MySQL - 用戶及權(quán)限管理

$ mysql -u root -p
password:

mysql> create database test; # 創(chuàng)建數(shù)據(jù)庫
Query OK, 1 row affected (0.00 sec)

mysql> show databases; # 查看數(shù)據(jù)庫是否創(chuàng)建成功
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| test               |
+--------------------+
3 rows in set (0.00 sec)

mysql> grant all on test.* to user1@'%' identified by '123456' with grant option; # 創(chuàng)建特權(quán)管理用戶
Query OK, 0 rows affected (0.00 sec)

mysql> select user,host from mysql.user; # 查看用戶創(chuàng)建是否成功
+------------------+-----------+
| user             | host      |
+------------------+-----------+
| user1            | %         |
| root             | 127.0.0.1 |
| debian-sys-maint | localhost |
| root             | localhost |
| root             | server    |
+------------------+-----------+
5 rows in set (0.00 sec)

mysql> show grants for user1; # 查看用戶權(quán)限
+--------------------------------------------------------------------------------------------------+
| Grants for user1@%                                                                               |
+--------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user1'@'%' IDENTIFIED BY PASSWORD '*6BB...2CA2AD9'                        |
| GRANT ALL PRIVILEGES ON `test`.* TO 'user1'@'%' WITH GRANT OPTION                                |
+--------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
GRANT 語法:

GRANT privileges (columns)
    ON what
    TO user IDENTIFIED BY "password"
    WITH GRANT OPTION
權(quán)限列表: ALTER: 修改表和索引。 CREATE: 創(chuàng)建數(shù)據(jù)庫和表。 DELETE: 刪除表中已有的記錄。 DROP: 拋棄(刪除)數(shù)據(jù)庫和表。 INDEX: 創(chuàng)建或拋棄索引。 INSERT: 向表中插入新行。 REFERENCE: 未用。 SELECT: 檢索表中的記錄。 UPDATE: 修改現(xiàn)存表記錄。 FILE: 讀或?qū)懛��?wù)器上的文件。 PROCESS: 查看服務(wù)器中執(zhí)行的線程信息或殺死線程。 RELOAD: 重載授權(quán)表或清空日志、主機(jī)緩存或表緩存。 SHUTDOWN: 關(guān)閉服務(wù)器。 ALL: 所有權(quán)限，ALL PRIVILEGES同義詞。 USAGE: 特殊的 "無權(quán)限" 權(quán)限。用戶賬戶包括 "username" 和 "host" 兩部分，后者表示該用戶被允許從何地接入。user1@'%' 表示任何地址，默認(rèn)可以省略。還可以是 "user1@192.168.1.%"、"user1@%.abc.com" 等。數(shù)據(jù)庫格式為 db@table，可以是 "test.*" 或 "*.*"，前者表示 test 數(shù)據(jù)庫的所有表，后者表示所有數(shù)據(jù)庫的所有表。

子句 "WITH GRANT OPTION" 表示該用戶可以為其他用戶分配權(quán)限。

我們用 root 再創(chuàng)建幾個(gè)用戶，然后由 test 數(shù)據(jù)庫的管理員 user1 為他們分配權(quán)限。

mysql> create user user2 identified by '123456', user3 identified by 'abcd';
Query OK, 0 rows affected (0.00 sec)

mysql> select user, host from mysql.user;
+------------------+-----------+
| user             | host      |
+------------------+-----------+
| user1            | %         |
| user2            | %         |
| user3            | %         |
| root             | 127.0.0.1 |
| debian-sys-maint | localhost |
| root             | localhost |
| root             | server    |
+------------------+-----------+
7 rows in set (0.00 sec)
好了，我們退出改用 user1 登錄并針對(duì) test 數(shù)據(jù)庫進(jìn)行操作。

mysql> quit # 退出
Bye

$ mysql -u user1 -p123456 test # 使用新用戶登錄

mysql> select database(); # 確認(rèn)當(dāng)前工作數(shù)據(jù)庫
+------------+
| database() |
+------------+
| test       |
+------------+
1 row in set (0.00 sec)

mysql> select current_user(); # 確認(rèn)當(dāng)前工作賬戶
+----------------+
| current_user() |
+----------------+
| user1@%        |
+----------------+
1 row in set (0.00 sec)
繼續(xù)，創(chuàng)建一個(gè)數(shù)據(jù)表。

mysql> create table table1 # 創(chuàng)建表
    -> (
    ->    name varchar(50),
    ->    age integer
    -> );
Query OK, 0 rows affected (0.02 sec)

mysql> show tables; # 查看表是否創(chuàng)建成功
+----------------+
| Tables_in_test |
+----------------+
| table1         |
+----------------+
1 row in set (0.00 sec)

mysql> describe table1; # 查看表結(jié)構(gòu)
+-------+-------------+------+-----+---------+-------+
| Field | Type        | Null | Key | Default | Extra |
+-------+-------------+------+-----+---------+-------+
| name  | varchar(50) | YES  |     | NULL    |       |
| age   | int(11)     | YES  |     | NULL    |       |
+-------+-------------+------+-----+---------+-------+
2 rows in set (0.00 sec)

mysql> insert into table1 values('Tom', 20); # 插入記錄
Query OK, 1 row affected (0.00 sec)

mysql> select * from table1; # 查詢記錄
+------+------+
| name | age  |
+------+------+
| Tom  |   20 |
+------+------+
1 row in set (0.00 sec)
接下來我們?yōu)?user2, user3 分配權(quán)限。

mysql> grant select on test.* to user2; # 為 user2 分配 SELECT 權(quán)限。
Query OK, 0 rows affected (0.00 sec)

mysql> grant select on test.* to user3; # 為 user3 分配 SELECT 權(quán)限。
Query OK, 0 rows affected (0.00 sec)

mysql> grant insert, update on test.* to user2; # 再為 user2 增加 INSERT, UPDATE 權(quán)限。
Query OK, 0 rows affected (0.00 sec)
好了，我們退出，切換成 user2 操作看看。

$ mysql -u user2 -p123456

mysql> use test; # 切換工作數(shù)據(jù)庫
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

mysql> select database(); # 驗(yàn)證當(dāng)前工作數(shù)據(jù)庫
+------------+
| database() |
+------------+
| test       |
+------------+
1 row in set (0.00 sec)

mysql> select user(); # 驗(yàn)證當(dāng)前賬戶
+-----------------+
| user()          |
+-----------------+
| user2@localhost |
+-----------------+
1 row in set (0.00 sec)

mysql> show grants for user2; # 查看當(dāng)前用戶權(quán)限，顯然后來添加的 INSERT, UPDATE 被添加了。
+--------------------------------------------------------------------------------------------------+
| Grants for user2@%                                                                               |
+--------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user2'@'%' IDENTIFIED BY PASSWORD '*6BB837....2C9'                        |
| GRANT SELECT, INSERT, UPDATE ON `test`.* TO 'user2'@'%'                                          |
+--------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
進(jìn)行操作測(cè)試。

mysql> insert into table1 values("Jack", 21); # INSERT 操作成功
Query OK, 1 row affected (0.00 sec)

mysql> update table1 set age=22 where name='Jack'; # UPDATE 操作成功
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0

mysql> select * from table1; # SELECT 操作成功
+------+------+
| name | age  |
+------+------+
| Tom  |   20 |
| Jack |   22 |
+------+------+
2 rows in set (0.00 sec)

mysql> delete from table1 where age=22; # DELETE 操作無權(quán)限
ERROR 1142 (42000): DELETE command denied to user 'user2'@'localhost' for table 'table1'
我們切換回 user1 管理賬戶，移除 user2 的 UPDATE 權(quán)限看看。

$ mysql -u user1 -p123456 test

mysql> revoke update on test.* from user2; # 移除 UPDATE 權(quán)限
Query OK, 0 rows affected (0.00 sec)
再次切換回 user2。

$ mysql -u user2 -p123456 test

mysql> show grants for user2; # UPDATE 權(quán)限被移除
+--------------------------------------------------------------------------------------------------+
| Grants for user2@%                                                                               |
+--------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user2'@'%' IDENTIFIED BY PASSWORD '*6B...2AD9'                            |
| GRANT SELECT, INSERT ON `test`.* TO 'user2'@'%'                                                  |
+--------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> update table1 set age=23 where name='Jack'; # 不在擁有 UPDATE 權(quán)限
ERROR 1142 (42000): UPDATE command denied to user 'user2'@'localhost' for table 'table1'
好了，到此我們基本完成了創(chuàng)建用戶和分配權(quán)限的操作。接下來，我們回到 root 進(jìn)行修改用戶密碼和刪除用戶操作。

$ mysql -u root -p123456

mysql> set password for user3=password('abcabc'); # 修改用戶 user3 密碼
Query OK, 0 rows affected (0.00 sec)

mysql>flush privileges; # 刷新權(quán)限表(通常只在直接修改相關(guān)管理數(shù)據(jù)表后需要該操作)
Query OK, 0 rows affected (0.00 sec)

mysql> revoke all on *.* from user2; # 移除 user2 在所有數(shù)據(jù)庫上的權(quán)限
Query OK, 0 rows affected (0.00 sec)

mysql> drop user user2; # 刪除 user2 賬戶
Query OK, 0 rows affected (0.00 sec)

mysql> select user,host from mysql.user; # 驗(yàn)證刪除結(jié)果
+------------------+-----------+
| user             | host      |
+------------------+-----------+
| user1            | %         |
| user3            | %         |
| root             | 127.0.0.1 |
| debian-sys-maint | localhost |
| root             | localhost |
| root             | server    |
+------------------+-----------+
6 rows in set (0.00 sec)
用戶 user2 無法再次使用。

$ mysql -u user2 -p123456 test

ERROR 1045 (28000): Access denied for user 'user2'@'localhost' (using password: YES)
試試 user3。

$ mysql -u user3 -pabc test # 連接失�。∨�，對(duì)了，我們修改了密碼。
ERROR 1045 (28000): Access denied for user 'user3'@'localhost' (using password: YES)

$ mysql -u user3 -pabcabc test # 新密碼成功

mysql> select * from table1; # SELECT 操作成功
+------+------+
| name | age  |
+------+------+
| Tom  |   20 |
| Jack |   22 |
+------+------+
2 rows in set (0.00 sec)
要修改自己的密碼直接執(zhí)行 "set password = password('new_password');" 即可。

------- 摘要 --------------------------------------

創(chuàng)建用戶:
GRANT insert, update ON testdb.* TO user1@'%' IDENTIFIED BY 'password' WITH GRANT OPTION;
CREATE USER user2 IDENTIFIED BY 'password';
分配權(quán)限:
GRANT select ON testdb.* TO user2;
查看權(quán)限:
SHOW GRANTS FOR user1;
修改密碼:
SET PASSWORD FOR user1 = PASSWORD('newpwd');
SET PASSWORD = PASSWORD('newpwd');
移除權(quán)限:
REVOKE all ON *.* FROM user1;
刪除用戶:
DROP USER user1;
數(shù)據(jù)庫列表:
SHOW DATABASES;
數(shù)據(jù)表列表:
SHOW TABLES;
當(dāng)前數(shù)據(jù)庫:
SELECT DATABASE();
當(dāng)前用戶:
SELECT USER();
數(shù)據(jù)表結(jié)構(gòu):
DESCRIBE table1;
刷新權(quán)限:
FLUSH PRIVILEGES;

服務(wù)器租用/服務(wù)器托管中國五強(qiáng)！虛擬主機(jī)域名注冊(cè)頂級(jí)提供商！15年品質(zhì)保障！--億恩科技[ENKJ.COM]