1. Login user management
1.1 View user password information
1.2 Increase of logged-in users
1.3 Change of login user name
1.4 Delete login user
1.5 View the currently logged in user
1.6 Modify the user's password
1.7 How to modify and retrieve root password after forgetting
Step 1: Add the skipped initial configuration
Step 2: Restart the database service and modify the root password in the database user table
Step 3: Login to test new password
Step 4: Undo the added password-free authentication settings and restart the database service
2. Manage the permissions of logged-in users
2.1 Common user permissions
2.2 View the operations that the user has permission
2.3 Authorized operations
Method 1: Authorize existing users
Method 2: Create and authorize non-existing users
2.4 Revoking user rights
2.5 Remote login of users
Summarize
1. User management operations
2. User authorization operation
1. Management of login users
1.1 View user password information
User information is stored in the user table under the mysql database (there is a system-built-in mysql database under the MySQL service).
use mysql ;
show tables;
Frequently used commands to view password information:
Can see the password information: it is the encrypted password information
select user,host,authentication_string from user;
1.2 Add plaintext password for login user
Create user format:
create user 'username'@'host' identified by 'password'
Create user with encrypted password:
SELECT PASSWORD('password'); #Get the encrypted password first
CREATE
USER 'lisi'@'localhost' IDENTIFIED BY PASSWORD 'encrypted password';
1.3 Change of login user username
RENAME USER 'old username'@'old host address' TO 'new username'@'new host address';
1.4 Delete the login user
drop user 'username'@'login address';
1.5 View the currently logged in user
select user();
1.6 Modify the user's password
Ordinary users only have the authority to modify their own passwords
Change the plaintext password:
set password = password ('new password');
The root user is a super administrator. It can not only modify its own password, but also modify the passwords of other users.
set password for 'user'@'login address' =password ('password');
1.7 How to modify and retrieve the root password after forgetting
This operation must be performed on the database machine and as the root user
Step 1: Add skipped initial configuration
vim /etc/my.cnf
skip-grant-tables
Step 2: Restart the database service and modify the root password in the database user table
systemctl restart mysql.service
mysql
mysql> UPDATE mysql.user SET AUTHENTICATION_STRING = PASSWORD('123123') where user='root';
mysql> flush privileges; #refresh Database
mysql
> quit #exit
Step 3: Login to test the new password
mysql -u root -p123123
Step 4: Undo the added password-free authentication setting, restart the database service
#Delete the configuration in the configuration file, and then restart the service.
Note: Finally, delete the skip-grant-tables in the /etc/my.conf configuration file and restart the mysql service.
vim /etc/my.cnf
systemctl restart mysqld.service
2. Manage login user privileges
2.1 Common user privileges Permission
description Permission level
CREATE Permission to create database, table or index Database, table or index
DROP Permission to delete database or table Database or table
GRANT OPTION Grant permission option Database or table
REFERENCES Reference permission database or table
ALTER Change table permission Data table
DELETE Delete table data permission Data table
INDEX Data table operation index permission Data table
INSERT Add table data permission Data table
SELECT query table data permission Data table
UPDATE Update table data permission data Table
CREATE VIEW Permission to create a view View
SHOW VIEW Permission to view a view View
ALTER ROUTINE Permission to change a stored procedure Stored procedure
CREATE ROUTINE Permission to create a stored procedure Stored procedure
EXECUTE Permission to execute a stored procedure Stored procedure
FILE Server host file access permissions File management
CREATE TEMPORARY TABLES permission to create temporary tables Server management
LOCK TABLES permission to lock tables Server management
CREATE USER permission to create users Server management
RELOAD permission to execute flush privileges, refresh, reload and other refresh commands Server management
PROCESS Permission to view process server management
REPLICATION CLIENT Permission to view master-slave server status Server management
REPLICATION SLAVE Permission to master-slave replication Server management
SHOW DATABASES Permission to view database Server management
SHUTDOWN Permission to close database Server management
SUPER super authority Server management
ALL [PRIVILEGES ] All permissions
USAGE does not have any permissions
2.2 View the operation of the user's existing permissions
SHOW GRANTS; #View
the permissions
SHOW GRANTS FOR username@source address; #View permissions of other users
2.3 Authorization operation
[NO_AUTO_CREATE_USER], that is, it is forbidden to create an account with an empty password in the grant statement. When using the grant syntax to create a user, you must bring the "identified by" keyword to set the account password, otherwise it will be considered an illegal creation statement.
Method 1: Authorize existing users
GRANT permission list ON database name. table name TO 'username'@'source address' [IDENTIFIED BY 'password'];
permission list: used to list various database operations authorized to use, Separated by commas such as "select, insert, update". Use "all" to indicate all permissions (actually some permissions are still unusable, only most permissions), and can be authorized to perform any operation.
Database name. Table name: Used to specify the name of the database and table for authorized operations, where wildcards * can be used. For example, use "mysql.*" to indicate that the objects of the authorization operation are all tables in the mysql database. 'Username'@'source address': It is used to specify the user name and the client address that is allowed to access, that is, who can connect and from where. The source address can be a domain name, an IP address, or a "%" wildcard to indicate all addresses in a certain area or network segment.
IDENTIFIED BY: Used to set the password string used by the user to connect to the database. When creating a new user, if the "IDENTIFIED BY" part is omitted, the user's password will be empty.
Method 2: Create and authorize non-existing users
GRANT ALL PRIVILEGES ON *.* TO 'username'@'source address' IDENTIFIED BY 'password';
2.4 revoke user permission
revoke permission list/ALL on library name. table name from 'username'@'source address';
2.5 User's remote login
mysql -u username-p[password] -h target IP/hostname-P port number #remote connection mysql
Notice:
Summary
1. User management operation
create user 'username'@'address' identified by 'password'; #create user
select user,host,authentication_string from mysql.user; #View user information
rename user old_user to new_user; #Modify user name
drop user 'username'@'source address'; #delete user
set password = password('XXXX'); #Modify the password of the currently logged in user
set password for 'username'@'source address' = password('XXXX'); #Modify the password of other users
select user (); #View the current login user and source address
### Forget the root user password solution:
Modify the mysql configuration file /etc/my.cnf, and add skip-grant-tables under the [mysqld] configuration item
service mysqld restart #restart service
mysql #Secret-free login
update mysql.user set authentication_string=password('新密码') where user='root';
#Modify password flush privileges; #Refresh database
2. User authorization operation
grant permission list/ALL ON library name. Table name to 'username'@'address' identified by 'password'; #Grant user permissions
show grants; #View the permissions of the current user (self)
show grants for 'username'@'address'; #View permissions of other users
revoke permission list/ALL on library name. table name from 'username'@'address'; #revoke user permissions
mysql -u username-p[password] -h target IP/hostname-P port number #remote connection mysql