MySQL的受权
grant 受权
什么是用户受权:在数据库服务器上添加新的链接用户,并设置权限和密码。
mysql
为何要用受权:若是没有受权用户,那么只能有root用户在本机登录数据库,其它用户没法登录。
没有受权时,其它主机也没法访问数据库。sql
指令格式:数据库
mysql> grant 权限列表 on 库名 to 用户名@"客户端地址" identified by "密码" ;服务器
权限列表:ide
all 全部权限
usage 只能链接上数据库,没有任何权限
select,update,inseret ... 个别权限,这个权限对全部字段有效
select,update(字段1,字段2...) 只能对指定的字段有相应的权 spa
库名:
*.* 全部库全部表
库名.* 一个库
库名.表名 一张表code
用户名:
受权时能够自定义,要有标识性,容易记,能够名中看出用途存储在mysql库的user表里blog
客户端地址:
% 表示互联网上的全部主机0
192.168.4.% 网段内的全部主机
192.168.4.1 1台主机
localhost 数据库服务器本机table
受权举例1: 添加admin用户,容许从192.168.4.0/24网段链接,对db3库的user表有查询权限,密码为123456 mysql> grant select on db3.user to admin@"192.168.4.%" identified by "123456";
受权举例2: 添加admin2,容许从本机链接,容许以db3库的全部表有 查询,更新,插入删除记录权限,密码为123456 mysql> grant select ,insert,update,delete on db3.* to admin2@"localhost" identified by "123456";
受权库class
grant受权的信息是保存在受权库中的,mysql库记录了受权信息,主要的表以下:
user 记录已有的受权用户及权限
db 记录已有受权用户对数据库的访问权限
tables_priv 记录已有受权用户对表的访问权限
columns_priv 记录已有受权用户对字段的访问权限
一 查看当前columns_priv,tables_priv,db,user表中的受权用户
mysql> select user,host,db,table_name,column_name from mysql.columns_priv; Empty set (0.00 sec) #columns_priv表当前为空,说明当前数据库没有真对某些字段的受权
mysql> select user,host,db,table_name from mysql.tables_priv; +-----------+-----------+-----+------------+ #tables_priv表中只有系统默认的受权用户msyql.sys
| user | host | db | table_name |
+-----------+-----------+-----+------------+
| mysql.sys | localhost | sys | sys_config |
+-----------+-----------+-----+------------+ mysql> select user,host,db from mysql.db; +-----------+-----------+-----+ #db表中也是系统默认受权用户mysql.sys
| user | host | db |
+-----------+-----------+-----+
| mysql.sys | localhost | sys |
+-----------+-----------+-----+ mysql> select user,host from mysql.user; +-----------+-----------+ #user表中有系统默认用户mysql.sys和root
| user | host |
+-----------+-----------+
| mysql.sys | localhost |
| root | localhost |
+-----------+-----------+
二 添加真对school.student表中“学号”,“姓名”,“性别”这三个字段的受权用户col_user
mysql> grant select,update(学号,姓名,性别),insert on school.student to col_user@'%' identified by "123456"; mysql> select user,host,db,table_name,column_name from mysql.columns_priv;
#在columns_priv表中查看受权用户,每条记录是一个受权字段 +----------+------+--------+------------+-------------+
| user | host | db | table_name | column_name |
+----------+------+--------+------------+-------------+
| col_user | % | school | student | 姓名 |
| col_user | % | school | student | 学号 |
| col_user | % | school | student | 性别 |
+----------+------+--------+------------+-------------+ mysql> select user,host,db,table_name from mysql.tables_priv; +-----------+-----------+--------+------------+ #在tables_priv表中也能够看到该用户对school.student表有访问权限
| user | host | db | table_name | #具体权限须要用show grants查看
+-----------+-----------+--------+------------+
| col_user | % | school | student |
| mysql.sys | localhost | sys | sys_config |
+-----------+-----------+--------+------------+
mysql> show grants for col_user@'%'; #经过show grants查看col_user对school.student的具体权限
+-----------------------------------------------------------------------------------------------+
| Grants for col_user@% |
+-----------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'col_user'@'%' |
| GRANT SELECT, INSERT, UPDATE (性别, 学号, 姓名) ON `school`.`student` TO 'col_user'@'%' |
+-----------------------------------------------------------------------------------------------+
mysql> select user,host,db from mysql.db; +-----------+-----------+-----+ #db表中看不到该用户
| user | host | db |
+-----------+-----------+-----+
| mysql.sys | localhost | sys |
+-----------+-----------+-----+ mysql> select user,host from mysql.user; +-----------+-----------+ #在user表中能够看到该用户
| user | host |
+-----------+-----------+
| col_user | % |
| mysql.sys | localhost |
| root | localhost |
+-----------+-----------+ mysql>
三 添加受权用户tab_user1,tab_user2对表school.teacher,school.student的访问权限
mysql> grant all on school.teacher to tab_user1@'%' identified by "123456"; mysql> grant select on school.student to tab_user2@'%' identified by "123456"; mysql> select user,host,db,table_name,column_name from mysql.columns_priv;
#colunm_priv表中受权记录的用户没有变化 +----------+------+--------+------------+-------------+
| user | host | db | table_name | column_name |
+----------+------+--------+------------+-------------+
| col_user | % | school | student | 姓名 |
| col_user | % | school | student | 学号 |
| col_user | % | school | student | 性别 |
+----------+------+--------+------------+-------------+ #tables_priv表中能够看到tab_user1,tab_user2用户 mysql> select user,host,db,table_name from mysql.tables_priv; +-----------+-----------+--------+------------+
| user | host | db | table_name |
+-----------+-----------+--------+------------+
| col_user | % | school | student |
| tab_user1 | % | school | teacher |
| tab_user2 | % | school | student |
| mysql.sys | localhost | sys | sys_config |
+-----------+-----------+--------+------------+ mysql> show grants for tab_user1@'%'; #经过show grants能够看出tab_user1,tab_user2的具体受权权限 +---------------------------------------------------------------+
| Grants for tab_user1@% |
+---------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tab_user1'@'%' |
| GRANT ALL PRIVILEGES ON `school`.`teacher` TO 'tab_user1'@'%' |
+---------------------------------------------------------------+ mysql> show grants for tab_user2@'%'; +-------------------------------------------------------+
| Grants for tab_user2@% |
+-------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tab_user2'@'%' |
| GRANT SELECT ON `school`.`student` TO 'tab_user2'@'%' |
+-------------------------------------------------------+ mysql> select user,host,db from mysql.db; #db表中没有变化 +-----------+-----------+-----+
| user | host | db |
+-----------+-----------+-----+
| mysql.sys | localhost | sys |
+-----------+-----------+-----+ mysql> select user,host from mysql.user; #user表中能够看到tab_user1,tab_user2 +-----------+-----------+
| user | host |
+-----------+-----------+
| col_user | % |
| tab_user1 | % |
| tab_user2 | % |
| mysql.sys | localhost |
| root | localhost |
+-----------+-----------+ mysql>
四 添加受权用户db_user1,db_user2用户对库school,school2的访问权限
mysql> grant all on school.* to db_user1@'%' identified by "123456"; mysql> grant select on school2.* to db_user2@'%' identified by "123456"; mysql> select user,host,db,table_name,column_name from mysql.columns_priv;
#只要没有对任意表中字段的受权,column_priv表不会有变化 +----------+------+--------+------------+-------------+
| user | host | db | table_name | column_name |
+----------+------+--------+------------+-------------+
| col_user | % | school | student | 姓名 |
| col_user | % | school | student | 学号 |
| col_user | % | school | student | 性别 |
+----------+------+--------+------------+-------------+ mysql> select user,host,db,table_name from mysql.tables_priv;
#添加了真对库的受权用户,没有对表的受权用户因此db表中也不会变化 +-----------+-----------+--------+------------+
| user | host | db | table_name |
+-----------+-----------+--------+------------+
| col_user | % | school | student |
| tab_user1 | % | school | teacher |
| tab_user2 | % | school | student |
| mysql.sys | localhost | sys | sys_config |
+-----------+-----------+--------+------------+ mysql> select user,host,db from mysql.db; #db表中能够看到添加的受权用户 +-----------+-----------+---------+
| user | host | db |
+-----------+-----------+---------+
| db_user1 | % | school |
| db_user2 | % | school2 |
| mysql.sys | localhost | sys |
+-----------+-----------+---------+ mysql> select user,host from mysql.user; #只要添加了受权用户user表中都会有记录 +-----------+-----------+
| user | host |
+-----------+-----------+
| col_user | % |
| db_user1 | % |
| db_user2 | % |
| tab_user1 | % |
| tab_user2 | % |
| mysql.sys | localhost |
| root | localhost |
+-----------+-----------+ mysql> 五 添加受权用户user对全部库和表有访问权限
mysql> grant all on *.* to user@'%' identified by "123456"; mysql> select user,host,db,table_name,column_name from mysql.columns_priv; +----------+------+--------+------------+-------------+
| user | host | db | table_name | column_name |
+----------+------+--------+------------+-------------+
| col_user | % | school | student | 姓名 |
| col_user | % | school | student | 学号 |
| col_user | % | school | student | 性别 |
+----------+------+--------+------------+-------------+
3 rows in set (0.00 sec) mysql> select user,host,db,table_name from mysql.tables_priv; +-----------+-----------+--------+------------+
| user | host | db | table_name |
+-----------+-----------+--------+------------+
| col_user | % | school | student |
| tab_user1 | % | school | teacher |
| tab_user2 | % | school | student |
| mysql.sys | localhost | sys | sys_config |
+-----------+-----------+--------+------------+
4 rows in set (0.01 sec) mysql> select user,host,db from mysql.db; +-----------+-----------+---------+
| user | host | db |
+-----------+-----------+---------+
| db_user1 | % | school |
| db_user2 | % | school2 |
| mysql.sys | localhost | sys |
+-----------+-----------+---------+
3 rows in set (0.00 sec) mysql> select user,host from mysql.user; #只有在user表中能够看到use_user +-----------+-----------+
| user | host |
+-----------+-----------+
| col_user | % |
| db_user1 | % |
| db_user2 | % |
| tab_user1 | % |
| tab_user2 | % |
| use_user | % |
| mysql.sys | localhost |
| root | localhost |
+-----------+-----------+ mysql>
- 1. mysql grant受权
- 2. DBA-mysql-受权
- 3. mysql受权
- 4. mysql受权grant
- 5. MySQL受权
- 6. mysql受权SQL
- 7. mysql受权与撤销受权
- 8. mysql受权 远程访问受权
- 9. mysql受权主机+受权用户
- 10. MySQL的用户受权
- 更多相关文章...
- • MySQL用户授权(GRANT) - MySQL教程
- • Rust 所有权 - RUST 教程
- • 漫谈MySQL的锁机制
- • 互联网组织的未来:剖析GitHub员工的任性之源
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. mysql grant受权
- 2. DBA-mysql-受权
- 3. mysql受权
- 4. mysql受权grant
- 5. MySQL受权
- 6. mysql受权SQL
- 7. mysql受权与撤销受权
- 8. mysql受权 远程访问受权
- 9. mysql受权主机+受权用户
- 10. MySQL的用户受权