[MySQL Series] MySQL user management

The content of the "Preface" article is roughly MySQL user management.

"Attribution Column" MySQL

"Homepage link" personal homepage

"Author" Mr. Maple Leaf (fy)

1. User management

• MySQL is similar to Linux and is also divided into root users for ordinary users.
• If only the root user can be used, there is a security risk. In this case, you need to use MySQL user management to manage user permissions.

1.1 User information

In MySQL, there is a mysqldatabase by default. There is a table

in the database. The table stores MySQL user-related information ( printed by row). Some field descriptions:user

\G

• user: Indicates the username of the user
• host: Indicates which host this user can log in from. If yes localhost, it means that the user can only log in from this machine, %which means that he can log in from anywhere.
• authentication_string: The user password is a string formed after being encrypted by the password function.
• *_priv( xxx_priv): Indicates the permissions owned by the user. Y has the permissions and N does not.

View current user

select user();

Note: root is the user name, localhost is the host name

1.2 Create new user

The SQL to create a user is as follows:

create user '用户名'@'登陆主机/ip' identified by '密码';

Create a user named test who can log in from anywhere

 create user 'test'@'%' identified by '123123aa';

Note: %It means you can log in from anywhere. Yes localhost, it means you can only log in from this computer.

The authentication level of MySQL itself is relatively high, so the password set when creating a user cannot be too simple, otherwise an error will occur. In this case, you can choose to make the password more complex, or you can adjust the password-related settings.

To reduce the security strength of the MySQL password input, you can validate_passwordachieve this by modifying the relevant variables.

View the current validate_password related variables

show variables like 'validate_password%';

validate_password_policyThe default value of is 1, which means the password must contain numbers, lowercase letters, uppercase letters, and special characters. Setting it to 0 will disable these requirements

 set global validate_password_policy=0;

After the new user is successfully created, the relevant information of the user will be written to the user table just now. Check the user (too much information, filter it)

 select user,host,authentication_string from user;

You can use the newly created ordinary user to connect to the MySQL server.

The created user can log in from anywhere, so if you have MySQL installed under Windows, you can log in remotely from the Windows cmd window.

Notice：

• When the password is involved in MySQL, the SQL will not be recorded historically.
• Be careful, don’t easily add a user who can log in from anywhere, delete it after testing (otherwise you will be easily beaten by hackers)

1.3 Delete users

The syntax for deleting a user is as follows:

drop user '用户名'@'主机名';

For example, delete the test user above

drop user 'test'@'%';

1.4 Modify user password

Change your own password

The syntax is as follows:

set password=password('新的密码');

The root user changes the password of the specified user

The syntax is as follows:

set password for '用户名'@'主机名'=password('新的密码')；

2. Database permissions

• If a user only needs to access a certain database in MySQL, or even a certain table in the database, then he can create a normal user for him
• And grant corresponding permissions to the user, preventing the user from seeing other data in the database, and preventing the user from misoperation on other data.

List of permissions provided by MySQL database

Notice: The newly created user does not have any permissions, so you need to authorize the user after creating the user.

2.1 Authorize users

The newly created user does not have any permissions and needs to be authorized. The syntax is as follows:

grant 权限列表 on 库.对象名 to '用户名'@'登陆地址/ip' [identified by '密码']

illustrate:

• to:To is followed by user, which indicates which user is authorized.
• 库名.对象名: Indicates which object (table) under which database is to be granted to the user.
• For example, *.*: represents all objects (tables, views, stored procedures, etc.) of all databases in this system
• 库.* : Represents all data objects (tables, views, stored procedures, etc.) in a database
• identified byOptional: If the user exists, change the password while granting permissions. If the user does not exist, create the user.
• 权限列表: Indicates what permissions are to be granted to the user. Multiple permissions are separated by commas.

-- 权限列表，例如
grant select on ... -- 赋予select权限
grant select, delete, create on -- 表示赋予select, delete, create权限
grant all [privileges] on ... -- 表示赋予该用户在该对象上的所有权限

Create a new user zhangsan, and then use some commands to view the user's existing permissions

show grants for '用户名'@'登录地址';

For example:

 show grants for 'zhangsan'@'localhost';

Note：

• After creating a user, the user will have USAGEpermissions by default. This permission can only be used for database login and cannot perform any operations.

Check the user's database. There is only one built-in system. The database under the root user cannot be seen by ordinary users.

Create a test_db database under the root user and grant the zhangsna user select permission on all objects under the test_db database.

grant select on test_db.* to 'zhangsan'@'localhost';

Note: *.*Indicates all objects of all databases, 库名.*indicates all objects of a certain database (tables, views, stored procedures, etc.)

At this time, you can view the database by viewing the user's database.

The user can currently only view the information in the table, but cannot perform other operations on the data in the table. If other operations are required, the corresponding permissions need to be granted as follows

. All permissions of the test_db database are granted to this user. After authorization, the user can perform any operations on the database (not demonstrated)

 grant all on test_db.* to 'zhangsan'@'localhost';

Notice: If it is found that the permission does not take effect after granting it, execute the following command:

flush privileges;

2.2 Reclaim user rights

The SQL syntax for reclaiming user permissions is as follows:

revoke 权限列表 on 库.对象名 from '用户名'@'登陆地址/ip';

The syntax for revoking permissions is similar to the syntax for authorization and will not be explained.

For example, recycle all permissions of user zhangsan in the test_db database

revoke all on test_db.* from 'zhangsan'@'localhost';

Notice: If the user is using the corresponding database when the permissions are revoked, the user still has the corresponding permissions after the permissions are revoked. The new permissions will only take effect the next time the user enters the database
---------- ---------- END -----------------------

「 作者 」 枫叶先生
「 更新 」 2023.9.13
「 声明 」 余之才疏学浅，故所撰文疏漏难免，
          或有谬误或不准确之处，敬请读者批评指正。