MySQL: 47 --- security management (user management (create / drop user), access privileges (grant, revoke), change the user password)

A, root user

• In order to perform a database operation, you need to log in MySQL. MySQL create a user account named root, it has full control of the entire MySQL server. But the real work, must not easily use the root, should create a series of account management for some, for some users, some for developers to use, etc.

Do not use root

• You should seriously peer root log in. Only to use it only when absolutely necessary

Second, user management

• MySQL user account named mysql and information stored in the database, the database has a named user table , which contains all user accounts, for example, the following query the user login name

Experiment with multiple clients

• The best way to test changes to the user accounts and permissions are open multiple database client (such as multiple copies of the mysql command-line utility), as a login manager, the other as the user's login to be tested

Third, create a user account (create user)

• You can use the following statement to create a new user account:
  • When you create a new user does not necessarily require a password , but the following examples with "identified by 'p @ $$ w0rd '" gives a password

create user user_name identified by 'p@$$w0rd';

• The newly created user has no rights, we need to set permissions (see below) 

Specifies the hashed password

• identified by the specified password as plain text, MySQL will be encrypted before saving to the user table. To specify the password as a hash value, using the identified by password

Use grant or insert

• grant statements can also create user accounts (described below), but in general create user is the clearest and most simple sentences
• In addition, you can also increase user by directly inserting rows into the user table , but for safety reasons, it is generally not recommended . MySQL to table (and table mode, etc.) to store user account information is extremely important to destroy any of them could seriously harm the MySQL server. Thus, with respect to the direct process, it is best to deal with these markers and function tables

Fourth, to rename a user account (rename)

• You can use the following statement to rename a user account

rename user old_anme to new_name;

update update

• rename is out after MySQL 5 and MySQL 5 and before the update can now be used to directly update the user table, but is not recommended

V. delete user accounts

• You can use the following statement to delete a user account (and related rights)

drop user user_name;

Before MySQL 5

• Before MySQL 5 drop user statement can only delete user accounts, you can not delete the relevant permissions, so you need to use MySQL delete revoke privileges associated with the account, and then use the drop user statement to remove the account before May
• MySQL drop user statement after 5 delete user accounts and permissions

Sixth, access rights management (grant, revoke)

• The newly created user account does not have access, it can only log in MySQL, do not see any lack of data, can not perform any database

View user account permissions (show grant)

show grants for root;

• Here is the view root user permissions of

• The following example is to look at a newly created authority has not been assigned permissions information called "bforta" users
  • Where "USAGE ON *. *" Indicates that no permission of USAGE

 

Add user permissions (grant)

• You can use the grant statement to set permissions to users. grant requires you to give at least the following information:
  • To grant permissions
  • It has been granted permission database or table
  • username
• For example, the following user to grant the crashcourse bforta database select permission (read only)

grant select on crashcourse.* to bforta;

Remove user privileges (revoke)

• revoke used to remove the user's permissions (note: there must be revoked privileges, or an error occurs)
• For example, following the removal bforta user database on crashcourse select permissions

revoke select on crashcourse.* from bforta;

• grant and revoke access privileges can be controlled at several levels on the following:
  • The entire server, use grant all and revoke all
  • The entire database, use on database. *
  • Specific table, use on databases.table
  • Specific columns
  • Specific stored procedures
• Each permission can be granted and revoked as follows:

Future authorization

• When using the grant and revoke, user accounts must exist, but the database or table indicated may not exist, which allows administrators to design and implement a security error before creating databases and tables
• Side effect of this is: When a database or table is deleted (with a drop statement), relating to access still exist. And, if in the future to re-create the database or table, these rights still exist

Simplify multiple authorization

• Can be separated by a comma and listed by an authority, the plurality of strings with a grant statement, as shown below, to select and insert simultaneously permissions given to the user bforta:

grant select,insert on crashcourse.* to bforta;

Seven, change passwords

• You can use the set command to change the user's password, the new password must use the password () function encrypt
• The following are changes to the specified user (bforta) Password:

set password for bforta=Password('n3w p@$$w0rd');

• You can also change the current user's password:

set password=Password('n3w p@$$w0rd');