利州区住房和城乡建设部网站百度网盘客户端
欢迎拜访:雾里看山-CSDN博客
本篇主题:【MySQL】用户管理和权限
发布时间:2025.3.12
隶属专栏:MySQL
目录
- 引言
- 用户
- 用户信息
- 创建用户
- 语法
- 案例
- 修改用户密码
- 语法
- 案例
- 删除用户
- 语法
- 案例
- 权限
- 权限列表
- 查看和刷新用户的权限
- 给用户授权
- 语法
- 案例
- 回收权限
- 语法
- 示例
引言
如果我们只能使用root用户,这样存在安全隐患。在多用户协同开发时,很容易因为新手的误操作,给数据库带来严重的安全问题。这时,就需要使用MySQL的用户管理。
用户
用户信息
MySQL中的用户,都存储在系统数据库mysql的user表中
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| bit_index |
| database1 |
| index_db |
| mysql |
| performance_schema |
| scott |
| sys |
| test |
| test_db |
| user_db |
+--------------------+
11 rows in set (0.00 sec)mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -ADatabase changed
mysql> show tables;
+---------------------------+
| Tables_in_mysql |
+---------------------------+
| columns_priv |
| db |
| engine_cost |
| event |
| func |
| general_log |
| gtid_executed |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| innodb_index_stats |
| innodb_table_stats |
| ndb_binlog_index |
| plugin |
| proc |
| procs_priv |
| proxies_priv |
| server_cost |
| servers |
| slave_master_info |
| slave_relay_log_info |
| slave_worker_info |
| slow_log |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
| user |
+---------------------------+
31 rows in set (0.00 sec)mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-------------------------------------------+
3 rows in set (0.01 sec)
字段解释:
host: 表示这个用户可以从哪个主机登陆,如果是localhost,表示只能从本机登陆user: 用户名authentication_string: 用户密码通过password函数加密后的*_priv: 用户拥有的权限
我们还可以通过select * from user \G查看每个用户的具体信息。
mysql> select * from user \G
*************************** 1. row ***************************Host: localhostUser: rootSelect_priv: YInsert_priv: YUpdate_priv: YDelete_priv: YCreate_priv: YDrop_priv: YReload_priv: YShutdown_priv: YProcess_priv: YFile_priv: YGrant_priv: YReferences_priv: YIndex_priv: YAlter_priv: YShow_db_priv: YSuper_priv: YCreate_tmp_table_priv: YLock_tables_priv: YExecute_priv: YRepl_slave_priv: YRepl_client_priv: YCreate_view_priv: YShow_view_priv: YCreate_routine_priv: YAlter_routine_priv: YCreate_user_priv: YEvent_priv: YTrigger_priv: Y
Create_tablespace_priv: Yssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0max_updates: 0max_connections: 0max_user_connections: 0plugin: auth_socketauthentication_string: password_expired: Npassword_last_changed: 2025-01-20 12:21:54password_lifetime: NULLaccount_locked: N
*************************** 2. row ***************************Host: localhostUser: mysql.sessionSelect_priv: NInsert_priv: NUpdate_priv: NDelete_priv: NCreate_priv: NDrop_priv: NReload_priv: NShutdown_priv: NProcess_priv: NFile_priv: NGrant_priv: NReferences_priv: NIndex_priv: NAlter_priv: NShow_db_priv: NSuper_priv: YCreate_tmp_table_priv: NLock_tables_priv: NExecute_priv: NRepl_slave_priv: NRepl_client_priv: NCreate_view_priv: NShow_view_priv: NCreate_routine_priv: NAlter_routine_priv: NCreate_user_priv: NEvent_priv: NTrigger_priv: N
Create_tablespace_priv: Nssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0max_updates: 0max_connections: 0max_user_connections: 0plugin: mysql_native_passwordauthentication_string: *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHEREpassword_expired: Npassword_last_changed: 2025-01-20 12:21:54password_lifetime: NULLaccount_locked: Y
*************************** 3. row ***************************Host: localhostUser: mysql.sysSelect_priv: NInsert_priv: NUpdate_priv: NDelete_priv: NCreate_priv: NDrop_priv: NReload_priv: NShutdown_priv: NProcess_priv: NFile_priv: NGrant_priv: NReferences_priv: NIndex_priv: NAlter_priv: NShow_db_priv: NSuper_priv: NCreate_tmp_table_priv: NLock_tables_priv: NExecute_priv: NRepl_slave_priv: NRepl_client_priv: NCreate_view_priv: NShow_view_priv: NCreate_routine_priv: NAlter_routine_priv: NCreate_user_priv: NEvent_priv: NTrigger_priv: N
Create_tablespace_priv: Nssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0max_updates: 0max_connections: 0max_user_connections: 0plugin: mysql_native_passwordauthentication_string: *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHEREpassword_expired: Npassword_last_changed: 2025-01-20 12:21:54password_lifetime: NULLaccount_locked: Y
3 rows in set (0.00 sec)
创建用户
语法
create user '用户名'@'登陆主机/ip' identified by '密码';
如果登录主机被设置为%,则表示该用户可以在任何地方登陆user;
此设置方法需要谨慎使用
案例
mysql> create user 'wdd'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *999FD3326F738172CF3B546D7B69779554E9719E |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | wdd | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)
此时,我们便可以使用新账号新密码进行登录了,但是,此时新用户的权限病灭有被设置,所以大部分库都是看不到的。
wdd@VM-20-16-ubuntu:~/mysql$ mysql -u wdd -p;
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.7.29 MySQL Community Server (GPL)Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
修改用户密码
语法
自己改自己密码
set password=password('新的密码');
root用户修改指定用户的密码
set password for '用户名'@'主机名'=password('新的密码');
案例
自己修改自己的密码
mysql> set password=password('12321');
Query OK, 0 rows affected, 1 warning (0.00 sec)
root用户修改任意用户的密码
mysql> set password for 'wdd'@'localhost'=password('1234abcd');
Query OK, 0 rows affected, 1 warning (0.00 sec)mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *999FD3326F738172CF3B546D7B69779554E9719E |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | wdd | *A28D6A233B76FC581A8E711B8966883C91C97612 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)
删除用户
语法
drop user '用户名'@'主机名'
案例
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *999FD3326F738172CF3B546D7B69779554E9719E |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | wdd | *A28D6A233B76FC581A8E711B8966883C91C97612 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)mysql> drop user 'wdd'@'localhost';
Query OK, 0 rows affected (0.00 sec)mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *999FD3326F738172CF3B546D7B69779554E9719E |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-------------------------------------------+
3 rows in set (0.00 sec)
权限
权限列表
MySQL数据库提供的权限列表:
查看和刷新用户的权限
查看用户权限
mysql> show grants for 'wdd'@'localhost';
+-----------------------------------------------+
| Grants for wdd@localhost |
+-----------------------------------------------+
| GRANT USAGE ON *.* TO 'wdd'@'localhost' |
| GRANT SELECT ON `test`.* TO 'wdd'@'localhost' |
+-----------------------------------------------+
2 rows in set (0.00 sec)mysql> show grants for 'root'@'localhost';
+---------------------------------------------------------------------+
| Grants for root@localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
2 rows in set (0.01 sec)
如果发现赋权限后,没有生效,执行如下指令:
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
给用户授权
刚创建的用户没有任何权限。需要给用户授权。
语法
grant 权限列表 on 库.对象名 to '用户名'@'登陆位置' [identified by '密码']
说明:
- 权限列表,多个权限用逗号分开
grant select on ...
grant select, delete, create on ....
grant all [privileges] on ... -- 表示赋予该用户在该对象上的所有权限
*.*: 代表本系统中的所有数据库的所有对象(表,视图,存储过程等)库.*: 表示某个数据库中的所有数据对象(表,视图,存储过程等)identified by可选。 如果用户存在,赋予权限的同时修改密码,如果该用户不存在,就是创建用户。
案例
终端A:(使用root账号)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| bit_index |
| database1 |
| index_db |
| mysql |
| performance_schema |
| scott |
| sys |
| test |
| test_db |
| user_db |
+--------------------+
11 rows in set (0.00 sec)mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -ADatabase changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| msg |
| tmp |
+----------------+
2 rows in set (0.00 sec)mysql> grant select on test.* to 'wdd'@'localhost';
Query OK, 0 rows affected (0.00 sec)
终端B:(使用wdd账号)
--没有设置查看权限前
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
设置查看权限以后
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.00 sec)mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -ADatabase changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| msg |
| tmp |
+----------------+
2 rows in set (0.00 sec)
--可以查看
mysql> select * from tmp;
+----+------------+
| id | birthday |
+----+------------+
| 1 | 1990-02-24 |
| 2 | 1980-03-05 |
| 3 | 2025-02-18 |
+----+------------+
3 rows in set (0.00 sec)
--没有删除权限
mysql> delete from tmp;
ERROR 1142 (42000): DELETE command denied to user 'wdd'@'localhost' for table 'tmp'
回收权限
语法
revoke 权限列表 on 库.对象名 from '用户名'@'登陆位置';
示例
终端A:(root 账号)
mysql> revoke all on test.* from 'wdd'@'localhost';
Query OK, 0 rows affected (0.00 sec)
终端B:(wdd 账号)
-- 回收权限之前
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.00 sec)
--回收权限以后
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
⚠️ 写在最后:以上内容是我在学习以后得一些总结和概括,如有错误或者需要补充的地方欢迎各位大佬评论或者私信我交流!!!