1. MySQL logical structure
1.1 Comparison of MySQL logical structure and Linux
MySQL Linux
library directory/folder
Table files (file name, content, permissions)
Everything in Linux is a file. Everything in Linux is a command.
Everything is a table in MySQL. Everything in MySQL is SQL.
1.2 Features of MySQL logical objects
Library: library name + library attribute
Table: column (column name + column attribute) + row (metadata + data) + table attribute + table name
2. Physical structure
2.1 Macro perspective
ll /data/mysql
User table storage engine: MyISAM
user.frm stores data dictionary information (column related information)
user.MYD stores data rows
user.MYI stores index
slave_master_info table storage engine: Innodb
slave_master_info.frm stores data dictionary information (column related information)
slave_master_info.ibd stores data rows and indexes
2.2 Microscopic view
Segment: segments A table is a segment (data segment, rollback segment), composed of 1-N areas
Area: extents, also known as clusters, are composed of 64 connected pages, with a default size of 1M
Page: page X.ibd allocates the smallest IO unit in MySQL, the default size is 16KB, and 4 OS blocks connected
Block: OS block format mkfs file system block, the default is a 4KB block, which is 8 consecutive sectors.
Sector: Sector defaults to 512B, a continuous disk area with a length of 512 bytes
The design concepts of sectors, OS Block, PAGE, extents, and segments are all to be able to program----->OS ---->HDisk, from logic to physical operations, to ensure as much "continuous" IO as possible.
3. Rights Management
3.1 The role of permissions
The role of linux?
Restrict and control what operations users can do with linux files.
The permissions belong to the attributes of the file.
The role of mysql?
Restrict and control what operations users can do with objects (libraries, tables) in mysql.
The permissions belong to the attributes of the user.
3.2 Permission definition
linux中的权限: rwx(421)
mysql中的权限:
8.0以前:基于命令方式的授权。 ---以命令为授权粒度
8.0以后:加入了role(角色)方式授权。
通过以下命令,可以查看可授权的列表
mysql> show privileges;
all privileges include all privileges in the show privileges list, except for Grant option.
Note: Users can only log in without authorization.
3.3 Rights Management
1. Super administrator user authorization
version 5.7:
Syntax: grant permission on permission scope to user identified by password;
grant all on . To ansel@'10.0.0.%' identified by '123' with grant option;
version 8.0:
ROLE Create a new permission group, use the created role directly when authorizing
创建角色:
CREATE ROLE 'app_developer', 'app_read', 'app_write';
角色授权:
GRANT ALL ON app_db.* TO 'app_developer';
GRANT SELECT ON app_db.* TO 'app_read';
GRANT INSERT, UPDATE, DELETE ON app_db.* TO 'app_write';
创建用户:
CREATE USER 'dev1'@'localhost' IDENTIFIED BY 'dev1pass';
CREATE USER 'read_user1'@'localhost' IDENTIFIED BY 'read_user1pass';
CREATE USER 'read_user2'@'localhost' IDENTIFIED BY 'read_user2pass';
CREATE USER 'rw_user1'@'localhost' IDENTIFIED BY 'rw_user1pass';
授权用户角色
GRANT 'app_developer' TO 'dev1'@'localhost';
GRANT 'app_read' TO 'read_user1'@'localhost', 'read_user2'@'localhost';
GRANT 'app_read', 'app_write' TO 'rw_user1'@'localhost';
Scope of authority: which objects the user can operate.
. ====> chmod -R 777 / full library level, administrator user
ansel.* ====> chmod -R 777 /ansel/* single library level, ordinary user
ansel.t1 ====> chmod- R 777 /ansel/t1 single table level, common user
2. Authorize an ordinary user
test@'10.0.0.%'
permissions: select, delete, update, insert
range: test.*
grant select,update,delete,insert on test.* to test@'10.0.0.%' identified by '123456';
查看授权:
mysql> show grants for test@'10.0.0.%';
回收权限:
mysql> revoke delete on test.* from test@'10.0.0.%';
mysql> show grants for test@'10.0.0.%';
3.4 Introduction to the authorization form
select * from mysql.user\G
select * from mysql.db\G
select * from mysql.tables_priv\G
For more exciting content, please follow the WeChat public account to view
