MySQL 数据库用户和权限管理

MySQL 数据库用户和权限管理

技能目标

  • 掌握MySQL 用户管理
  • 添加管理用户
  • 修改密码及忘记密码修改

用户授权

数据库是信息系统中非常重要的环节,合理高效的对它进行管理是很重要的工作。通常是由拥有最高权限的管理员创建不同的管理账户,然后分配不同的操作权限,把这些账户交给相应的管理人员使用

用户管理

1: 新建用户

新建用户的命令格式如下
CREATE USER ‘username‘@‘host‘ [IDENTIFIED BY [PASSWORD]‘password‘] #大写是固定格式大括弧是一个整体再写命令的时候没有
  • username 将创建的用户名
  • host 指定用户允许那些主机终端可以登录,可以是IP地址、网段、指定本地用户localhost、如果让该用户可以从任意远程主机登录可以用通配符%
  • password 设置登录的密码
下面是MySQL安装之后创建的用户密码,在数据库中显示的密码是以密文的形式保存的大大的增强了安全性
mysql> select User,authentication_string,Host from user;
+-----------+-------------------------------------------+-----------+
| User      | authentication_string                     | Host      |
+-----------+-------------------------------------------+-----------+
| root      | *0DB339632B48910F8F0BEF61BD7EAD4441267E6E | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |
+-----------+-------------------------------------------+-----------+
2 rows in set (0.01 sec)
创建新用户
mysql> create user ‘accp‘@‘localhost‘ identified by ‘123123‘;
Query OK, 0 rows affected (0.01 sec)
mysql> select User,authentication_string,Host from user;
+-----------+-------------------------------------------+-----------+
| User      | authentication_string                     | Host      |
+-----------+-------------------------------------------+-----------+
| root      | *0DB339632B48910F8F0BEF61BD7EAD4441267E6E | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |
| accp      | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 | localhost |
+-----------+-------------------------------------------+-----------+
3 rows in set (0.00 sec)
删除用户命令格式如下
DROP USER ‘username‘@‘host‘
mysql> drop user ‘accp‘@‘localhost‘; #删除accp
Query OK, 0 rows affected (0.00 sec)

mysql> select User,authentication_string,Host from user;
+-----------+-------------------------------------------+-----------+
| User      | authentication_string                     | Host      |
+-----------+-------------------------------------------+-----------+
| root      | *0DB339632B48910F8F0BEF61BD7EAD4441267E6E | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |
| bent      | *437F1809645E0A92DAB553503D2FE21DB91270FD | localhost |
+-----------+-------------------------------------------+-----------+
3 rows in set (0.00 sec)

用户重命名,格式如下

RENAME USER ‘old_user‘@‘host‘ TO ‘new_user‘ @ ‘host‘
mysql> select User,authentication_string,Host from user;  #这边我们把bent重命名为accp
+-----------+-------------------------------------------+-----------+
| User      | authentication_string                     | Host      |
+-----------+-------------------------------------------+-----------+
| root      | *0DB339632B48910F8F0BEF61BD7EAD4441267E6E | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |
| bent      | *437F1809645E0A92DAB553503D2FE21DB91270FD | localhost |
+-----------+-------------------------------------------+-----------+
3 rows in set (0.00 sec)
mysql> rename user ‘bent‘@‘localhost‘ to ‘accp‘@‘localhost‘ ;
Query OK, 0 rows affected (0.00 sec)

mysql> select User,authentication_string,Host from user;
+-----------+-------------------------------------------+-----------+
| User      | authentication_string                     | Host      |
+-----------+-------------------------------------------+-----------+
| root      | *0DB339632B48910F8F0BEF61BD7EAD4441267E6E | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |
| accp      | *437F1809645E0A92DAB553503D2FE21DB91270FD | localhost |
+-----------+-------------------------------------------+-----------+
3 rows in set (0.00 sec)

给用户设置密码

1:给当前用户设置密码
SET PASSWORD=PASSWORD(‘password‘)
mysql> select User,authentication_string,Host from user;
+-----------+-------------------------------------------+-----------+
| User      | authentication_string                     | Host      |
+-----------+-------------------------------------------+-----------+
| root      | *0DB339632B48910F8F0BEF61BD7EAD4441267E6E | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |
| accp      | *437F1809645E0A92DAB553503D2FE21DB91270FD | localhost |
+-----------+-------------------------------------------+-----------+
3 rows in set (0.00 sec)

mysql> set password=password(‘123123‘); #当前用户是root我把root用户密码改为了"123123"与上面的root密码对比一下秘闻的区别
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> select User,authentication_string,Host from user;
+-----------+-------------------------------------------+-----------+
| User      | authentication_string                     | Host      |
+-----------+-------------------------------------------+-----------+
| root      | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |
| accp      | *437F1809645E0A92DAB553503D2FE21DB91270FD | localhost |
+-----------+-------------------------------------------+-----------+
3 rows in set (0.00 sec)
2:使用超级管理员root修改其他用户密码,格式如下
SET PASSWORD FOR ‘username‘@‘host‘=PASSWORD(‘password‘);
mysql> select User,authentication_string,Host from user;
+-----------+-------------------------------------------+-----------+
| User      | authentication_string                     | Host      |
+-----------+-------------------------------------------+-----------+
| root      | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |
| accp      | *437F1809645E0A92DAB553503D2FE21DB91270FD | localhost |
+-----------+-------------------------------------------+-----------+
3 rows in set (0.00 sec)
mysql> set password for ‘accp‘@‘localhost‘=password(‘951116‘); #同样对比一下密文密码的区别
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> select User,authentication_string,Host from user;
+-----------+-------------------------------------------+-----------+
| User      | authentication_string                     | Host      |
+-----------+-------------------------------------------+-----------+
| root      | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |
| accp      | *0DB339632B48910F8F0BEF61BD7EAD4441267E6E | localhost |
+-----------+-------------------------------------------+-----------+
3 rows in set (0.00 sec)
忘记root密码解决方法
[[email protected] ~] systemctl stop mysqld.service  #关闭服务
[[email protected] ~] netstat -ntap | grep 3306 #查看端口有没有关闭
[[email protected] ~] mysql --skip-grant-tables #会出现以下代码不要去动它重新开一个终端
2018-06-28T02:16:16.399381Z 0 [Note]   - ‘::‘ resolves to ‘::‘;
2018-06-28T02:16:16.399402Z 0 [Note] Server socket created on IP: ‘::‘.
2018-06-28T02:16:16.400217Z 0 [Note] InnoDB: Loading buffer pool(s) from /usr/local/mysql/data/ib_buffer_pool
2018-06-28T02:16:16.401959Z 0 [Note] InnoDB: Buffer pool(s) load completed at 180628 10:16:16
2018-06-28T02:16:16.410638Z 0 [Note] Executing ‘SELECT * FROM INFORMATION_SCHEMA.TABLES;‘ to get a list of tables using the deprecated partition engine. You may use the startup option ‘--disable-partition-engine-check‘ to skip this check.
2018-06-28T02:16:16.410661Z 0 [Note] Beginning of list of non-natively partitioned tables
2018-06-28T02:16:16.423678Z 0 [Note] End of list of non-natively partitioned tables
2018-06-28T02:16:16.423748Z 0 [Note] mysqld: ready for connections.
Version: ‘5.7.17‘  socket: ‘/usr/local/mysql/mysql.sock‘  port: 3306  Source distribution
[[email protected] ~] mysql -u root #直接这样登录跳过密码选项
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 3
Server version: 5.7.17 Source distribution

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.

mysql>
登入进去后改用户密码
mysql> update mysql.user set authentication_string=password(‘123123‘)where user=‘root‘; #修改root密码
Query OK, 1 row affected, 1 warning (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 1
mysql> flush privileges; #刷新数据库
Query OK, 0 rows affected (0.01 sec)
[[email protected] ~]# mysql -u root -p123123
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 5
Server version: 5.7.17 Source distribution

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.

授权控制

再MySQL中,权限设置非常重要,分配权限可以清晰的划分责任。管理人员只需要关注完成自己的任务即可,最重要的是保证系统数据的安全

1:授予权限

(1):权限控制主要出于安全因素,需要遵循以下原则
1):只授予能满足需要的最小权限,防止误操作和做坏事
2):创建用户的时候限制用户的登录主机,一般限制指定IP或者内网IP网段
3):初始化数据库时删除没有密码的用户,MySQL安装完成是会自动创建没有密码的用户
4):为每个用户设置满足要求的密码
5):定期清理不需要的用户
(2):授予权限使用GRANT命令,命令格式如下
GRANT 权限列表 ON 库名.表明 TO 用户@主机地址[IDENTIFIED BY‘密码‘]
命令个是很明确,是指定用户允许它操作某些表,对这些表拥有相应的操作权限
下面演示GRANT的使用方法
mysql> grant select on ×××表.×××信息 to ‘accp‘@‘localhost‘ identified by ‘123123‘;
Query OK, 0 rows affected, 1 warning (0.00 sec)
上面命令的意思是使用户accp可以在主机localhost登录,连接密码是123123,它拥有对数据库(×××表.×××信息)的select权限
登录accp用户验证以下
[[email protected] ~]# mysql -u accp -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.7.17 Source distribution

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement.

mysql> insert into imployee_英航客户表.×××信息 values (2,‘张三‘,‘广州珠海‘,‘18888888‘);
ERROR 1142 (42000): INSERT command denied to user ‘accp‘@‘localhost‘ for table ‘×××信息‘
上图显示select语句可以正常使用,但执行insert语句是没有足够权限
当当用户和主机名在列表中不存在时,用户和主机名会被自动创建,如果限制用户密码与原用密码不同时会自动覆盖原密码
mysql> select User,authentication_string,Host from user;
+-----------+-------------------------------------------+-----------+
| User      | authentication_string                     | Host      |
+-----------+-------------------------------------------+-----------+
| root      | *0DB339632B48910F8F0BEF61BD7EAD4441267E6E | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |
| accp      | *0DB339632B48910F8F0BEF61BD7EAD4441267E6E | localhost |
+-----------+-------------------------------------------+-----------+
3 rows in set (0.00 sec)
#用户列表中只有三个用户此时,做一个用户列表中不存在用户权限
mysql> grant select on ×××表.×××信息 to ‘benet‘@‘localhost‘ identified by ‘1223123‘;
Query OK, 0 rows affected, 1 warning (0.01 sec)

mysql> select User,authentication_string,Host from user;
+-----------+-------------------------------------------+-----------+
| User      | authentication_string                     | Host      |
+-----------+-------------------------------------------+-----------+
| root      | *0DB339632B48910F8F0BEF61BD7EAD4441267E6E | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | localhost |
| benet     | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 | localhost |
| accp      | *0DB339632B48910F8F0BEF61BD7EAD4441267E6E | localhost |
+-----------+-------------------------------------------+-----------+
4 rows in set (0.00 sec)
#上面自动创建了benet用户登陆密码为‘123123’
下面设置benet用户限制原密码为123123,我把限制密码改以新密码‘321321’然后看一下用原密码能不能登录
mysql> grant insert on ×××表.×××信息 to ‘benet‘@‘localhost‘ identified by ‘3221321‘;
Query OK, 0 rows affected, 1 warning (0.00 sec)
[[email protected] ~]# mysql -u benet -p123123
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user ‘benet‘@‘localhost‘ (using password: YES)
#提示你输入正确的登陆密码
查看用户权限
SHOW GRANTS FOR ‘username‘@‘主机地址‘
mysql> show grants for ‘accp‘@‘localhost‘;
+------------------------------------------------------------------------------+
| Grants for [email protected]                                                    |
+------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘accp‘@‘localhost‘                                     |
| GRANT SELECT ON "×××表"."×××信息" TO ‘accp‘@‘localhost‘            |
+------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
撤销用户权限
REVOKE 权限列表 ON 数据库名.表名 FROM 用户@主机地址
mysql> revoke select on ×××表.×××信息 from ‘accp‘@‘localhost‘;
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for ‘accp‘@‘localhost‘;
+------------------------------------------+
| Grants for [email protected]                |
+------------------------------------------+
| GRANT USAGE ON *.* TO ‘accp‘@‘localhost‘ |
+------------------------------------------+
1 row in set (0.00 sec)
撤销用户所有权限
REVOKE ALL ON 数据库名.表名 FROM 用户@主机地址

原文地址:http://blog.51cto.com/13645280/2133603

时间: 2024-10-26 23:05:55

MySQL 数据库用户和权限管理的相关文章

MySQL之用户和权限管理

MySQL权限管理 权限类别: 管理类 程序类 数据库级别 表级别 字段级别 MySQL用户和权限管理 管理类: CREATE TEMPORARY TABLES CREATE USER FILE SUPER SHOW DATABASES RELOAD SHUTDOWN REPLICATION SLAVE REPLICATION CLIENT LOCK TABLES PROCESS 程序类: FUNCTION.PROCEDURE.TRIGGER CREATE ALTER DROP EXCUTE 库

Oracle数据库用户及权限管理_超越OCP精通Oracle视频课程培训08

课程目标 Oracle视频教程,风哥本套oracle教程培训学习用户的管理/创建/删除/修改,.权限与角色的创建与管理,密码策略180天过期的处理,数据库监控与备份权限的用户等的Oracle数据库用户的日常管理与维护. 适用人群 IT相关从业人员.Oracle数据库技术人员.想加工资的.想升职的都可以. 课程地址: http://edu.51cto.com/course/course_id-6472.html 课程简介 本课程介绍: Oracle视频教程,风哥本套oracle教程培训学习用户的管

Mysql新增用户,权限管理

MySQL 赋予用户权限命令的简单格式可概括为:grant 权限 on 数据库对象 to 用户 一.grant 普通数据用户,查询.插入.更新.删除 数据库中所有表数据的权利. grant select on testdb.* to [email protected]'%' grant insert on testdb.* to [email protected]'%' grant update on testdb.* to [email protected]'%' grant delete o

第八章| 2. MySQL数据库|数据操作| 权限管理

1.数据操作 SQL(结构化查询语言),可以操作关系型数据库 通过sql可以创建.修改账号并控制账号权限:  通过sql可以创建.修改数据库.表:  通过sql可以增删改查数据: 可以通过SQL语句中的DML语言来实现数据的操作,包括 使用INSERT实现数据的插入 UPDATE实现数据的更新 使用DELETE实现数据的删除 使用SELECT查询数据以及. 1.1数据的增删改查 插入数据INSERT 1. 插入完整数据(顺序插入) 语法一: INSERT INTO 表名(字段1,字段2,字段3-

数据库 之 MySQL用户和权限管理

1  概述 MySQL用户和权限管理 遵循最小权限授权法则,保证系统的安全性 本文主要讲解关于用户MySQL用户和权限管理的相关概念和操作 3  MySQL权限类别 库级别:对某些库拥有对应的权限 表级别:对某些表拥有相关权限 字段级别: 管理类:如super 程序类:如调用一个函数,或者执行一个函数 管理类: CREATE USER:创建用户账号 RELOAD:重新载入 LOCK TABLES:锁定表 REPLICATION CLIENT, REPLICATION SLAVE:复制功能 SHU

第15章 mysql 用户、权限管理

2015-10-24 目录 参考资料 [1] 唐汉明.深入浅出MySQL 数据库开发.优化与管理维护(第2版)[M].北京:人民邮电出版社,2014 [2] Schwartz.高性能MySQL(第3版)[M].北京:电子工业出版社,2013 [3] 范德兰斯.MySQL开发者SQL权威指南 [M].北京:机械工业出版社,2008 [4] Forta.MySQL必知必会 [M].北京:人民邮电出版社,2009 [5] Chapter 6 Security [6] 5.7. MySQL访问权限系统

MySQL 用户与权限管理

MySQL权限系统的主要功能是证实连接到一台给定主机的用户,而且赋予该用户在数据库上的相关DML,DQL权限.MySQL存取控制包括2个阶段,一是server检查是否同意你连接:二是假定你能连接,server检查你发出的每一个请求.看你是否有足够的权限实施它. 本文主要描写叙述MySQL权限系统相关的用户创建.授权.撤销权限等等. 1.获取有关权限管理的帮助 [email protected][(none)]> help Account Management For more informati

mysql 用户和权限管理

1.用户连接到 mysql,并作各种查询,对用户权你是谁限的检查1.对于 mysql 你有没有权限连接上来,必须满足下面三个参数:1.你从哪里来?:host 2.你是谁? :user 1.新增一个用户: 命令格式:grant [权限1,权限2,权限3] on *.* to [email protected] identified by password 2.查看一个用户的权限:select * from user where user=root \G; 3.回收权限:revoke [权限] on

MySQL用户和权限管理

MySQL用户权限表 MySQL的认证是“用户”加“主机”而权限是访问资源对象,MySQL服务器通过权限表来控制用户对数据库的访问,权限表存放在mysql数据库中,由mysql_install_db脚本初始化.存储账户权限信息表主要有:user,db,tables_priv,columns_priv,procs_priv这五张表(5.6之前还有host表,现在已经把host内容整合进user表),五张表其含义分别是: user表 user表时MySQL中最重要的一个权限表,记录允许连接到服务器的