1. MySQL permission classification
- mysql.user global permissions
- mysql.db can only operate a certain database
- mysql.table_priv can only operate a certain table
- mysql.columns can only operate on a certain column
2. View user permissions
show grants; -- query the current user permissions
grants for root@localhost; --Query the permissions of user root
3. User Management
1. Query users (login as root)
use mysql; -- system database
select * from user; -- users are in the mysql.user table
2. Create a user
(1) Use the CREATE USER statement to create a user
create user 'username'@'hostname' identified by 'password';
# If no host name is specified, the host name defaults to "%", indicating a group of hosts, that is, open permissions to all hosts
(2) Use the INSERT statement to create a new user
When you have the INSERT permission to the mysql.user table, you can use the INSERT statement to add user information to the mysql.user table.
INSERT INTO mysql.user(Host, User, authentication_string,...) VALUES ('hostname', 'username','password',....);#Usually the INSERT statement only adds the values of the three fields Host, User and authentication_string
Note: If you log in to the MySQL server through this account, you cannot succeed because the newly created user has not yet taken effect. You can use the FLUSH command to make the user effective, the command is as follows: FLUSH PRIVILEGES;
3. Delete user
The syntax format is as follows:
DROP USER 'username'@'hostname';
delete from mysql.user WHERE Host='hostname' AND User='username';
When using #delete, the user must have the DELETE permission of the mysql.user table to proceed
4. Modify username
rename 'old username'@'hostname' to 'new username'@'hostname'
5. Modify user password
alter user 'username'@'hostname' indentified by 'new password';
4. Rights management
1. View user permissions
show grants for 'username'@'hostname';
2. Grant user permissions
GRANT PRIVILEGES ON DATABASE.TABLE TO "用户名"@"主机名";
- PRIVILEGES represents the privileges to be granted to the user
- DATABASE is the database name, you can use * to represent all databases
- TABLE is the data table name, you can use * to represent all data tables
- "Username" and "Hostname" identify the login user to be authorized
-
3. Delete user permissions
revoke permission list on object type object name from 'username'@'hostname'..... ;
the case
1. Create user admin, password "123456", you can log in on all machines and have permission to all database data tables
#建立用户
create user 'admin' identified by '123456';
#用户授权
grant all on *.* to 'admin' identified by '123456' with grant option;
#测试
select host,user,Update_priv,Alter_priv from mysql.user where user='admin' ;2. Create a user userwith a password of 888888, log in locally , and have query authority (172.0.0.1)for the data tables provincein the databasejdxx
use province;
#建立用户
create user 'user'@'172.0.0.1' identified by '888888';
#用户授权
grant select on table jdxx to 'user'@'172.0.0.1';
#代码结束
select host,db,table_name,Table_priv from mysql.tables_priv where user='user';3. Create a user user, log in on the local machine (172.0.0.1), and the password is 666666. Have all permissions to all data tables in the database province library, and have query permissions to the book table in the database library library
#代码开始
#建立用户
create user 'user' @'172.0.0.1' identified by '666666';
#用户授权
grant all on province.* to 'user'@'172.0.0.1';
grant select on library.book to 'user'@'172.0.0.1';
#代码结束
select host,db,user,Delete_priv,Index_priv from mysql.db where user='user' ;
select host,db,table_name,Table_priv from mysql.tables_priv where user='user';
The table_priv table structure is as shown below
