zoukankan      html  css  js  c++  java
  • mysql用户和权限管理

    用户和权限管理

    Information about account privileges is stored in the user, db, host, tables_priv, columns_priv, and procs_priv tables in the mysql database.  The MySQL server reads the contents of these tables into memory when it starts and reloads them under the circumstances. Access-control decisions are based on the in-memory copies of the grant tables.

    user: Contains user accounts, global privileges, and other non-privilege columns.
    user: 用户帐号、全局权限、其他非权限字段

    db: Contains database-level privileges.
    db: 库级别权限

    host: Obsolete.
    host: 废弃

    tables_priv: Contains table-level privileges.
    表级别权限

    columns_priv: Contains column-level privileges.
    列级别权限

    procs_priv: Contains stored procedure and function privileges.
    存储过程和存储函数相关的权限

    proxies_priv: Contains proxy-user privileges.
    代理用户权限



    There are several distinctions between the way user names and passwords are used by MySQL and the way they are used by your operating system:

        User names, as used by MySQL for authentication purposes, have nothing to do with user names (login names) as used by Windows or Unix.
        MySQL user names can be up to 16 characters long.
        The server uses MySQL passwords stored in the user table to authenticate client connections using MySQL native authentication (against passwords stored in the mysql.user table).
        MySQL encrypts passwords stored in the user table using its own algorithm. This encryption is the same as that implemented by the PASSWORD() SQL function but differs from that used during the Unix login process.
        It is possible to connect to the server regardless of character set settings if the user name and password contain only ASCII characters.

    用户帐号:
        用户名@主机
            用户名:16字符以内
            主机:
                主机名:www.magedu.com, mysql
                IP: 172.16.10.177
                网络地址:
                    172.16.0.0/255.255.0.0

                通配符:%,_
                    172.16.%.%
                    %.magedu.com

        --skip-name-resolve   略过名称(主机名)解析,提高用户连接的速度

    权限级别:
        全局级别: SUPER、
        库
        表: DELETE, ALTER, TRIGGER
        列: SELECT, INSERT, UPDATE
        存储过程和存储函数

    字段级别:


    临时表:内存表
        heap: 16MB

    触发器:主动数据库
        INSERT, DELETE, UPDATE
            user: log


    创建用户:
    CREATE USER username@host [IDENTIFIED BY 'password']

    GRANT 授权时用户不存在则创建新用户
    GRANT ALL PRIVILEGES ON [object_type] db.* TO username@'%';

     TABLE
      | FUNCTION
      | PROCEDURE

    GRANT EXECUTE ON FUNCTION db.abc TO username@'%';


    创建用户:不会自动读取授权表
    INSERT INTO mysql.user
    mysql> FLUSH PRIVILEGES;

    查看用户相关的授权信息:
    SHOW GRANTS FOR 'username@host';


     GRANT OPTION
      | MAX_QUERIES_PER_HOUR count
      | MAX_UPDATES_PER_HOUR count
      | MAX_CONNECTIONS_PER_HOUR count
      | MAX_USER_CONNECTIONS count




    --skip-grant-tables  跳过授权表
    --skip-name-resolve  略过名称(主机名)解析,提高用户连接的速度
    --skip-networking    跳过网络,只能通过本机连接

    DROP USER 'username'@'host' 删除用户

    RENAME USER old_name TO new_name 重命名用户

    REVOKE 收回权限


    管理员密码忘记找回:
    启动mysqld_safe时传递两个参数:
        --skip-grant-tables
        --skip-networking 跳过网络,只能通过本机连接

        set password for 'root'@'localhost' IDENTIFIED by 'passed'  --此方法不行,因为跳过了授权表
        update user set password=password('passed') where USER = 'root'
        通过更新授权表方式直接修改其密码,而后移除此两个选项重启服务器。

  • 相关阅读:
    数据仓库建模方法初步
    金融行业信用评级主题和概念清单
    数据挖掘标准规范之CRISP-DM基础
    HBase与Zookeeper数据结构查询
    R语言数据挖掘相关包总结-转帖
    R语言学习路线图-转帖
    在IIS上部署Asp.Net Core 2.2.0
    [转]Winform打包工具SetupFactory 9 的使用
    SQLite带参数处理方法
    Web.Config中配置字符串含引号的处理
  • 原文地址:https://www.cnblogs.com/jjzd/p/5905931.html
Copyright © 2011-2022 走看看