Table of contents
1. The concept of MySQL user management
1. The concept of MySQL user management
MySQL user management concepts:
• Similar to the Linux operating system, MySQL also has super users and ordinary users.
• If a user only needs to access a certain database in MySQL, or even a certain table in the database, then you can create a common user for it, and give the corresponding authority to the user, so that the user cannot see the data in the database. Other data, to prevent the user from misoperation on other data.
2. User
2.1. User information
By default, there is a database named mysql in MySQL. as follows:
Looking at the tables in this database, you can see that there is a table called user. as follows:
The user table stores user-related information in MySQL. as follows:
Description of some fields:
• user: Indicates the username of the user.
• host: indicates which host the user can log in from, localhost indicates that the user can only log in from the local machine, and % indicates that the user can log in from anywhere.
• authentication_string: Indicates the value of the user's password encrypted by the password function.
• xxx_priv: Indicates whether the user has the corresponding privilege.
In order to avoid swiping the screen when viewing user information, you can select only some of the fields for display. as follows:
It should be noted that users with the same name can exist in MySQL, as long as the login hosts corresponding to these users with the same name are different, because the primary key in the user table is a composite primary key, which is shared by the user column and the host column in the table. as follows:
Note: All user management work is carried out in this user table, and the sql corresponding to all user management work is actually to add, delete, check and modify this table. However, it is not convenient for users to manually add, delete, check and modify the user table, so MySQL provides some sql for user management.
2.2. Create user
The SQL to create a user is as follows
CREATE USER '用户名'@'登录主机' IDENTIFIED BY '密码';
For example, create a user named frank below who can log in from anywhere. as follows:
Note: If the system prompts 1290 error, that is, the current root user is not allowed to create a new user, then we can use the flush privileges command to refresh the permissions.
After the user is successfully created, the relevant information of the user will be written into the user table just now. MySQL internal storage passwords are not stored in plain text, but encrypted and stored through the password function, as follows:
At this time, you can use the newly created ordinary user to connect to the MySQL server. as follows:
In addition, since the user we created can log in from anywhere, if you have installed MySQL under Windows, you can log in remotely in the cmd window of Windows. as follows:
Explain:
• The SQL for creating a user contains the user's password, so the SQL will not be recorded in history, so it cannot be traced through the up and down keys.
• The authentication level of MySQL itself is relatively high, so the password set when creating a user should not be too simple, otherwise an error will be reported. At this time, you can choose to set the password more complicated, or adjust the password-related settings.Note:
1. To install MySQL on Windows, please refer to the blog MySQL 5.7 Uncompressed Version Installation Tutorial [Windows] (End)_Windows Install mysql5.7_Litsev's Blog-CSDN Blog
2. Within the company, it is forbidden to open the port of the database on the public network. Once exposed to the public network, it is easy to cause problems. If it must be exposed to the public network during study, then close MySQL after using it, and change the port number of the database in the configuration file.
Use the show command to view global variables, and you can see the requirements related to password settings. as follows:
2.3. Modify user password
Users modify their own passwords:
Users can set the encrypted value of the new password to their own password by calling the password function. as follows:
Note: Users can directly use the update function to modify the authentication_string password field in the user table, as shown in the figure below, but such modification is risky, and it is recommended to use the interface provided by mysql.
The superuser modifies the password of any user:
The super user can set the encrypted value of the new password to the password of the specified user by calling the password function. as follows:
2.4. Delete user
The SQL for deleting a user is as follows:
DROP USER '用户名'@'登录地址';For example, after deleting the user just created, the corresponding record of the user in the user table will no longer exist. as follows:
Explain:
• When deleting a user, if the user's login address is not specified, the user whose login address is % will be deleted by default.
3. Database permissions
3.1. Privileges in MySQL
The permissions provided by the MySQL database are as follows:
It should be noted that the newly created user does not have any permissions, so the user needs to be authorized after creating the user.
3.2. Authorize users
The SQL for user authorization is as follows:
GRANT 权限列表 ON 库名.对象名 TO '用户名'@'登录地址' [IDENTIFIED BY '密码'];Explain:
• 'Username'@'login address': indicates which user is authorized.
• Library name.Object name: Indicates which object authority under which database the user is to be granted.
• Permission list: Indicates which permissions are to be granted to the user, and multiple permissions are separated by commas.
• IDENTIFIED BY 'password' (optional): If the user exists, modify the user's password while granting permissions, and if the user does not exist, create the user.
For example, the root user is used to create the user frank, and the user frank is granted the select permission of all objects under the test database of the root user. as follows:
After authorization, use the show grants for 'username'@'login address' command to view the existing permissions of the user. as follows:
Explain:
• After creating a user, the user will have the USAGE authority by default, which can only be used for database login and cannot perform any operations.
• *.* means all objects of all databases, and library name.* means all objects (tables, views, stored procedures, etc.) of a certain database.
At this time, when the user views the database, he can view the test database. as follows:
Explain:
• After creating a user, the user can only see the information_schema database by default, which stores the information of all other databases maintained by the MySQL server.
After entering the test database, you can also view all the tables in it. as follows:
But the user can only view the information in the table at present, but cannot modify the data in the table, because we only grant the user the select permission. as follows:
All permissions under the test database are granted to this user below. as follows:
Only then can the user perform other operations on the data in the table. as follows:
3.3. Recovery authority
The SQL for reclaiming permissions is as follows:
REVOKE 权限列表 ON 库名.对象名 FROM '用户名'@'登录地址';Explain:
• The syntax of revocation permission is the same as that of authorization, except that the to keyword is changed to from, and there is no IDENTIFIED BY 'password' field.
For example, the following will recycle all permissions of the frank user under the test database. as follows:
Explain:
• After revoking the user's authority under a certain database, it will take effect when the user enters the database next time.
• If the user is using the corresponding database when the authority is revoked, the user still has the corresponding authority after the authority is revoked.
