After successfully creating a user account, it can not do anything, you need to assign the appropriate access permissions for that user. You can use SHOW GRANT FOR statement to query the user's permission.
Note: Only the newly created user login privileges MySQL server, no other permissions, can not perform other operations.
USAGE ON *. * Means that the user of any database and any tables do not have permission.
Grant user rights
For new MySQL user, you must give it authorization, you can use GRANT statement to implement the authorization for new users.
Syntax:
The GRANT <permission type> [(<column name>)] [, <permission type> [(<column name>)]] the ON <Object> <Access level> the TO <user> where <user> format: <username > [IDENTIFIED] BY [pASSWORD] <password> [WITH GRANT OPTION] | MAX_QUERIES_PER_HOUR <number> | MAX_UPDATES_PER_HOUR <number> | MAX_CONNECTIONS_PER_HOUR <number> | MAX_USER_CONNECTIONS <number>
Syntax is as follows:
1) <column name>
Optional. Used to assign permissions to be granted to what specific list.
2) ON clause
It is used to specify the permissions granted to objects and levels, as given to grant privileges such as database names or table names behind the ON keyword.
3) <privilege level>
For level specified permission. Permissions can be granted the following groups:
- Column permissions, and table related to a specific column. For example, you can use the UPDATE statement to update the table permissions students in student_name column values.
- Table permissions, and all data related to a specific table. For example, you can use the SELECT statement to query permission table students of all data.
- Database rights, and all the tables in a specific database-related. For example, you can create a new table of authority in the existing database in mytest.
- User rights, and all the MySQL database-related. For example, you can delete an existing database or create a new privilege for the database.
Correspondingly, in a GRANT statement can be used to specify the permission level value format following categories:
- *: Indicates all current tables in the database.
- * *: Means all tables in all databases.
- db_name *:. means all tables, db_name specifies the database name of a database.
- db_name.tbl_name: represents a table or view a database, db_name specify the database name, tbl_name specified table or view name.
- tbl_name: represents a table or view, tbl_name specified table or view name.
- db_name.routine_name: indicates that a database of a stored procedure or function, routine_name specify a stored procedure or function names.
- TO clause: for setting user password, and the user specifies a user is given permission. If present in the TO clause to specify the system user password, the new password will cover the original password; if permission is granted to the user that does not exist, MySQL will automatically perform a CREATE USER statement to create the user, but at the same time You must specify a password for the user.
GRANT statement <权限类型>for use are as follows:
1) granting permission database, <permission type> value can be specified as the following:
- SELECT: represents the SELECT statement can be used to grant users access to a particular database permissions on all tables and views.
- INSERT: Users can express grant permission to use the INSERT statement to add rows of data to a specific database all the tables.
- DELETE: Users can express grant permission to use the DELETE statement to delete a specific database rows of all tables.
- UPDATE: grant, the user can use the UPDATE statement to update the database permissions for specific values of all the data tables.
- REFERENCES: grant, users can create links to specific rights outside tables in the database keys.
- CREATE: represents an authorized user can use the CREATE TABLE statement permission to create new tables in a specific database.
- ALTER: grant, the user can use the ALTER TABLE statement to modify the permissions of all data tables in a specific database.
- SHOW VIEW: Users can view the permissions granted to represent the view definition of specific already in the database view.
- CREATE ROUTINE: Users can express grant permission to create stored procedures and stored functions for a particular database.
- ALTER ROUTINE: grant, users can update and delete permissions already in the database stored procedures and stored functions.
- INDEX: Users can express grant permissions on all of the data table definitions and dropping indexes in a particular database.
- DROP: represents the user can delete a specific database to grant permissions to all tables and views.
- CREATE TEMPORARY TABLES: Users can express grant permission to create temporary tables in a specific database.
- CREATE VIEW: Users can create new representation granted permission to view in a particular database.
- EXECUTE ROUTINE: representation rights granted to the user can call stored procedures and stored functions of a particular database.
- LOCK TABLES: representation rights granted to the user can lock existing data tables for a particular database.
- ALL or ALL PRIVILEGES: represents all of the above rights.
2) granting permissions table, <permission type> value can be specified as the following:
- SELECT: Grant the user can use the SELECT statement permission to access a particular table.
- INSERT: Grant the user permissions can add rows of data to a specific table using the INSERT statement.
- DELETE: The user can grant permission to use the DELETE statement to delete rows from a particular table.
- DROP: The user can grant permission to delete the data table.
- UPDATE: Grant the user can use the UPDATE statement to update permissions for specific data table.
- ALTER: Grant the user can use the ALTER TABLE statement to modify the permissions data table.
- REFERENCES: Grant the user can create a foreign key reference to permissions for specific data table.
- CREATE: Users can grant permission to create a data table using a specific name.
- INDEX: The user can define permissions granted to the index on the table.
- ALL or ALL PRIVILEGES: All privileges names.
3) granting permission column, <authority type> value can only be specified as SELECT, INSERT and UPDATE, while behind the permissions need to add the column name list of column-list.
Permissions 4) is the most efficient user rights.
When the rights granted to users, <permission type> can specify all the values except for granting permission database, but also can have the following values:
- CREATE USER: grant, users can create and delete new user permissions.
- SHOW DATABASES: grant, the user can use the SHOW DATABASES statement permission to view the definition of all existing databases.
[Example] testUser create a new user using the GRANT statement, password testPwd. TestUser user inquiries to all the data, insert permission and grant permissions GRANT. As shown in SQL statements and execution of the following forms.
mysql> GRANT SELECT,INSERT ON *.* -> TO 'testUser'@'localhost' -> IDENTIFIED BY 'testPwd' -> WITH GRANT OPTION; Query OK, 0 rows affected, 1 warning (0.05 sec)
Use the SELECT statement to query the user testUser rights, as shown below.
mysql> SELECT Host,User,Select_priv,Grant_priv -> FROM mysql.user
