zoukankan      html  css  js  c++  java
  • MySQL 8.0用户及安全管理

    用户的功能

    登录数据库
    管理数据库对象
    

    用户的组成

    用户名@'白名单'

    白名单:

    %
    10.0.0.10
    10.0.0.%
    10.0.0.5%
    10.0.0.0/255.255.254.0
    oldguo.com
    db01
    127.0.0.1
    localhost   ----> socket

    用户的管理

    创建用户

    sha2 : 8.0新的特性
    create user test@'localhost' identified by '123456';
    
    native: 兼容老版本
    create user test@'10.0.0.%' identified with mysql_native_password by '123456';
    mysql> select user,host,authentication_string,plugin from mysql.user where user='test';
    +------+-----------+------------------------------------------------------------------------+-----------------------+
    | user | host      | authentication_string                                                  | plugin                |
    +------+-----------+------------------------------------------------------------------------+-----------------------+
    | test | 10.0.0.%  | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9                              | mysql_native_password |
    | test | localhost | $A$005$N]i!&l5mc<]LLWHVU6M3YoRDkeSbKtTpDAary4WGFMtmapVJxyNwnd0 | caching_sha2_password |
    +------+-----------+------------------------------------------------------------------------+-----------------------+
    2 rows in set (0.01 sec)

    删除用户

    mysql> drop user test@'10.0.0.%';
    Query OK, 0 rows affected (0.00 sec)

    修改用户

    mysql> alter user test@'localhost' identified with mysql_native_password by '123';
    Query OK, 0 rows affected (0.00 sec)

    由于加密插件导致无法登录

    1. 主从复制
    2. 高可用
    3. 老版本开发工具
    mysql>  create user test1@'%' identified  by '123456';
    Query OK, 0 rows affected (0.00 sec)

    用户资源管理

    密码过期时间

    mysql> select @@default_password_lifetime;
    +-----------------------------+
    | @@default_password_lifetime |
    +-----------------------------+
    |                           0 |             默认:密码永不过期
    +-----------------------------+
    1 row in set (0.00 sec)

    设置密码时效

    # 设置密码有效期为180天
    mysql> SET PERSIST default_password_lifetime = 180; Query OK, 0 rows affected (0.00 sec) mysql> select @@default_password_lifetime; +-----------------------------+ | @@default_password_lifetime | +-----------------------------+ | 180 | +-----------------------------+ 1 row in set (0.00 sec)
    CREATE USER 'test'@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;
    ALTER USER test@'localhost' PASSWORD EXPIRE INTERVAL 90 DAY;
    CREATE USER 'test'@'localhost' PASSWORD EXPIRE NEVER;
    ALTER USER 'test'@'localhost' PASSWORD EXPIRE NEVER;

    密码重用

     默认随意重复使用

    password_history=6             # 6次之内不能重复使用此密码
    password_reuse_interval=365     # 365天之内不能重复使用此密码

    用户的锁定与解锁

    ALTER USER 'app_dev'@'localhost' ACCOUNT LOCK;
    ALTER USER 'app_dev'@'localhost' ACCOUNT UNLOCK;

    权限管理

    权限列表

    mysql> show privileges;
    常用权限:
    Alter                   
    Alter routine           
    Create                  
    Create routine          
    Create role             
    Create temporary tables 
    Create view             
    Create user             
    Delete                  
    Drop                    
    Drop role               
    Event                   
    Execute                 
    File                    
    Grant option            
    Index                   
    Insert                  
    Lock tables             
    Process                 
    Proxy                   
    References              
    Reload                  
    Replication client      
    Replication slave       
    Select                  
    Show databases          
    Show view               
    Shutdown                
    Super                   
    Trigger                 
    Create tablespace       
    Update                  

    授权

    8.0版本不能授权和设置密码一起写,多次授权同一用户是叠加权限而不是覆盖

    mysql> grant all on *.* to zh@'localhost';

    查看权限

    mysql> show grants for zh@'localhost' ;
    +----------------------------------------+
    | Grants for zh@localhost                |
    +----------------------------------------+
    | GRANT USAGE ON *.* TO `zh`@`localhost` |         ##Usage表示只有连接库权限
    +----------------------------------------+
    1 row in set (0.00 sec)

    对某一列授权

     回收权限

    mysql> revoke delete on *.* from zh@'localhost';
    Query OK, 0 rows affected (0.01 sec)
    
    mysql> revoke select(id) on test.account from user1@'10.0.0.%';
    Query OK, 0 rows affected (0.00 sec)

    基于role的创建和授权

     查看所有role

    生产中的用户类型权限规范

    管理员 : ALL
    开发   : Create ,Create routine,Create temporary tables,Create view,Delete ,Event ,Execute,Insert ,References,Select,Show databases ,Show view ,Trigger,Update 
    监控  : select , replication slave , client  supper
    备份  : ALL
    主从  : replication slave 
    业务  : insert , update , delete ,select 
  • 相关阅读:
    DP实验
    Linux shell学习
    线性排序算法-计数排序
    算法笔试题练习
    堆排序
    node.js初识
    linux下vim命令详解
    html5学习笔记
    有趣的参数收集
    算法学习-归并排序
  • 原文地址:https://www.cnblogs.com/zh-dream/p/12945295.html
Copyright © 2011-2022 走看看