1.create user
2.grant
3.revoke
4.drop
5.rename
6.show grants for
1.create user
账号的组成方式:用户名+主机 用户名:16字符以内 主机名:可以用主机名和IP地址,也可以用通配符:172.16.1.%
语法
mysql> help create user;
Name: 'CREATE USER'
Description:
Syntax:
CREATE USER [IF NOT EXISTS]
user [auth_option] [, user [auth_option]] ...
[REQUIRE {NONE | tls_option [[AND] tls_option] ...}]
[WITH resource_option [resource_option] ...]
[password_option | lock_option] ...
user:
(see )
auth_option: {
IDENTIFIED BY 'auth_string'
| IDENTIFIED WITH auth_plugin
| IDENTIFIED WITH auth_plugin BY 'auth_string'
| IDENTIFIED WITH auth_plugin AS 'auth_string'
| IDENTIFIED BY PASSWORD 'auth_string'
}
tls_option: {
SSL
| X509
| CIPHER 'cipher'
| ISSUER 'issuer'
| SUBJECT 'subject'
}
resource_option: {
MAX_QUERIES_PER_HOUR count
| MAX_UPDATES_PER_HOUR count
| MAX_CONNECTIONS_PER_HOUR count
| MAX_USER_CONNECTIONS count
}
password_option: {
PASSWORD EXPIRE
| PASSWORD EXPIRE DEFAULT
| PASSWORD EXPIRE NEVER
| PASSWORD EXPIRE INTERVAL N DAY
}
lock_option: {
ACCOUNT LOCK
| ACCOUNT UNLOCK
}
举例
CREATE USER jss001@'192.168.%.%' IDENTIFIED BY "jss001";
CREATE USER jss001@localhost IDENTIFIED BY "jss001"; -- localhost与具体的主机不一定密码相同
CREATE USER jss002@'%' IDENTIFIED BY "jss002";
CREATE USER jss003@'%';-- 需要后期再授权
SELECT HOST,USER FROM mysql.user;
2.grant
语法
mysql> help grant;
Name: 'GRANT'
Description:
Syntax:
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user [auth_option] [, user [auth_option]] ...
[REQUIRE {NONE | tls_option [[AND] tls_option] ...}]
[WITH {GRANT OPTION | resource_option} ...]
GRANT PROXY ON user
TO user [, user] ...
[WITH GRANT OPTION]
object_type: {
TABLE
| FUNCTION
| PROCEDURE
}
priv_level: {
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
| db_name.routine_name
}
user:
(see https://dev.mysql.com/doc/refman/5.7/en/account-names.html)
auth_option: {
IDENTIFIED BY 'auth_string'
| IDENTIFIED WITH auth_plugin
| IDENTIFIED WITH auth_plugin BY 'auth_string'
| IDENTIFIED WITH auth_plugin AS 'auth_string'
| IDENTIFIED BY PASSWORD 'auth_string'
}
tls_option: {
SSL
| X509
| CIPHER 'cipher'
| ISSUER 'issuer'
| SUBJECT 'subject'
}
resource_option: {
| MAX_QUERIES_PER_HOUR count
| MAX_UPDATES_PER_HOUR count
| MAX_CONNECTIONS_PER_HOUR count
| MAX_USER_CONNECTIONS count
}
举例
-- 所有权限授权
GRANT ALL PRIVILEGES ON *.* TO 'jss001'@'localhost' WITH GRANT OPTION;
mysql> show grants for 'jss001'@localhost;
+-----------------------------------------------------------------------+
| Grants for jss001@localhost |
+-----------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'jss001'@'localhost' WITH GRANT OPTION |
+-----------------------------------------------------------------------+
GRANT ALL PRIVILEGES ON jssdb001.* TO 'jss001'@'localhost' IDENTIFIED BY 'jss001'; --授权某个库
GRANT ALL PRIVILEGES ON jssdb001.`jss_t1` TO 'jss001'@'localhost' ; --授权某个表
GRANT ALL PRIVILEGES ON jssdb001.`jss_t1`.`name` TO --授权某个列 'jss001'@'localhost' ;
SHOW GRANTS FOR jssdb001'jss001';
FLUSH PRIVILEGES; --刷新权限
-- 一般用户授权
GRANT INSERT,UPDATE,SELECT,DELETE ON jssdb001.`jss_t1` TO 'jss001'@'%';
GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,ALTER,DROP ON jssdb001.* TO jss001@'%';
GRANT REFERENCES ON jssdb001.* TO jss001@'%'; -- 外键的权限
GRANT CREATE TEMPORARY TABLES ON jssdb001.* TO jss001@'%'; -- 临时表的权限
GRANT INDEX ON jssdb001.* TO jss001@'%'; -- 索引
GRANT CREATE VIEW,SHOW VIEW ON jssdb001.* TO jss001@'%'; -- 视图
GRANT CREATE ROUTINE,ALTER ROUTINE ON jssdb001.* TO jss001@'%'; -- 存储过程
GRANT EVENT,TRIGGER ON jssdb001.* TO jss001@'%'; -- 事件,触发器
GRANT LOCK TABLES ON jssdb001.* TO jss001@'%'; -- 锁表
GRANT EXECUTE ON PROCEDURE proc_name TO jss001@'%';
GRANT EXECUTE ON FUNCTION func_name TO jss001@'%';
3.revoke
语法
mysql> help revoke;
Name: 'REVOKE'
Description:
Syntax:
REVOKE
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
FROM user [, user] ...
REVOKE ALL [PRIVILEGES], GRANT OPTION
FROM user [, user] ...
REVOKE PROXY ON user
FROM user [, user] ...
举例
REVOKE ALL PRIVILEGES ON *.* FROM'jss001'@'localhost' WITH GRANT OPTION;
REVOKE INSERT,UPDATE,SELECT,DELETE ON jssdb001.`jss_t1` FROM 'jss001'@'%';
4.drop
mysql> SELECT HOST,USER FROM mysql.user;
+-------------+---------------+
| HOST | USER |
+-------------+---------------+
| % | jss002 |
| % | jss003 |
| % | root |
| 192.168.%.% | jss001 |
| localhost | jss001 |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+-------------+---------------+
-- 举例
mysql> drop user jss001@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> drop user jss001@'192.168.%.%';
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT HOST,USER FROM mysql.user;
+-----------+---------------+
| HOST | USER |
+-----------+---------------+
| % | jss002 |
| % | jss003 |
| % | root |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+-----------+---------------+
5.rename
--重命名用户
mysql> rename user jss002@'%' to jss0022@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> SELECT HOST,USER FROM mysql.user;
+-----------+---------------+
| HOST | USER |
+-----------+---------------+
| % | jss0022 |
| % | jss003 |
| % | root |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+-----------+---------------+
6.show grants for
mysql> grant insert,update,delete,select,create,alter,drop on *.* to jss0022@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for jss0022@'%';
+-----------------------------------------------------------------------------------+
| Grants for jss0022@% |
+-----------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER ON *.* TO 'jss0022'@'%' |
+-----------------------------------------------------------------------------------+
1 row in set (0.00 sec)
文章转载自数据库BOSS,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
