MySQL entire access control includes two blocks: user management module, access control module
User login access control mechanism does not belong, but the user identification and authentication, certification, including host name, user name and password
The user management module stored in the system information table in mysql.user
Create a user
User rename
change the password
delete users
MySQL Authorized
Rights and privileges can be divided into type of permission objects, such as user u1 view all the contents of database tables t1 d1 in, permission type is select, the rights object is to table t1.
The basic format: grant permission on the type of the rights object to 'username' @ 'hostname';
Access level:
① Global permissions Global Privileges: management authority, applied to all databases on the server (stored in the global permissions mysql.user table) ----- on * *.
② database permissions Database Privileges: All objects applies to a particular database (stored in the database privileges mysql.db table) ----- on db_name *.
③ table permissions Table Privileges: applied to all the columns in a particular table (table permissions stored in mysql.tables_priv table) ----- on db_name.tbl_name
④ column privileges Column Privileges: applied to a single column in a particular table (column privileges stored in mysql.columns_priv table) ----- authority behind the name with parentheses, which named and write
⑤ storage permission routine Stored Routine Privileges: applied to the stored procedures and functions (storage routine stored in the authority table mysql.procs_priv)
⑥ proxy user rights Proxy User Privileges: enables a user to become another user agent (user agent permission to save in mysql.proxies_priv table)
Permission type:
1> .all / all privileges privileges
All rights on behalf of the entire global or object-level databases.
2> .alter rights
Allow representatives permission to modify table structure, but must require create and insert permission fit. If rename the table name, you must require alter and drop the original table, the Create and insert permissions for the new table.
3> .alter routine privileges
Representatives allowed to modify or delete a stored procedure, function rights.
4> .create rights
create rights on behalf of rights allows the creation of new databases and tables.
5> .create routine privileges
Representatives allows you to create stored procedures, functions of the authority.
6> .create tablespace privileges
Representatives allows you to create, modify, delete permissions table space and log group.
7> .crate tempoary tables authority
Allow representatives permission to create a temporary table.
8> .create user permissions
Representatives allows you to create, modify, delete, rename usrer privileges.
9> .create view permissions
Allow representatives permission to create a view.
10> .delete rights
Allow representatives permission to delete rows of data.
11> .drop rights
It allows you to delete permissions on behalf of databases, tables, views, including truncate table command.
12> .event rights
Allow representatives of the query, create, modify, delete mysql event.
13> .execute rights
Representatives allowed to execute permissions stored procedures and functions.
14> .file rights
Representatives allows mysql to read and write disk file operations can access the directory, use the command includes the Load the Data infile , the SELECT ... INTO outfile , the Load File () function.
15> .grant option rights
Authorized representative of whether to allow the user to recover the rights of other users or you give.
16> .index rights
Whether to allow representatives to create and delete indexes.
17> .insert rights
Representatives whether to allow insertion of data in the table, while the implementation of the Analyze the Table , Optimize the Table , Repair the Table statement, you also need to insert privileges.
18> .lock rights
Representatives have allowed to select table permissions are locked to prevent reading or writing other links on this table.
19> .process rights
Allow representatives to view the mysql process information, such as the implementation of Show processlist, mysqladmin processlist (command line), Show Engines commands.
20> .reference rights
In 5.7.6 after the introduction of version, whether to allow representatives to create a foreign key.
21> .reload rights
Representatives allowed to execute flush command, specify in the permission table to re-home system memory, Refresh command on behalf of closing and reopening log files and flushes all to the table.
22> .replication client privilege
Allowed to perform on behalf of Show Master Status , Show Slave Status, Show binary logs command.
23> .replication slave rights
Representative allows slave host connection through the user master in order to establish the relationship between the master copy.
24> .select rights
Representative allows to view the data from the table, the lookup table data is not certain select perform this permission is not required, such as select +. 1. 1 , select PI () +5 like; and select permission performed updata / delete contains statements where If the condition is also needed.
25> .show databases rights
Behalf by executing show databases to see all the database name name.
26> .show view permissions
By executing on behalf of show create view View statement to create the View command.
27> .shutdown rights
Allow Close behalf of the database instance, execute statement includes mysqladmin the shutdown .
28> .super rights
Representatives allowed to perform a series of database management commands, including kill forcibly closed a connection command, Change Master to create the copy command relationship, and crete / alter / drop server commands.
29> .trigger rights
Representatives allows you to create, delete, execute, reality triggers permission.
30> .upadte rights
Allow representatives permission to modify table data medium.
31> .usage rights
It is the default permissions, etc. After creating a user, which itself represents a linking landing rights.
The abolition of privileges
Format: revoke permission type permissions on objects from 'username' @ 'hostname';
Note: The use of grant, revoke, when will modify the user data table, also concurrent modification hash structures in memory, with immediate effect, there is no need to follow the implementation of the command flush privileges;
flush privileges usage scenarios: Load user rights. Direct use DML operating system permissions table, can cause data inconsistency with the permission of the rights of data in memory, then flush privileges reconstruction is the need to use data memory, to achieve a consistent state authority.