1.創建test1用戶
select password('test1');
+-------------------------------------------+ | password('test1') | +-------------------------------------------+ | *06C0BF5B64ECE2F648B5F048A71903906BA08E5C | +-------------------------------------------+
create user 'test1'@'localhost' identified by password '*06C0BF5B64ECE2F648B5F048A71903906BA08E5C';
這里create user中密碼使用普通字符串時,則不需要password關鍵字,當使用password()函數加密之后的字符串時,則需要有password關鍵字
2.授權
grant select,create,delete on pmx.* to 'test1'@'localhost' with grant option;
grant后面可以不用設置密碼,因為在create user中已經設置好了。為數據庫pmx下的所有表授權,用戶的權限信息保存在mysql.db表中。
3.收回權限
revoke select,create,delete,grant option on pmx.* from 'test1'@'localhost';
或者
revoke all privileges,grant option from 'test1'@'localhost';
或者
revoke all privileges on pmx.* from 'test1'@'localhost'; revoke grant option on pmx.* from 'test1'@'localhost';
4. 授予什么權限就回收什么權限
4.1
grant select on *.* to 'test1'@'localhost' with grant option;
授予全局權限,權限信息保存在mysql.user表中
select * from mysql.user where user='test1'\G; *************************** 1. row *************************** Host: localhost User: test1 Password: *06C0BF5B64ECE2F648B5F048A71903906BA08E5C Select_priv: Y Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Reload_priv: N Shutdown_priv: N Process_priv: N File_priv: N Grant_priv: Y References_priv: N Index_priv: N Alter_priv: N Show_db_priv: N Super_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Execute_priv: N Repl_slave_priv: N Repl_client_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Create_user_priv: N Event_priv: N Trigger_priv: N Create_tablespace_priv: N ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 plugin: mysql_native_password authentication_string: password_expired: N 1 row in set (0.00 sec)
4.2
grant select on pmx.* to 'test1'@'localhost' with grant option;
授予數據庫權限,權限信息保存在mysql.db表中
select * from mysql.db\G; *************************** 1. row *************************** Host: localhost Db: pmx User: test1 Select_priv: Y Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Grant_priv: Y References_priv: N Index_priv: N Alter_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Execute_priv: N Event_priv: N Trigger_priv: N 1 rows in set (0.00 sec)
4.3
grant select on pmx.score to 'test1'@'localhost' with grant option;
授予某張表權限,權限信息保存在mysql.tables_priv表中
select * from mysql.tables_priv; +-----------+-----+-------+------------+----------------+---------------------+--------------+-------------+ | Host | Db | User | Table_name | Grantor | Timestamp | Table_priv | Column_priv | +-----------+-----+-------+------------+----------------+---------------------+--------------+-------------+ | localhost | pmx | test1 | score | root@localhost | 0000-00-00 00:00:00 | Select,Grant | | +-----------+-----+-------+------------+----------------+---------------------+--------------+-------------+
4.4
grant select(grade) on pmx.score to 'test1'@'localhost' with grant option;
授予某個字段的權限,權限信息保存在mysql.columns_priv表中
select * from mysql.columns_priv; +-----------+-----+-------+------------+-------------+---------------------+-------------+ | Host | Db | User | Table_name | Column_name | Timestamp | Column_priv | +-----------+-----+-------+------------+-------------+---------------------+-------------+ | localhost | pmx | test1 | score | grade | 0000-00-00 00:00:00 | Select | +-----------+-----+-------+------------+-------------+---------------------+-------------+
當使用
revoke all privileges on *.* from 'test1'@'localhost';
回收的只是全局的權限,test1用戶其他的權限,比如對pmx數據庫的權限,對score表的權限,對某個字段的權限仍然持有。 所以為了回收用戶的所有權限,使用
revoke all privileges,grant option from 'test1'@'localhost';
這是條固定語法,all privileges和grant option必須都有