Three ways to create users in Mysql

Enterprise 2023-04-16 14:27:41 views: null

create common user

MySQL supports using the CREATE USER statement to create users, using the GRANT statement to create users, and users can also be created by operating the user data table under the mysql database.

  1. Create a user using the CREATE USER statement

When executing the CREATE USER statement, MySQL will insert a newly created user data record into the user data table, the syntax format is as follows:

CREATE USER [IF NOT EXISTS]
    user [auth_option] [, user [auth_option]] ...
    DEFAULT ROLE role [, role ] ...
    [REQUIRE {NONE | tls_option [[AND] tls_option] ...}]
    [WITH resource_option [resource_option] ...]
    [password_option | lock_option] ...
user:
    (see Section 6.2.4, “Specifying Account Names”)
auth_option: {
    IDENTIFIED BY 'auth_string'
  | IDENTIFIED BY RANDOM PASSWORD
  | IDENTIFIED WITH auth_plugin
  | IDENTIFIED WITH auth_plugin BY 'auth_string'
  | IDENTIFIED WITH auth_plugin BY RANDOM PASSWORD
  | IDENTIFIED WITH auth_plugin AS 'auth_string'
}
tls_option: {
   SSL
 | X509
 | CIPHER 'cipher'
 | ISSUER 'issuer'
 | SUBJECT 'subject'
}
resource_option: {
    MAX_QUERIES_PER_HOUR count
  | MAX_UPDATES_PER_HOUR count
  | MAX_CONNECTIONS_PER_HOUR count
  | MAX_USER_CONNECTIONS count
}
password_option: {
    PASSWORD EXPIRE [DEFAULT | NEVER | INTERVAL N DAY]
  | PASSWORD HISTORY {DEFAULT | N}
  | PASSWORD REUSE INTERVAL {DEFAULT | N DAY}
  | PASSWORD REQUIRE CURRENT [DEFAULT | OPTIONAL]
  | FAILED_LOGIN_ATTEMPTS N
  | PASSWORD_LOCK_TIME {N | UNBOUNDED}
}
lock_option: {
    ACCOUNT LOCK
  | ACCOUNT UNLOCK
}

Among them, some parameters are described as follows:

·user: The name of the newly created user.

· IDENTIFIED BY: Set the user's password.

· IDENTIFIED WITH: Specify an authentication plug-in for the user.

· auth_plugin: The name of the authentication plugin.

Note: When using the CREATE USER statement on the MySQL command line to create a user, the user currently logged in to MySQL must have the CREATE USER permission or the INSERT (insert) permission of the mysql database.

(1) Create a MySQL user whose user name is zhaoyanfei and whose host name is localhost.

mysql> CREATE USER 'zhaoyanfei'@'localhost';
Query OK, 0 rows affected

The SQL statement is executed successfully, and the user record with the user name binghe is checked.

mysql> SELECT host,user,authentication_string FROM mysql.user WHERE user = 'zhaoyanfei';
+-----------+------------+-----------------------+
| host      | user       | authentication_string |
+-----------+------------+-----------------------+
| localhost | zhaoyanfei |                       |
+-----------+------------+-----------------------+
1 row in set

The results show that a user named zhaoyanfei and host localhost has been successfully created. This user can only connect to the MySQL service on the local server where the MySQL service is located.

When using the newly created zhaoyanfei user to connect to the MySQL service, you can connect without entering a password.

View the database privileges the current user has.

mysql> SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.01 sec)

The results show that the current user can only access the information_schema database.

(2) When MySQL creates a user, it supports the user to connect to the MySQL service within a certain IP range. For example, if you create a user named zhaoyanfei, you can connect to the MySQL service within the IP range of 192.168.31.

mysql> CREATE USER 'zhaoyanfei'@'192.168.31.%';
Query OK, 0 rows affected (0.00 sec)

The SQL statement is executed successfully, and the data record of the user named zhaoyanfei is viewed.

mysql> SELECT
    -> host, user, authentication_string
    -> FROM mysql.user
    -> WHERE user = 'zhaoyanfei';
+---------------+--------+-----------------------+
| host          | user   | authentication_string |
+---------------+--------+-----------------------+
| 192.168.31.% | zhaoyanfei |                       |
| localhost     | zhoayanfei |                       |
+---------------+--------+-----------------------+
2 rows in set (0.00 sec)

The results show that there are two data records of the user named zhaoyanfei in the user data table under the mysql database at this time, and the host names are 192.168.31.% and localhost respectively. The hostname is 192.168.31.% indicates that the MySQL service can be connected within the IP range of 192.168.31.

Note: The way to connect to MySQL and the database permissions it has are the same as the way to connect to MySQL on the local server where the MySQL service is located and the database permissions it has, and will not be repeated here.

(3) If only the user name part is specified when creating a MySQL user, the host name part defaults to %, which means that all hosts can use the current user name to connect to the MySQL service.

mysql> CREATE USER 'zhaoyanfei';
Query OK, 0 rows affected (0.00 sec)

The SQL statement is executed successfully, and you can view the created user information.

mysql> SELECT
    -> host, user, authentication_string
    -> FROM mysql.user
    -> WHERE user = 'zhaoyanfei';
+---------------+--------+-----------------------+
| host          | user   | authentication_string |
+---------------+--------+-----------------------+
| %             | zhaoyanfei |                       |
| 192.168.31.% | zhaoyanfei |                       |
| localhost     | zhaoyanfei |                       |
+---------------+--------+-----------------------+
3 rows in set (0.00 sec)

The results show that there is an additional data record with the host name % in the created data record with the user name zhaoyanfei.

(4) When creating a MySQL user, you can specify the user's connection password.

mysql> CREATE USER 'zhaoyanfei'@'localhost' IDENTIFIED BY '@zhaoyanfei123456';
Query OK, 0 rows affected (0.10 sec)

The SQL statement is executed successfully, and you can view the created user information.

mysql> SELECT
    -> host, user, authentication_string
    -> FROM mysql.user
    -> WHERE user = 'zhaoyanfei'; 
+---------------+--------+-------------------------------------------+
| host          | user   | authentication_string                     |
+---------------+--------+-------------------------------------------+
| %             | zhaoyanfei |                                           |
| 192.168.31.% | zhaoyanfei |                                           |
| localhost     | zhaoyanfei | *027B07B8E65F17AD1283D290B33909F1B8D0E5BB |
+---------------+--------+-------------------------------------------+
3 rows in set (0.00 sec)

It turns out that there is a password for the user with the hostname localhost. When connecting to the MySQL service, MySQL uses a built-in authentication mechanism inside, and you need to enter the password @zhaoyanfei123456 to connect correctly.

[root@binghe150 ~]# mysql -ubinghe -hlocalhost -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 19
Server version: 8.0.18 binghe edition
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>

(5) If you know the ciphertext of the password, MySQL supports using the ciphertext to set a password for the user. First, get the ciphertext of the password on the MySQL command line. If this statement is executed in version 8.0, an error will be reported.

1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '('@zhaoyanfei123456')' at line 1

mysql> SELECT password('@zhaoyanfei123456');
+-------------------------------------------+
| password('@zhaoyanfei123456')                   |
+-------------------------------------------+
| *027B07B8E65F17AD1283D290B33909F1B8D0E5BB |
+-------------------------------------------+
1 row in set, 1 warning (0.00 sec)

Next, create a MySQL user. Among them, the host name is 192.168.31.223, and the user name is zhaoyanfei.

mysql> CREATE USER 'zhaoyanfei'@'192.168.31.223' IDENTIFIED BY PASSWORD '*027B07B8E65F17AD1283D290B33909F1B8D0E5BB';
Query OK, 0 rows affected (0.10 sec)

The SQL statement is executed successfully. You need to enter the password @zhaoyanfei123456 to connect to the MySQL service correctly.

(6) MySQL supports setting the plug-in authentication method for the user when creating the user. At this time, the IDENTIFIED WITH statement needs to be used.

mysql> CREATE USER 'zhaoyanfei'@'localhost'
    -> IDENTIFIED WITH mysql_native_password BY '@zhaoyanfei123456';
Query OK, 0 rows affected (0.00 sec)

The SQL statement is executed successfully. To connect to the MySQL service, you need to enter the password @zhaoyanfei123456 to connect correctly.

  1. Create users using the GRANT statement

When using the CREATE USER statement to create a user, only a record is added to the user data table under the mysql database, and the user is not authorized. Using the GRANT statement to create users can not only add users, but also grant corresponding permissions to users. The syntax format is as follows:

GRANT
    priv_type [(column_list)]
      [, priv_type [(column_list)]] ...
    ON [object_type] priv_level
    TO user [auth_option] [, user [auth_option]] ...
    [REQUIRE {NONE | tls_option [[AND] tls_option] ...}]
    [WITH {GRANT OPTION | resource_option} ...]
GRANT PROXY ON user
    TO user [, user] ...
    [WITH GRANT OPTION]
object_type: {
    TABLE
  | FUNCTION
  | PROCEDURE
}
priv_level: {
    *
  | *.*
  | db_name.*
  | db_name.tbl_name
  | tbl_name
  | db_name.routine_name
}
user:
    (see Section 6.2.4, “Specifying Account Names”)
auth_option: {
    IDENTIFIED BY 'auth_string'
  | IDENTIFIED WITH auth_plugin
  | IDENTIFIED WITH auth_plugin BY 'auth_string'
  | IDENTIFIED WITH auth_plugin AS 'auth_string'
  | IDENTIFIED BY PASSWORD 'auth_string'
}
tls_option: {
    SSL
  | X509
  | CIPHER 'cipher'
  | ISSUER 'issuer'
  | SUBJECT 'subject'
}
resource_option: {
  | MAX_QUERIES_PER_HOUR count
  | MAX_UPDATES_PER_HOUR count
  | MAX_CONNECTIONS_PER_HOUR count
  | MAX_USER_CONNECTIONS count
}

Among them, some parameters are described as follows:

·priv_type: Indicates the type of permission granted to the user.

· db_name: Indicates the database where the user is granted permissions.

·tbl_name: Indicates the data table where permissions are granted to users.

· IDENTIFIED BY: Indicates that a password is set for the user.

· WITH {GRANT OPTION | resource_option}: Set GRANT permission or resource option for the user.

MAX_QUERIES_PER_HOUR count: Execute count queries per hour.

MAX_UPDATES_PER_HOUR count: Perform count updates per hour.

MAX_CONNECTIONS_PER_HOUR count: Perform count connections per hour.

· MAX_USER_CONNECTIONS count: Each user can establish count connections at the same time.

(1) Create a user whose username is binghe, whose password is @binghe123456, and grant the user the query authority for all data tables.

mysql> GRANT SELECT ON *.* TO 'zhaoyanfei'@'localhost'
    -> IDENTIFIED BY '@zhaoyanfei123456';
Query OK, 0 rows affected, 1 warning (0.12 sec)

The SQL statement is executed successfully. At this time, the user named zhaoyanfei has the query permission to all data tables.

(2) Create a user whose username is zhaoyanfei_database and whose password is @zhaoyanfei123456, and grant the user permission to query and modify the goods database.

mysql> GRANT SELECT, UPDATE ON goods.* TO 'zhaoyanfei_database'@'localhost'
    -> IDENTIFIED BY '@zhaoyanfei123456';
Query OK, 0 rows affected, 1 warning (0.10 sec)

The result shows that the SQL statement is executed successfully. At this time, the user named zhaoyanfei_database has the permission to query and modify the goods database.

(3) Create a user whose username is zhaoyanfei_table and whose password is @zhaoyanfei123456, and grant the user the right to insert, delete, modify and query the t_goods data table under the goods database.

mysql> GRANT INSERT, DELETE, UPDATE, SELECT
    -> ON goods.t_goods TO 'zhaoyanfei_table'@'localhost'
    -> IDENTIFIED BY '@zhaoyanfei123456';
Query OK, 0 rows affected, 1 warning (0.02 sec)

The result shows that the SQL statement is executed successfully. At this time, the user named zhaoyanfei_table has the authority to add, delete, modify, and check the t_goods data table under the goods database.

(4) Create a user named zhaoyanfei, and specify a host with an IP range of 192.168.31 to be able to connect to the MySQL service.

mysql> GRANT SELECT ON *.* TO 'zhaoyanfei'@'192.168.31.%'
    -> IDENTIFIED BY '@zhaoyanfei123456';
Query OK, 0 rows affected, 1 warning (0.00 sec)

(5) Create a user named zhaoyanfei, and specify that all hosts can connect to the MySQL service.

mysql> GRANT SELECT ON *.* TO 'zhaoyanfei'@'%'
    -> IDENTIFIED BY '@zhaoyanfei123456';
Query OK, 0 rows affected, 1 warning (0.00 sec)

  1. Create a user by manipulating the user data table

MySQL saves user information in the user data table under the mysql database, so you can directly manipulate the user data table to create new users for MySQL.

For example, to insert a piece of user information into the user data table under the mysql database, the host name is localhost, the user name is zhaoyanfei_insert, and the password is @zhaoyanfei123456.

mysql> INSERT INTO mysql.user
    -> (Host, User, authentication_string, ssl_cipher, x509_issuer, x509_subject)
    -> VALUES
    -> ('localhost', 'zhaoyanfei_insert', password('@zhaoyanfei123456'), '', '', '');
Query OK, 1 row affected, 1 warning (0.00 sec)

The result shows that the SQL statement is executed successfully. Next, look at the user with the username zhaoyanfei_insert.

mysql> SELECT host, user, authentication_string FROM mysql.user WHERE user = 'zhaoyanfei_insert';
+-----------+---------------+-------------------------------------------+
| host      | user          | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| localhost | zhaoyanfei_insert | *0DEB06AA6E096EB2F26EACEE157143ADB9481B5B |
+-----------+---------------+-------------------------------------------+
1 row in set (0.00 sec)

The result shows that the data is successfully inserted into the user data table. Log in to MySQL as user zhaoyanfei_insert.

[root@binghe151 ~]# mysql -uzhaoyanfei_insert -hlocalhost
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 34
Server version: 5.7.24 MySQL Community Server (GPL)
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>

The results show that the user zhaoyanfei_insert has successfully logged in to MySQL.

Guess you like

Origin blog.csdn.net/weixin_36754290/article/details/129425147
Recommended
Ranking
Solve the problem that the Chinese display of the drawing using python matplotlib under the Linux system is displayed as a box
[Conference Call for Papers] The 5th International Conference on Civil Engineering, Environmental Resources and Energy Materials (CCESEM 2023)
4-yl Fast Fourier Transform
DataGirdView interlaced display color
[Docker implements test deployment CI/CD----Dingding alarm after the build is successful (7)]
[Asp.net core series] 6 the complete structure of a project in actual combat
The new version of OpenCenterV3 management background
Why can box plots detect outliers and what is the principle?
[Switch] jumbo frame Introduction
C++对象移动(3)——移动构造函数
Daily
More
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)

Code World

© 2018 codetd.com