================================

©Copyright Sweet Potato Yao2021-12-31

First, root user authorization

The root user authorization is used to specify the IP user to log in to the root user, which is convenient for management

1. Create a root user for remote login with a specified IP (eg: 192.168.1.100) and set a password

CREATE USER 'root'@'192.168.1.100' IDENTIFIED BY '密码';

2. The root user specifies IP authorization and grants all permissions

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.1.100' WITH GRANT OPTION;

WITH GRANT OPTION: Indicates that the user can authorize the permissions he has to others

Authorization command:

GRANT privileges ON databasename.tablename TO 'username'@'host';

GRANT privileges ON databasename.tablename TO 'username'@'host' WITH GRANT OPTION;

3. Refresh permissions

FLUSH PRIVILEGES;

2. Create appUser application user and authorize

1. Create appUser and allow local login

CREATE USER 'appUser'@'localhost' IDENTIFIED BY '密码';

2. Create an appUser to allow the application server to log in

CREATE USER 'appUser'@'192.168.2.200' IDENTIFIED BY '密码';

3. Create appUser to allow the specified IP user (192.168.1.100) to log in

CREATE USER 'appUser'@'192.168.1.100' IDENTIFIED BY '密码';

4. appUser authorization

(The official environment does not have drop permission), when reporting an error: remember to create the database and table first

GRANT ALTER,CREATE,SELECT,INSERT,UPDATE,DELETE,
CREATE ROUTINE,ALTER ROUTINE,EXECUTE,INDEX,CREATE VIEW,SHOW VIEW,REFERENCES
 ON 数据库名称.* TO 'appUser';

5. Refresh permissions

FLUSH PRIVILEGES;

3. Create readUser read-only user and authorize

1. Create a readUser user and set a password to allow all places to log in

CREATE USER 'readUser'@'%' IDENTIFIED BY '密码';

2. Authorization, granting permissions to query tables and query views

GRANT SELECT,SHOW VIEW ON 数据库名称.* TO 'readUser';

3. Refresh permissions

FLUSH PRIVILEGES;

Fourth, view the user's permissions

SHOW GRANTS FOR 'root'@'localhost';
SHOW GRANTS FOR 'root'@'192.168.1.100';
SHOW GRANTS FOR 'appUser';
SHOW GRANTS FOR 'readUser'@'%';

Five, Mysql view user table

use mysql;

select * from user;

Six, Mysql database permissions list


ALTER：	Allows use of ALTER TABLE.修改表
CREATE：	Allows use of CREATE TABLE.创建表
CREATE TEMPORARY TABLES：	Allows use of CREATE TEMPORARY TABLE.创建临时表
DROP：		Allows use of DROP TABLE.删除表,删除数据表或数据库
SELECT：	Allows use of SELECT. 查询
INSERT：	Allows use of INSERT. 插入
UPDATE：	Allows use of UPDATE. 更新
DELETE：	Allows use of DELETE.删除表数据
EXECUTE：	Allows the user to run stored routines. 执行存储过程
INDEX：	Allows use of CREATE INDEX and DROP INDEX.创建和删除索引
CREATE VIEW：	Allows use of CREATE VIEW.创建视图
SHOW VIEW：	Allows use of SHOW CREATE VIEW.查看创建的视图
REFERENCES：	授予用户可以创建一个外键来参照特定数据表的权限。
CREATE ROUTINE：表示授予用户可以为特定的数据库创建存储过程和存储函数的权限。
ALTER ROUTINE：表示授予用户可以更新和删除数据库中已有的存储过程和存储函数的权限。
ALL 或 ALL PRIVILEGES：所有的权限名。(和root一样)
usage: 只允许登录--其它什么也不允许做

7. Recommendations for database authorization in production environment

8. Mysql reclaims permissions and revokes user permissions

Recycling permission use: REVOKE

REVOKE privilege ON databasename.tablename FROM 'username'@'host';

Example:

REVOKE SELECT ON *.* FROM 'appUser'@'localhosts';


REVOKE ALTER,CREATE,DROP,SELECT,INSERT,UPDATE,DELETE,
CREATE ROUTINE,ALTER ROUTINE,EXECUTE,INDEX,CREATE VIEW,SHOW VIEW,
REFERENCES,CREATE TEMPORARY TABLES 
ON *.* FROM 'appUser';

#刷新权限
FLUSH PRIVILEGES;

Nine, Mysql delete user

DROP USER 'username';

DROP USER 'username'@'host';

Ten, Mysql set password, modify user password

SET PASSWORD FOR 'username'@'host' = PASSWORD('newpassword');

If you are currently logged in to change the password, you can use:

SET PASSWORD = PASSWORD("newpassword");

The root user changes passwords for other users, for example:

SET PASSWORD FOR 'appUser'@'localhost' = PASSWORD("123456");

(Time is precious, sharing is not easy, donate and give back, ^_^)