1.用户
1.1 用户信息
MySQL中的用户,都存储在系统数据库mysql的user表中
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | |
| localhost | mysql.session | |
| localhost | mysql.sys | |
+-----------+---------------+-------------------------------------------+
3 rows in set (0.00 sec)
user是个表结构
字段解释:
- host: 表示这个用户可以从哪个主机登陆,如果是localhost,表示只能从本机登陆
- user: 用户名
- authentication_string: 用户密码通过password函数加密后的
- *_priv: 用户拥有的权限
1.2 创建用户
语法:
create user '用户名'@'登陆主机/ip' identified by '密码';案例:
mysql> create user 'dgz'@'localhost' identified by '123456';
ERROR 1290 (HY000): The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement
# 如果出现上面问题可以先刷新一下
mysql> flush privileges;
Query OK, 0 rows affected (0.01 sec)mysql> create user 'dgz'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *03CDB52F58482A55A757B2FDFA03F1A14EDA5D99 |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | dgz | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)
1.3 删除用户
语法:
drop user '用户名'@'主机名案例:
mysql> drop user 'dgz'@'localhost';
Query OK, 0 rows affected (0.00 sec)mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *03CDB52F58482A55A757B2FDFA03F1A14EDA5D99 |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-------------------------------------------+
3 rows in set (0.00 sec)
1.4 修改用户密码
语法:
自己改自己密码
set password=password('新的密码');
root用户修改指定用户的密码
set password for '用户名'@'主机名'=password('新的密码');直接修改mysql库中的user表
mysql> update user set authentication_string=password('222222') where user='dgz';
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1 Changed: 1 Warnings: 1mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *03CDB52F58482A55A757B2FDFA03F1A14EDA5D99 |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | dgz | *A0C1808B1A47CECD5C161FEE647F5427F4EB6F98 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)
mysql> set password for 'dgz'@'localhost'=password('111111');
Query OK, 0 rows affected, 1 warning (0.00 sec)mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *03CDB52F58482A55A757B2FDFA03F1A14EDA5D99 |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | dgz | *FD571203974BA9AFE270FE62151AE967ECA5E0AA |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)
2.数据库的权限
MySQL数据库提供的权限列表:
2.1 给用户权限
刚创建的用户没有任何权限。需要给用户授权。
语法:
grant 权限列表 on 库.对象名 to '用户名'@'登陆位置' [identified by '密码']说明:
- 权限列表,多个权限用逗号分开
grant select on ... grant select, delete, create on .... grant all [privileges] on ... -- 表示赋予该用户在该对象上的所有权限 - *.* : 代表本系统中的所有数据库的所有对象(表,视图,存储过程等)
- 库.* : 表示某个数据库中的所有数据对象(表,视图,存储过程等)
- identified by可选。 如果用户存在,赋予权限的同时修改密码,如果该用户不存在,就是创建用户
[root@VM-8-2-centos ~]# mysql -udgz -p
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)# dgz用户看不到其他数据库# root端开通权限
mysql> grant all on test3.* to 'dgz'@'localhost';
Query OK, 0 rows affected (0.00 sec)
也可以只开通单个权限,如果只想让用户查看,那么可以只开通select权限
mysql> grant select test3.* to 'dgz'@'localhost';特定用户现有查看权限
mysql> show grants for 'dgz'@'localhost';
+--------------------------------------------------------+
| Grants for dgz@localhost |
+--------------------------------------------------------+
| GRANT USAGE ON *.* TO 'dgz'@'localhost' |
| GRANT ALL PRIVILEGES ON `test3`.* TO 'dgz'@'localhost' |
+--------------------------------------------------------+
2 rows in set (0.00 sec)
注意:如果发现赋权限后,没有生效,执行如下指令:
flush privileges;2.2 回收权限
语法:
revoke 权限列表 on 库.对象名 from '用户名'@'登陆位置';示例:
mysql> revoke all on test3.* from 'dgz'@'localhost';
Query OK, 0 rows affected (0.00 sec)mysql> show grants for 'dgz'@'localhost';
+-----------------------------------------+
| Grants for dgz@localhost |
+-----------------------------------------+
| GRANT USAGE ON *.* TO 'dgz'@'localhost' |
+-----------------------------------------+
1 row in set (0.00 sec)
用户dgz查看不到test3库了
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
)
