MySQL/MariaDB用户账户管理

用户账户管理:

'Username'@'Hostname'
    Username:任意的字符串组合,只能包含基本意义的字符;可以包含"_"、"."、"-";
    Hostname:可以为FQDN(完全合格域名),域名,IP地址,可使用MySQL通配符"_"代表任意单个字符"%"代表任意多个任意字符;

        创建用户账户:
            CREATE USER语句:
            CREATE USER user [IDENTIFIED BY [PASSWORD] 'password' | IDENTIFIED WITH auth_plugin [AS 'auth_string']]
            示例:
                MariaDB [mysql]> create user 'testuser'@'%';
                MariaDB [mysql]> create user 'testuser'@'%' identified by 'qhdlink';
            也可以使用DML语句创建用户账户:
                INSERT INTO mysql.user SET User='testuser',Host='%',Password=PASSWORD('qhdlink');
                示例:
                    MariaDB [mysql]> insert into user set User='user1',Host='%',Password=PASSWORD('qhdlink'),ssl_cipher='',x509_issuer='',x509_subject='',authentication_string='';

        重命名用户账户:
            RENAME USER语句:
            RENAME USER old_user TO new_user [, old_user TO new_user] ...
            示例:
                MariaDB [mysql]> rename user 'testuser'@'%' to 'test'@'172.16.%.%';
            也可以使用DML语句重命名用户账户:
                示例:
                    MariaDB [mysql]> update user set User='user01',Host='172.16.75.%' where User='user1';

        删除用户账户:
            DROP USER语句:
            DROP USER user [, user] ...
            示例:
                MariaDB [mysql]> drop user 'test'@'172.16.%.%';
            也可以使用DML语句删除用户账户:
                示例:
                    MariaDB [mysql]> delete from user where User='user01';

        用户账户的密码管理:
            1.SET PASSWORD语句:
                SET PASSWORD [FOR user] = { PASSWORD('cleartext password') | OLD_PASSWORD('cleartext password') | 'encrypted password' }
                示例:
                    MariaDB [mysql]> set password for 'test'@'%' = PASSWORD('qhdlink');

            2.也可以使用DML语句修改用户账户密码:(向该数据库中插入一条数据)
                示例:
                    MariaDB [mysql]> update user set Password=PASSWORD('qhdlink.com') where User='test';

            3.mysqladmin工具:
                # mysqladmin -uUSERNAME -hHOSTNAME -p password 'NEW_PASSWORD'
                注意:执行此操作的MySQL用户需要对mysql.user表有修改权限;

        忘记MySQL管理员的密码的解决办法:
            方法一:
                1.停止当前的MySQL或MariaDB服务;
                2. 在/etc/my.cnf文件中加入下列两条服务器参数:
                    skip-grant-tables = ON
                    skip-networking = ON
                3.启动MySQL或MariaDB服务,使用mysql或mysqladmin客户端工具以空秘密的root用户登录,进行root用户的密码修改;
                4.从/etc/my.cnf中删除上述两条服务器参数,再重启服务即可;

            方法二:
                1.停止当前的MySQL或MariaDB服务;
                2.使用命令启动MySQL服务:
                    # mysqld_safe --skip-grant-tables --skip-networking
                3.启动另一个会话连接,并使用mysql或mysqladmin客户端工具以空密码的root用户的身份修改其密码;
                4.kill掉此前的mysqld-safe及衍生的mysqld服务;
                5.再正常启动服务即可;

        用户授权管理(当用户不存在时自动创建该用户):
        GRANT语句:
        GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ...
        ON [object_type] priv_level
        TO user_specification [, user_specification] ...
        [REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
        [WITH with_option ...]

        priv_type:
                SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EVENT, TRIGGER, RELOAD, REPLICATION CLIENT, REPLICATION SLAVE, SHUTDOWN, FILE, SHOW DATABASES, PROCESS, SUPER

        object_type:
                TABLE | FUNCTION | PROCEDURE

            priv_level:
                * | *.* | db_name.* | db_name.tbl_name | tbl_name | db_name.routine_name

                *:表示所有的数据库;
                *.*:表示所有数据库中的所有表对象;
                db_name.*:表示指定数据库中的所有表对象;
                db_name.tbl_name:表示指定数据库中的指定的表对象;
                tbl_name:表示当前正在使用的数据库中的指定的表对象;
                db_name.routine_name:表示指定数据库中的指定存储函数后存储过程对象;通常需要使用object_type参数共同决定;

            user_specification:
                user [ IDENTIFIED BY [PASSWORD] 'password' | IDENTIFIED WITH auth_plugin [AS 'auth_string' ] ]
        ssl_option:
                SSL | X509 | CIPHER 'cipher' | ISSUER 'issuer' | SUBJECT 'subject'
            with_option:
                GRANT OPTION | MAX_QUERIES_PER_HOUR count | MAX_UPDATES_PER_HOUR count | MAX_CONNECTIONS_PER_HOUR count | MAX_USER_CONNECTIONS count
        示例:
            MariaDB [mysql]> grant all privileges on hellodb.* to 'test'@'%';
            MariaDB [mysql]> grant select,update on hellodb.students to 'test'@'%';
            MariaDB [mysql]> grant select(Name,Age,ClassID) on hellodb.students to 'test'@'%';
            也可以对某些基本表创建视图之后,再对视图进行用户权限授权:
                MariaDB [hellodb]> create view stu_base as select Name,Age,ClassID from students;
                MariaDB [hellodb]> grant all on hellodb.stu_base to 'test'@'%';

    取消授权/收回授权:
        REVOKE语句:
        REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ...
            ON [object_type] priv_level
            FROM user [, user] ...
        REVOKE ALL PRIVILEGES, GRANT OPTION
            FROM user [, user] ...
        示例:
            MariaDB [mysql]> revoke delete on hellodb.* from 'test'@'%';
            MariaDB [mysql]> revoke all on hellodb.students from 'test'@'%';
            MariaDB [mysql]> revoke select(Age,ClassID) on hellodb.students from 'test'@'%';
        注意:在取消已经做出的授权时,REVOKE语句所指定的priv_level部分应该和授权时GRANT语句所指定的priv_level保持绝对一致;否则判定此次取消授权的操作失败;
        示例:前提是testdb数据库中包含有tb1和tb2两张表;
            MariaDB [testdb]> grant all on testdb.* to 'test'@'%';
            MariaDB [testdb]> revoke all on testdb.tb2 from 'test'@'%';
            ERROR 1147 (42000): There is no such grant defined for user 'test' on host '%' on table 'tb2'
            正确的取回授权的方式:
            MariaDB [testdb]> revoke all on testdb.* from 'test'@'%';
            MariaDB [testdb]> grant all on testdb.tb1 to 'test'@'%';

            此时,'test'@'%'用户就只有对testdb数据库中tb2表有所有操作权限;

    查看用户的授权:
        SHOW GRANTS语句:
            SHOW GRANTS [FOR user]
相关文章
相关标签/搜索