zoukankan      html  css  js  c++  java
  • MySQL 8.0权限认证(下)

    MySQL 8.0权限认证(下)
     
    一.设置MySQL用户资源限制
     
    通过设置全局变量max_user_connections可以限制所有用户在同一时间连接MySQL实例的数量,但此参数无法对每个用户区别对待,
    所以 MySQL提供了对每个用户的资源限制管理
    MAX_QUERIES_PER_HOUR:一个用户在一个小时内可以执行查询的次数(基本包含所有语句) MAX_UPDATES_PER_HOUR:一个用户在一个小时内可以执行修改的次数(仅包含修改数据库或表的语句) MAX_CONNECTIONS_PER_HOUR:一个用户在一个小时内可以连接 MySQL的时间
    MAX_USER_CONNECTIONS:一个用户可以在同一时间连接MySQL实例的数量
    从5.0.3版本开始,对用户'user'@'%.example.com'的资源限制是指所有 通过example.com域名主机连接user用户的连接,而不是分别指从 host1.example.com和host2.example.com主机过来的连接
     
    通过执行create user/alter user设置/修改用户的资源限制
    mysql> CREATE USER 'francis'@'localhost' IDENTIFIED BY 'frank'
        -> WITH MAX_QUERIES_PER_HOUR 20
    	-> MAX_UPDATES_PER_HOUR 10
    	-> MAX_CONNECTIONS_PER_HOUR 5
    	-> MAX_USER_CONNECTIONS 2;
    mysql> ALTER USER 'francis'@'localhost' WITH MAX_QUERIES_PER_HOUR 100;
    取消某项资源限制既是把原先的值修改成0
    mysql> ALTER USER 'francis'@'localhost' WITH MAX_CONNECTIONS_PER_HOUR 0;
    当针对某个用户的max_user_connections非0时,则忽略全局系统参数 max_user_connections,反之则全局系统参数生效
     
    二.设置MySQL用户的密码
     
    执行create user创建用户和密码
    mysql> CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
     
    修改用户密码的方式包括:
    mysql> ALTER USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
    mysql> SET PASSWORD FOR 'jeffrey'@'localhost' = PASSWORD('mypass');
    mysql> GRANT USAGE ON *.* TO 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
    shell> mysqladmin -u user_name -h host_name password "new_password"
     
    修改本身用户密码的方式包括:
    mysql> ALTER USER USER() IDENTIFIED BY 'mypass';
    mysql> SET PASSWORD = PASSWORD('mypass');
     
    三.设置MySQL用户密码过期策略
     
    设置系统参数default_password_lifetime作用于所有的用户账户
    default_password_lifetime=180 设置180天过期 
    default_password_lifetime=0 设置密码不过期 
    如果为每个用户设置了密码过期策略,则会覆盖上述系统参数
    ALTER USER 'jeffrey'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;
    ALTER USER 'jeffrey'@'localhost' PASSWORD EXPIRE NEVER; 密码不过期 
    ALTER USER 'jeffrey'@'localhost' PASSWORD EXPIRE DEFAULT; 默认过期策略 
    手动强制某个用户密码过期
    ALTER USER 'jeffrey'@'localhost' PASSWORD EXPIRE;
    mysql> SELECT 1;
    ERROR 1820 (HY000): You must SET PASSWORD before executing this statement 
    mysql> ALTER USER USER() IDENTIFIED BY 'new_password';
    Query OK, 0 rows affected (0.01 sec)
     
    四.角色(role)和用户(user)
     
    role是8.0的新特性 NEW!
    role可以看做一个权限的集合,这个集合有一个统一的名字role名。可以给多个账户统一的某个role的权限权限的修改直接通过修改role来实现,不需要每个账户一个一个的grant权限,方便运维和管理。role可以创建、删除、修改并作用到他管理的账户上。
     
    mysql> create role app_readonly;
    Query OK, 0 rows affected (0.09 sec)
    #创建一个role叫app_readonly只读
     
    mysql> create user app1@localhost identified by 'mysql';
    Query OK, 0 rows affected (0.01 sec)
    #创建一个用户app1
     
    mysql> grant select on *.* to app_readonly;
    Query OK, 0 rows affected (0.02 sec)
    #给app_readonly这个角色一个select权限
     
    mysql> grant app_readonly to app1@localhost;
    Query OK, 0 rows affected (0.10 sec)
    #把用户和角色绑定
     
    mysql> show grants for app1@localhost;
    +------------------------------------------------+
    | Grants for app1@localhost                      |
    +------------------------------------------------+
    | GRANT USAGE ON *.* TO `app1`@`localhost`       |
    | GRANT `app_readonly`@`%` TO `app1`@`localhost` |
    +------------------------------------------------+
    #查询用户的权限
     
    mysql> show grants for app1@localhost using app_readonly;
    +------------------------------------------------+
    | Grants for app1@localhost                      |
    +------------------------------------------------+
    | GRANT SELECT ON *.* TO `app1`@`localhost`      |
    | GRANT `app_readonly`@`%` TO `app1`@`localhost` |
    +------------------------------------------------+
    2 rows in set (0.00 sec)
    #查询用户的权限
     
    mysql> create role app_readwrite;
    Query OK, 0 rows affected (0.04 sec)
     
    mysql> create user app2@localhost identified by 'mysql';
    Query OK, 0 rows affected (0.04 sec)
     
    mysql> grant select,insert,delete,update on *.* to app_readwrite;
    Query OK, 0 rows affected (0.10 sec)
     
    mysql> grant app_readwrite to app2@localhost;
    Query OK, 0 rows affected (0.07 sec)
     
    mysql> show grants for app2@localhost;
    +-------------------------------------------------+
    | Grants for app2@localhost                       |
    +-------------------------------------------------+
    | GRANT USAGE ON *.* TO `app2`@`localhost`        |
    | GRANT `app_readwrite`@`%` TO `app2`@`localhost` |
    +-------------------------------------------------+
    2 rows in set (0.00 sec)
     
    mysql> show grants for app2@localhost using app_readwrite;
    +-------------------------------------------------------------------+
    | Grants for app2@localhost                                         |
    +-------------------------------------------------------------------+
    | GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO `app2`@`localhost` |
    | GRANT `app_readwrite`@`%` TO `app2`@`localhost`                   |
    +-------------------------------------------------------------------+
    2 rows in set (0.00 sec)
     
    mysql> revoke app_readonly from app1@localhost;
    Query OK, 0 rows affected (0.10 sec)
    #解除绑定关系
     
    mysql> show grants for app1@localhost using app_readonly;
    ERROR 3530 (HY000): `app_readonly`@`%` is not granted to `app1`@`localhost`
     
    mysql> show grants for app1@localhost;
    +------------------------------------------+
    | Grants for app1@localhost                |
    +------------------------------------------+
    | GRANT USAGE ON *.* TO `app1`@`localhost` |
    +------------------------------------------+
     
     
  • 相关阅读:
    90个常用词根,30个前缀30个后缀
    七、图形与图像处理(1)
    解决Android SDK下载和更新失败的方法(Win系统) 和离线安装
    IT技术网站汇总
    css padding和margin的百分比
    div无法跟随内容的增加而拉伸
    html元素被隐藏在后面
    cron 执行php文件
    cron 编辑器修改
    Eclipse PHP 代码无法自动提示函数
  • 原文地址:https://www.cnblogs.com/xuewenlong/p/12882064.html
Copyright © 2011-2022 走看看