碼上快樂

相關內容    簡體    繁體

MySQL的授權

本文轉載自   查看原文   2020-07-04 21:31   502    MySQL:

grant 授權

            什么是用戶授權:在數據庫服務器上添加新的連接用戶,並設置權限和密碼。
           

             為什么要用授權:如果沒有授權用戶,那么只能有root用戶在本機登陸數據庫,其它用戶無法登陸。
                                        沒有授權時,其它主機也無法訪問數據庫。

 

             指令格式:

                          mysql> grant  權限列表  on  庫名  to  用戶名@"客戶端地址"  identified by "密碼" ;

                         權限列表:

 

                                      all       所有權限
                                      usage  只能連接上數據庫,沒有任何權限
                                      select,update,inseret ...    個別權限,這個權限對所有字段有效
                                      select,update(字段1,字段2...)   只能對指定的字段有相應的權                     

                         庫名:
                                      *.*              所有庫所有表
                                     庫名.*         一個庫
                                     庫名.表名   一張表

                        用戶名:
                                      授權時可以自定義,要有標識性,容易記,可以名中看出用途存儲在mysql庫的user表里

                        客戶端地址:
                                      % 表示互聯網上的所有主機0
                                      192.168.4.% 網段內的所有主機
                                      192.168.4.1 1台主機
                                       localhost 數據庫服務器本機

授權舉例1: 添加admin用戶,允許從192.168.4.0/24網段連接,對db3庫的user表有查詢權限,密碼為123456 mysql> grant  select on db3.user to admin@"192.168.4.%" identified by "123456"; 
 授權舉例2: 添加admin2,允許從本機連接,允許以db3庫的所有表有 查詢,更新,插入刪除記錄權限,密碼為123456 mysql> grant select ,insert,update,delete on db3.* to admin2@"localhost" identified by "123456";

 

授權庫

 

grant授權的信息是保存在授權庫中的,mysql庫記錄了授權信息,主要的表如下:
                     user                 記錄已有的授權用戶及權限
                     db                    記錄已有授權用戶對數據庫的訪問權限
                     tables_priv      記錄已有授權用戶對表的訪問權限
                     columns_priv  記錄已有授權用戶對字段的訪問權限

一 查看當前columns_priv,tables_priv,db,user表中的授權用戶

mysql> select user,host,db,table_name,column_name from mysql.columns_priv; Empty set (0.00 sec) #columns_priv表當前為空,說明當前數據庫沒有真對某些字段的授權 
  mysql> select user,host,db,table_name from mysql.tables_priv; +-----------+-----------+-----+------------+ #tables_priv表中只有系統默認的授權用戶msyql.sys
| user      | host      | db  | table_name |
+-----------+-----------+-----+------------+
| mysql.sys | localhost | sys | sys_config |
+-----------+-----------+-----+------------+ mysql> select user,host,db from mysql.db; +-----------+-----------+-----+ #db表中也是系統默認授權用戶mysql.sys
| user      | host      | db  |
+-----------+-----------+-----+
| mysql.sys | localhost | sys |
+-----------+-----------+-----+ mysql> select user,host  from mysql.user; +-----------+-----------+ #user表中有系統默認用戶mysql.sys和root
| user      | host      |
+-----------+-----------+
| mysql.sys | localhost |
| root      | localhost |
+-----------+-----------+ 
二 添加真對school.student表中“學號”,“姓名”,“性別”這三個字段的授權用戶col_user
 mysql> grant select,update(學號,姓名,性別),insert on school.student to col_user@'%' identified by "123456"; mysql>  select user,host,db,table_name,column_name from mysql.columns_priv;
 #在columns_priv表中查看授權用戶,每條記錄是一個授權字段 +----------+------+--------+------------+-------------+
| user     | host | db     | table_name | column_name |
+----------+------+--------+------------+-------------+
| col_user | %    | school | student    | 姓名        |
| col_user | %    | school | student    | 學號        |
| col_user | %    | school | student    | 性別        |
+----------+------+--------+------------+-------------+ mysql> select user,host,db,table_name from mysql.tables_priv; +-----------+-----------+--------+------------+ #在tables_priv表中也可以看到該用戶對school.student表有訪問權限
| user      | host      | db     | table_name | #具體權限需要用show grants查看
+-----------+-----------+--------+------------+
| col_user  | %         | school | student    |
| mysql.sys | localhost | sys    | sys_config |
+-----------+-----------+--------+------------+

mysql> show grants for col_user@'%';                 #通過show grants查看col_user對school.student的具體權限
+-----------------------------------------------------------------------------------------------+
| Grants for col_user@%                                                                         |
+-----------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'col_user'@'%'                                                          |
| GRANT SELECT, INSERT, UPDATE (性別, 學號, 姓名) ON `school`.`student` TO 'col_user'@'%'         |
+-----------------------------------------------------------------------------------------------+

mysql> select user,host,db from mysql.db; +-----------+-----------+-----+ #db表中看不到該用戶
| user      | host      | db  |
+-----------+-----------+-----+
| mysql.sys | localhost | sys |
+-----------+-----------+-----+ mysql> select user,host  from mysql.user; +-----------+-----------+ #在user表中可以看到該用戶
| user      | host      |
+-----------+-----------+
| col_user  | %         |
| mysql.sys | localhost |
| root      | localhost |
+-----------+-----------+ mysql> 

三 添加授權用戶tab_user1,tab_user2對表school.teacher,school.student的訪問權限
 mysql> grant all on school.teacher to tab_user1@'%' identified by "123456"; mysql> grant select on school.student to tab_user2@'%' identified by "123456"; mysql>  select user,host,db,table_name,column_name from mysql.columns_priv;
 #colunm_priv表中授權記錄的用戶沒有變化 +----------+------+--------+------------+-------------+
| user     | host | db     | table_name | column_name |
+----------+------+--------+------------+-------------+
| col_user | %    | school | student    | 姓名         |
| col_user | %    | school | student    | 學號         |
| col_user | %    | school | student    | 性別         |
+----------+------+--------+------------+-------------+ #tables_priv表中可以看到tab_user1,tab_user2用戶 mysql> select user,host,db,table_name from mysql.tables_priv; +-----------+-----------+--------+------------+
| user      | host      | db     | table_name |
+-----------+-----------+--------+------------+
| col_user  | %         | school | student    |
| tab_user1 | %         | school | teacher    |
| tab_user2 | %         | school | student    |
| mysql.sys | localhost | sys    | sys_config |
+-----------+-----------+--------+------------+ mysql> show grants for tab_user1@'%'; #通過show grants可以看出tab_user1,tab_user2的具體授權權限 +---------------------------------------------------------------+
| Grants for tab_user1@%                                        |
+---------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tab_user1'@'%'                         |
| GRANT ALL PRIVILEGES ON `school`.`teacher` TO 'tab_user1'@'%' |
+---------------------------------------------------------------+ mysql> show grants for tab_user2@'%'; +-------------------------------------------------------+
| Grants for tab_user2@%                                |
+-------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tab_user2'@'%'                 |
| GRANT SELECT ON `school`.`student` TO 'tab_user2'@'%' |
+-------------------------------------------------------+ mysql> select user,host,db from mysql.db; #db表中沒有變化 +-----------+-----------+-----+
| user      | host      | db  |
+-----------+-----------+-----+
| mysql.sys | localhost | sys |
+-----------+-----------+-----+ mysql> select user,host  from mysql.user; #user表中可以看到tab_user1,tab_user2 +-----------+-----------+
| user      | host      |
+-----------+-----------+
| col_user  | %         |
| tab_user1 | %         |
| tab_user2 | %         |
| mysql.sys | localhost |
| root      | localhost |
+-----------+-----------+ mysql> 

四 添加授權用戶db_user1,db_user2用戶對庫school,school2的訪問權限 
 mysql> grant all on school.* to db_user1@'%' identified by "123456"; mysql> grant select on school2.* to db_user2@'%' identified by "123456"; mysql> select user,host,db,table_name,column_name from mysql.columns_priv;
 #只要沒有對任意表中字段的授權,column_priv表不會有變化 +----------+------+--------+------------+-------------+
| user     | host | db     | table_name | column_name |
+----------+------+--------+------------+-------------+
| col_user | %    | school | student    | 姓名        |
| col_user | %    | school | student    | 學號        |
| col_user | %    | school | student    | 性別        |
+----------+------+--------+------------+-------------+ mysql> select user,host,db,table_name from mysql.tables_priv;
 #添加了真對庫的授權用戶,沒有對表的授權用戶所以db表中也不會變化 +-----------+-----------+--------+------------+
| user      | host      | db     | table_name |
+-----------+-----------+--------+------------+
| col_user  | %         | school | student    |
| tab_user1 | %         | school | teacher    |
| tab_user2 | %         | school | student    |
| mysql.sys | localhost | sys    | sys_config |
+-----------+-----------+--------+------------+ mysql> select user,host,db from mysql.db; #db表中可以看到添加的授權用戶 +-----------+-----------+---------+
| user      | host      | db      |
+-----------+-----------+---------+
| db_user1  | %         | school  |
| db_user2  | %         | school2 |
| mysql.sys | localhost | sys     |
+-----------+-----------+---------+ mysql> select user,host  from mysql.user; #只要添加了授權用戶user表中都會有記錄 +-----------+-----------+
| user      | host      |
+-----------+-----------+
| col_user  | %         |
| db_user1  | %         |
| db_user2  | %         |
| tab_user1 | %         |
| tab_user2 | %         |
| mysql.sys | localhost |
| root      | localhost |
+-----------+-----------+ mysql> 五 添加授權用戶user對所有庫和表有訪問權限 
 mysql> grant all on *.* to user@'%' identified by "123456"; mysql> select user,host,db,table_name,column_name from mysql.columns_priv; +----------+------+--------+------------+-------------+
| user     | host | db     | table_name | column_name |
+----------+------+--------+------------+-------------+
| col_user | %    | school | student    | 姓名         |
| col_user | %    | school | student    | 學號         |
| col_user | %    | school | student    | 性別         |
+----------+------+--------+------------+-------------+
3 rows in set (0.00 sec) mysql> select user,host,db,table_name from mysql.tables_priv; +-----------+-----------+--------+------------+
| user      | host      | db     | table_name |
+-----------+-----------+--------+------------+
| col_user  | %         | school | student    |
| tab_user1 | %         | school | teacher    |
| tab_user2 | %         | school | student    |
| mysql.sys | localhost | sys    | sys_config |
+-----------+-----------+--------+------------+
4 rows in set (0.01 sec) mysql> select user,host,db from mysql.db; +-----------+-----------+---------+
| user      | host      | db      |
+-----------+-----------+---------+
| db_user1  | %         | school  |
| db_user2  | %         | school2 |
| mysql.sys | localhost | sys     |
+-----------+-----------+---------+
3 rows in set (0.00 sec) mysql> select user,host  from mysql.user; #只有在user表中可以看到use_user +-----------+-----------+
| user      | host      |
+-----------+-----------+
| col_user  | %         |
| db_user1  | %         |
| db_user2  | %         |
| tab_user1 | %         |
| tab_user2 | %         |
| use_user  | %         |
| mysql.sys | localhost |
| root      | localhost |
+-----------+-----------+ mysql>

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 mysql授權 mysql授權 mysql授權grant mysql授權以及權限管理 MySQL用戶授權 mysql創建用戶並授權 MySQL用戶授權與權限 MySQl創建用戶和授權 MySQL 創建 用戶並授權 MySQL創建用戶和授權
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM