1、定义用户:
用户名+主机域,密码(mysql的用户信息存放在mysql.user这张表中)可以查询该表
2、定义权限:
包括增删改查
3、权限范围:
*.* 所有数据库对象
world.* world单库下所有对象
world.test 单表级别
4、用户
repl@localhost
repl@'10.0.0.53'
repl@'10.0.0.%'
repl@'10.0.0.5%'
5、创建用户案例(创建一个具备增删改查的用户,他只能管理word表,密码为123)
grant select,insert、update、create on world.* to test@'10.0.0.%' identified by '123'
6、mysql密码忘记的情况
./mysql/bin/mysqld_safe --skip-grant-tables --skip-networking &
--skip-grant-tables ## 跳过授权表
--skip-networking ##跳过网络相关协议(只允许本地)
7、查看当前系统用户
mysql> select user,password from mysql.user;
+------+-------------------------------------------+
| user | password |
+------+-------------------------------------------+
| root | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| root | |
+------+-------------------------------------------+
2 rows in set (0.00 sec)
8、创建用户
CREATE USER '用户'@'主机' IDENTIFIED BY '密码';
create user 'web'@'localhost' identified by '123';
#只有连接权限
企业里创建用户一般是授权一个内网网段登录,最常见的网段写法有两种。
方法1:172.16.1.%(%为通配符,匹配所有内容)。方法2:172.16.1.0/255.255.255.0,但是不能使用172.16.1.0/24,是个小遗憾。
标准的建用户方法:
create user 'web'@'172.16.1.%' identified by 'web123';
9、查看用户
mysql> show grants for web@'172.16.1.%';
+-------------------------------------------------------------------------------------------------------------+
| Grants for web@172.16.1.% |
+-------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'web'@'172.16.1.%' IDENTIFIED BY PASSWORD '*67138D0908E294A380CA501A1F1A48898426B13B' |
+-------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
10、删除用户
drop user 'user'@'主机域'
mysql> drop user web@'172.16.1.%';
Query OK, 0 rows affected (0.00 sec)
mysql> select user,host from mysql.user;
+------+-----------+
| user | host |
+------+-----------+
| root | 127.0.0.1 |
| root | localhost |
+------+-----------+
2 rows in set (0.00 sec)
11、给用户授权
create user 'oldboy'@'localhost' identified by 'oldboy123';
select user,host from mysql.user;
GRANT ALL ON *.* TO 'oldboy'@'localhost';
SHOW GRANTS FOR 'oldboy'@'localhost'G
12、创建用户的同时授权
GRANT ALL ON *.* TO 'web'@'localhost';
13、授权最高的权限但不能管理其他用户
grant all on *.* to system@'localhost' identified by 'girl123' with grant option;
14、收回权限
REVOKE INSERT ON *.* FROM test@localhost;
15、可以授权的用户权限
INSERT,SELECT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, RIGGER, CREATE TABLESPACE
16、工作中一般的授权:
grant select,insert,update,delete,create,drop on blog.* to 'blog'@'172.16.1.%' identified by 'blog123';
若数据库表格式固定只需要数据的修改,可收回部分权限
revoke create,drop on blog.* from 'blog'@'172.16.1.%';