the currently logged in user
SET PASSWORD = PASSWORD('abc123');
1.6 Modify other user password
SET PASSWORD FOR 'user1'@'localhost' = PASSWORD('abc123');
1.7 Solutions for forgetting the root password
①Modify /etc/my.cnf configuration file, log in to mysql directly without password
vim /etc/my.cnf
[mysqld]
skip-grant-tables #添加,使登录mysq1不使用授权表
systemctl restart mysqld
mysql #直接登录
②Use update to modify the root password and refresh the database
UPDATE mysql.user SET AUTHENTICATION_STRING = PASSWORD('abc123') where user='root';
FLUSH PRIVILEGES;
quit
mysql -u root -pabc123
Note: Finally delete the skip-grant-tables in the /etc/my.cnf configuration file and restart the mysql service
Two, database user authorization
2.1 Grant permissions
GRANT statement: specifically used to set access permissions for database users.
When the specified user name does not exist, the GRANT statement will create a new user.
When the specified user name exists, the GRANT statement is used to modify the user information.
GRANT 权限列表 ON 数据库名.表名 TO '用户名'@'来源地址' [IDENTIFIED BY '密码'];
The permission list is
used to list various database operations authorized to be used, separated by commas, such as "select, insert, update". Use "all" to indicate all permissions, and any operation can be authorized.
Database name. Table name It is
used to specify the name of the database and table for authorization operation, in which wildcard " " can be used . For example, use "kgc. " to indicate that the authorized operation objects are all tables in the kgc database.
'Username@source address' is
used to specify the user name and the client address allowed to access, that is, who can connect and where. The source address can be a domain name, an IP address, and the "%" wildcard can also be used to indicate all addresses in a certain area or network segment, such as "%.wt.com", "192.168.153.%", etc.
IDENTIFIED BY is
used to set the password string used by the user to connect to the database. When creating a new user, if the "IDENTIFIED BY" part is omitted, the user's password will be blank.
Example 1: Allow user lisi to query the data records of all tables in the SCHOOL database locally, but prohibit querying the records of tables in other databases.
grant select on SCHOOL.* TO ' lisi'@'localhost' identified by '123456';
Example 2: Allow user zhangsan to remotely connect to mysql in the local terminal and have all permissions.
grant all privileges on *.* to 'zhangsan'@'localhost' identified by'123456';
flush privileges;
2.2 View permissions
SHOW GRANTS FOR '用户名'@'来源地址';
2.3 Revoke permissions
REVOKE 权限列表 ON 数据库名.表名 FROM '用户名'@'来源地址';
The USAGE permission can only be used for database login, and no operations can be performed. The
USAGE permission cannot be recovered, that is, REVOKE cannot delete the user.