mysql8的賬戶和權限管理
賬戶
登錄
mysql -h host -u user -p[password] -P 3306 dbname -e “...”
#-p直接加密碼不能空格,可不直接加密碼
#-h 不寫默認localhost
#-P端口,dbname數據庫名可最后指定
# -e登錄后執行-e后的語句並退出
創建用戶
可使用 create user、grant語句或操作授權表創建新用戶
#create user 創建的用戶無任何權限
CREATE USER 'u1'@'localhost' IDENTIFIED BY 'xxx';
CREATE USER 'u1'@'%' IDENTIFIED BY 'xxx';
mysql8移除password()獲取哈希值,可使用md5() sha()
select MD5("a");
CREATE USER 'u1'@'%' IDENTIFIED BY MD5 '...'
CREATE USER 'u4'@'%' IDENTIFIED WITH mysql_native_password BY 'aaa';
mysql8不支持直接用grant直接創建用戶,grant只能修改用戶
直接操作user表
查看用戶
SELECT DISTINCT CONCAT('User: ''',user,'''@''',host,''';') AS query FROM mysql.user;
SELECT User, Host FROM mysql.user;
刪除用戶
刪除用戶前應收回用戶所有權限
drop user 'u1'@'localhost';
#不會自動刪除用戶創建的數據庫和對象
# drop無法刪除權限較高的用戶?未解決
delete from mysql.user where host='%' and user='u5';
#delete可以刪除權限較高的用戶
更改root用戶密碼
use admin; ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '新密碼';
使用mysqladmin修改
./mysqladmin -u root -p password "xxx"
使用set命令修改
set password="a_123456";
修改user表
root密碼丟失
win登錄
mysqld --skip-grant-tables
mysqld-nt --skip-grant-tables
linux登錄
mysqld_safe --skip-grant-tables user=xxx
mysql start-mysqld --skip-grant-tables
登錄成功后使用update或mysqladmin重置密碼
更改普通用戶密碼
set password for 'test3'@'%' ="abcabc123";
# 權限較高的用戶無法修改
使用update
update mysql.user set password=password("xxx") where user='test03' and host='%';
#mysql8 移除password表頭和password函數
使用grant
grant usage on *.* to 'test3'@'%' IDENTIFIED by "xxx";
# 報錯,
普通用戶修改密碼
set password="xxx";
賬戶權限
查看權限
總共五層權限
1查看用戶全局權限
SELECT * FROM mysql.user WHERE user='u1'\G
2查看用戶對庫的權限
SELECT * FROM mysql.db WHERE user='u1'\G
3查看用戶對表的權限
SELECT * FROM mysql.mysql.tables_priv
4查看用戶對列的權限
SELECT * FROM mysql.mysql.columns_priv
5查看用戶程序權限
SELECT * FROM mysql.mysql.
常用查看方法
show grants for 'u1'@'%';
#查看設置語句
查看自己權限
show grants;
收回權限
取消用戶所有權限
revoke all privileges ,grant option from 'u1'@'%';
取消部分權限
revoke update on *.* from 'u1'@'%'
設置權限
語法
grant 權限 ON db.table TO 'user'@'host'
權限說明
privileges 權限指定符權限允許的操作
alter 修改表和索引
create 創建數據庫和表
delete 刪除表中已有的記錄
drop 拋棄(刪除)數據庫和表
index 創建或拋棄索引
insert 向表中插入新行
reference 未用
select 檢索表中的記錄
update 修改現存表記錄
file 讀或寫服務器上的文件
process 查看服務器中執行的線程信息或殺死線程
reload 重載授權表或清空日志、主機緩存或表緩存。
shutdown 關閉服務器
all 所有;
all privileges同義詞
usage 特殊的“無權限”權限
設置全局權限
grant select,insert on *.* to test@'%'
grant all privileges on *.* to 'user1'@'%';
GRANT ALL PRIVILEGES ON *.* TO ‘root’@’127.0.0.1’ WITH GRANT OPTION;
設置庫權限
grant select,insert on db1.* to test@'%'
針對表設置權限
grant all privilegeson MyDB.kkk to test@'%'
針對列設置權限
grant select(id,num) on db1.ta1 to dba@localhost;
#對id,num列設置權限 ,用戶將只能操作這兩列
程序級權限
grant execute on procedure MyDB.PRC_TEST to test@'%'
grant execute on procedure testdb.pr_add to ‘dba’@'localhost’
grant execute on function testdb.fn_add to ‘dba’@'localhost’
設置讀寫權限
grant SELECT,UPDATE on db01.table01 to 'user1'@'%';
grant select,insert,update,delete on student.* to test2@192.168.2.2 identified by “123456″;
其他權限
如果想讓授權的用戶,也可以將這些權限 grant 給其他用戶,需要選項 “grant option“
grant 創建、修改、刪除 MySQL 數據表結構權限。
grant create on testdb.* to user01@’192.168.0.%’;
grant alter on testdb.* to user01@’192.168.0.%’;
grant drop on testdb.* to user01@’192.168.0.%’;
grant 操作 MySQL 外鍵權限。
grant references on testdb.* to user01@’192.168.0.%’;
grant 操作 MySQL 臨時表權限。
grant create temporary tables on testdb.* to user01@’192.168.0.%’;
grant 操作 MySQL 索引權限。
grant index on testdb.* to user01@’192.168.0.%’;
grant 操作 MySQL 視圖、查看視圖源代碼 權限。
grant create view on testdb.* to user01@’192.168.0.%’;
grant show view on testdb.* to user01@’192.168.0.%’;
grant 操作 MySQL 存儲過程、函數 權限。
grant create routine on testdb.* to user01@’192.168.0.%’; — now, can show procedure status
grant alter routine on testdb.* to user01@’192.168.0.%’; — now, you can drop a procedure
grant execute on testdb.* to user01@’192.168.0.%’;
刷新,權限才生效
flush privileges;
root用戶權限
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES,
SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE,
ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`%` WITH GRANT OPTION
GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,
ENCRYPTION_KEY_ADMIN,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,INNODB_REDO_LOG_ENABLE,PERSIST_RO_VARIABLES_ADMIN,
REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,
SESSION_VARIABLES_ADMIN,SET_USER_ID,SHOW_ROUTINE,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `root`@`%` WITH GRANT OPTION
mysqlpump權限
grant lock tables,reload,process,replication client,super,select,event,trigger,show view on power.* to 'u1'@'%';
grant reload,process,replication client,super,select,event,trigger,show view on *.* to 'u1'@'%';
#不給鎖權限也行
grant lock tables,reload,process,replication client,super,select,event on *.* to 'u1'@'%';
#也能備份,但是有報錯