================================
©Copyright Sweet Potato Yao2021-12-31
Sweet Potato Yao's Blog - CSDN Blog
First, root user authorization
The root user authorization is used to specify the IP user to log in to the root user, which is convenient for management
1. Create a root user for remote login with a specified IP (eg: 192.168.1.100) and set a password
CREATE USER 'root'@'192.168.1.100' IDENTIFIED BY '密码';
2. The root user specifies IP authorization and grants all permissions
GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.1.100' WITH GRANT OPTION;
WITH GRANT OPTION: Indicates that the user can authorize the permissions he has to others
Authorization command:
GRANT privileges ON databasename.tablename TO 'username'@'host';
GRANT privileges ON databasename.tablename TO 'username'@'host' WITH GRANT OPTION;
3. Refresh permissions
FLUSH PRIVILEGES;
2. Create appUser application user and authorize
1. Create appUser and allow local login
CREATE USER 'appUser'@'localhost' IDENTIFIED BY '密码';
2. Create an appUser to allow the application server to log in
CREATE USER 'appUser'@'192.168.2.200' IDENTIFIED BY '密码';
3. Create appUser to allow the specified IP user (192.168.1.100) to log in
CREATE USER 'appUser'@'192.168.1.100' IDENTIFIED BY '密码';
4. appUser authorization
(The official environment does not have drop permission), when reporting an error: remember to create the database and table first
GRANT ALTER,CREATE,SELECT,INSERT,UPDATE,DELETE,
CREATE ROUTINE,ALTER ROUTINE,EXECUTE,INDEX,CREATE VIEW,SHOW VIEW,REFERENCES
ON 数据库名称.* TO 'appUser';
5. Refresh permissions
FLUSH PRIVILEGES;
3. Create readUser read-only user and authorize
1. Create a readUser user and set a password to allow all places to log in
CREATE USER 'readUser'@'%' IDENTIFIED BY '密码';
2. Authorization, granting permissions to query tables and query views
GRANT SELECT,SHOW VIEW ON 数据库名称.* TO 'readUser';
3. Refresh permissions
FLUSH PRIVILEGES;
Fourth, view the user's permissions
SHOW GRANTS FOR 'root'@'localhost';
SHOW GRANTS FOR 'root'@'192.168.1.100';
SHOW GRANTS FOR 'appUser';
SHOW GRANTS FOR 'readUser'@'%';
Five, Mysql view user table
use mysql;
select * from user;
Six, Mysql database permissions list
ALTER: Allows use of ALTER TABLE.修改表
CREATE: Allows use of CREATE TABLE.创建表
CREATE TEMPORARY TABLES: Allows use of CREATE TEMPORARY TABLE.创建临时表
DROP: Allows use of DROP TABLE.删除表,删除数据表或数据库
SELECT: Allows use of SELECT. 查询
INSERT: Allows use of INSERT. 插入
UPDATE: Allows use of UPDATE. 更新
DELETE: Allows use of DELETE.删除表数据
EXECUTE: Allows the user to run stored routines. 执行存储过程
INDEX: Allows use of CREATE INDEX and DROP INDEX.创建和删除索引
CREATE VIEW: Allows use of CREATE VIEW.创建视图
SHOW VIEW: Allows use of SHOW CREATE VIEW.查看创建的视图
REFERENCES: 授予用户可以创建一个外键来参照特定数据表的权限。
CREATE ROUTINE:表示授予用户可以为特定的数据库创建存储过程和存储函数的权限。
ALTER ROUTINE:表示授予用户可以更新和删除数据库中已有的存储过程和存储函数的权限。
ALL 或 ALL PRIVILEGES:所有的权限名。(和root一样)
usage: 只允许登录--其它什么也不允许做
7. Recommendations for database authorization in production environment
8. Mysql reclaims permissions and revokes user permissions
Recycling permission use: REVOKE
REVOKE privilege ON databasename.tablename FROM 'username'@'host';
Example:
REVOKE SELECT ON *.* FROM 'appUser'@'localhosts';
REVOKE ALTER,CREATE,DROP,SELECT,INSERT,UPDATE,DELETE,
CREATE ROUTINE,ALTER ROUTINE,EXECUTE,INDEX,CREATE VIEW,SHOW VIEW,
REFERENCES,CREATE TEMPORARY TABLES
ON *.* FROM 'appUser';
#刷新权限
FLUSH PRIVILEGES;
Nine, Mysql delete user
DROP USER 'username';
DROP USER 'username'@'host';
Ten, Mysql set password, modify user password
SET PASSWORD FOR 'username'@'host' = PASSWORD('newpassword');
If you are currently logged in to change the password, you can use:
SET PASSWORD = PASSWORD("newpassword");
The root user changes passwords for other users, for example:
SET PASSWORD FOR 'appUser'@'localhost' = PASSWORD("123456");
(Time is precious, sharing is not easy, donate and give back, ^_^)
================================
©Copyright Sweet Potato Yao2021-12-31