欢迎拜访:雾里看山-CSDN博客
本篇主题:【MySQL】用户管理和权限
发布时间:2025.3.12
隶属专栏:MySQL
引言
如果我们只能使用root用户,这样存在安全隐患。在多用户协同开发时,很容易因为新手的误操作,给数据库带来严重的安全问题。这时,就需要使用MySQL的用户管理。
用户
用户信息
MySQL中的用户,都存储在系统数据库mysql的user表中
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| bit_index |
| database1 |
| index_db |
| mysql |
| performance_schema |
| scott |
| sys |
| test |
| test_db |
| user_db |
+--------------------+
11 rows in set (0.00 sec)
mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+---------------------------+
| Tables_in_mysql |
+---------------------------+
| columns_priv |
| db |
| engine_cost |
| event |
| func |
| general_log |
| gtid_executed |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| innodb_index_stats |
| innodb_table_stats |
| ndb_binlog_index |
| plugin |
| proc |
| procs_priv |
| proxies_priv |
| server_cost |
| servers |
| slave_master_info |
| slave_relay_log_info |
| slave_worker_info |
| slow_log |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
| user |
+---------------------------+
31 rows in set (0.00 sec)
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-------------------------------------------+
3 rows in set (0.01 sec)
字段解释:
host: 表示这个用户可以从哪个主机登陆,如果是localhost,表示只能从本机登陆user: 用户名authentication_string: 用户密码通过password函数加密后的*_priv: 用户拥有的权限
我们还可以通过select * from user \G查看每个用户的具体信息。
mysql> select * from user \G
*************************** 1. row ***************************
Host: localhost
User: root
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: Y
Shutdown_priv: Y
Process_priv: Y
File_priv: Y
Grant_priv: Y
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: Y
Super_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Execute_priv: Y
Repl_slave_priv: Y
Repl_client_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Create_user_priv: Y
Event_priv: Y
Trigger_priv: Y
Create_tablespace_priv: Y
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin: auth_socket
authentication_string:
password_expired: N
password_last_changed: 2025-01-20 12:21:54
password_lifetime: NULL
account_locked: N
*************************** 2. row ***************************
Host: localhost
User: mysql.session
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: Y
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
Event_priv: N
Trigger_priv: N
Create_tablespace_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin: mysql_native_password
authentication_string: *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE
password_expired: N
password_last_changed: 2025-01-20 12:21:54
password_lifetime: NULL
account_locked: Y
*************************** 3. row ***************************
Host: localhost
User: mysql.sys
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
Event_priv: N
Trigger_priv: N
Create_tablespace_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin: mysql_native_password
authentication_string: *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE
password_expired: N
password_last_changed: 2025-01-20 12:21:54
password_lifetime: NULL
account_locked: Y
3 rows in set (0.00 sec)
创建用户
语法
create user '用户名'@'登陆主机/ip' identified by '密码';
如果登录主机被设置为%,则表示该用户可以在任何地方登陆user;
此设置方法需要谨慎使用
案例
mysql> create user 'wdd'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *999FD3326F738172CF3B546D7B69779554E9719E |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | wdd | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)
此时,我们便可以使用新账号新密码进行登录了,但是,此时新用户的权限病灭有被设置,所以大部分库都是看不到的。
wdd@VM-20-16-ubuntu:~/mysql$ mysql -u wdd -p;
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.7.29 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
修改用户密码
语法
自己改自己密码
set password=password('新的密码');
root用户修改指定用户的密码
set password for '用户名'@'主机名'=password('新的密码');
案例
自己修改自己的密码
mysql> set password=password('12321');
Query OK, 0 rows affected, 1 warning (0.00 sec)
root用户修改任意用户的密码
mysql> set password for 'wdd'@'localhost'=password('1234abcd');
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *999FD3326F738172CF3B546D7B69779554E9719E |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | wdd | *A28D6A233B76FC581A8E711B8966883C91C97612 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)
删除用户
语法
drop user '用户名'@'主机名'
案例
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *999FD3326F738172CF3B546D7B69779554E9719E |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | wdd | *A28D6A233B76FC581A8E711B8966883C91C97612 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)
mysql> drop user 'wdd'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *999FD3326F738172CF3B546D7B69779554E9719E |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-------------------------------------------+
3 rows in set (0.00 sec)
权限
权限列表
MySQL数据库提供的权限列表:
查看和刷新用户的权限
查看用户权限
mysql> show grants for 'wdd'@'localhost';
+-----------------------------------------------+
| Grants for wdd@localhost |
+-----------------------------------------------+
| GRANT USAGE ON *.* TO 'wdd'@'localhost' |
| GRANT SELECT ON `test`.* TO 'wdd'@'localhost' |
+-----------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for 'root'@'localhost';
+---------------------------------------------------------------------+
| Grants for root@localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
2 rows in set (0.01 sec)
如果发现赋权限后,没有生效,执行如下指令:
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
给用户授权
刚创建的用户没有任何权限。需要给用户授权。
语法
grant 权限列表 on 库.对象名 to '用户名'@'登陆位置' [identified by '密码']
说明:
- 权限列表,多个权限用逗号分开
grant select on ...
grant select, delete, create on ....
grant all [privileges] on ... -- 表示赋予该用户在该对象上的所有权限
*.*: 代表本系统中的所有数据库的所有对象(表,视图,存储过程等)库.*: 表示某个数据库中的所有数据对象(表,视图,存储过程等)identified by可选。 如果用户存在,赋予权限的同时修改密码,如果该用户不存在,就是创建用户。
案例
终端A:(使用root账号)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| bit_index |
| database1 |
| index_db |
| mysql |
| performance_schema |
| scott |
| sys |
| test |
| test_db |
| user_db |
+--------------------+
11 rows in set (0.00 sec)
mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| msg |
| tmp |
+----------------+
2 rows in set (0.00 sec)
mysql> grant select on test.* to 'wdd'@'localhost';
Query OK, 0 rows affected (0.00 sec)
终端B:(使用wdd账号)
--没有设置查看权限前
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
设置查看权限以后
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.00 sec)
mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| msg |
| tmp |
+----------------+
2 rows in set (0.00 sec)
--可以查看
mysql> select * from tmp;
+----+------------+
| id | birthday |
+----+------------+
| 1 | 1990-02-24 |
| 2 | 1980-03-05 |
| 3 | 2025-02-18 |
+----+------------+
3 rows in set (0.00 sec)
--没有删除权限
mysql> delete from tmp;
ERROR 1142 (42000): DELETE command denied to user 'wdd'@'localhost' for table 'tmp'
回收权限
语法
revoke 权限列表 on 库.对象名 from '用户名'@'登陆位置';
示例
终端A:(root 账号)
mysql> revoke all on test.* from 'wdd'@'localhost';
Query OK, 0 rows affected (0.00 sec)
终端B:(wdd 账号)
-- 回收权限之前
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.00 sec)
--回收权限以后
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
⚠️ 写在最后:以上内容是我在学习以后得一些总结和概括,如有错误或者需要补充的地方欢迎各位大佬评论或者私信我交流!!!