MySQL create user and authorization management
1. Create a user
- Order
CREATE USER 'username'@'host' IDENTIFIED BY 'password';
- illustrate
username:创建的用户名
host:指定该用户在哪个主机上可以登陆,如果是本地用户可用localhost,如果想让该用户可以从任意远程主机登陆,可以使用通配符%
password:该用户的登陆密码,密码可以为空,如果为空则该用户可以不需要密码登陆服务器
- example
CREATE USER 'admin'@'localhost' IDENTIFIED BY '123456';
CREATE USER 'admin'@'192.168.1.101' IDENDIFIED BY '123456';
CREATE USER 'admin'@'%' IDENTIFIED BY '123456';
CREATE USER 'admin'@'%' IDENTIFIED BY '';
CREATE USER 'admin'@'%';
2. User authorization
- Order
GRANT privileges ON databasename.tablename TO 'username'@'host'
- illustrate
privileges:待授予的用户操作权限,如SELECT,INSERT,UPDATE等,如果要授予所有权限则使用ALL
databasename:数据库名
tablename:表名,如果要授予该用户对所有数据库和表的相应操作权限则可用*表示,如*.*
- example
GRANT SELECT, INSERT ON test.user TO 'admin'@'%';
GRANT ALL ON *.* TO 'admin'@'%';
GRANT ALL ON test.* TO 'admin'@'%';
Note: The user authorized by the above command cannot authorize other users. If you want the user to be authorized, use the following command:
GRANT privileges ON databasename.tablename TO 'username'@'host' WITH GRANT OPTION;
3. Set and change password
- Order
ALTER USER 'username'@'host' IDENTIFIED BY "newpassword"
# 或者
SET PASSWORD FOR 'username'@'host' = "newpassword";
# 如果更改的是当前登录用户密码,还可以直接使用以下命令
SET PASSWORD = "newpassword";
- example
ALTER USER 'admin'@'localhost' IDENTIFIED BY "123456"
ALTER USER 'admin'@'%' IDENTIFIED BY "123456"
SET PASSWORD FOR 'admin'@'localhost' = "123456";
SET PASSWORD = "123456";
4. Revoke user permissions
- Order
REVOKE privileges ON databasename.tablename FROM 'username'@'host';
- illustrate
privileges:待撤销的用户操作权限,如SELECT,INSERT,UPDATE等,如果要撤销所有权限则使用ALL
databasename:数据库名
tablename:表名,如果要撤销该用户对所有数据库和表的相应操作权限则可用*表示,如*.*
- example
REVOKE SELECT ON test.user FROM 'admin'@'%';
REVOKE SELECT,UPDATE ON test.user FROM 'admin'@'%';
REVOKE ALL ON test.user FROM 'admin'@'%';
REVOKE INSERT ON *.* FROM 'admin'@'localhost';
5. Delete user
- Order
DROP USER 'username'@'host';
- example
DROP USER 'admin'@'localhost';
DROP USER 'admin'@'%';