查看用戶權(quán)限茄菊、授予用戶權(quán)限疯潭、收回用戶權(quán)限命令總結(jié):
| 項(xiàng) | 命令示例 |
|---|---|
| 查看用戶權(quán)限 | show grants; show grants for chushiyan@localhost; |
| 授予用戶權(quán)限 | grant insert on test.* to chushiyan@localhost; grant delete on test.* to chushiyan@localhost; grant update on test.* to chushiyan@localhost; grant select on test.* to chushiyan@localhost; |
| 收回用戶權(quán)限 | revoke insert,delete,update,select on test.* from chushiyan@localhost; revoke all on test.* from chushiyan@localhost; revoke all ,grant option from chushiyan@localhost; |
具體詳情見下。
一面殖、查看用戶權(quán)限
(一)使用show grant命令查看用戶權(quán)限
1竖哩、查詢當(dāng)前用戶權(quán)限:
show grants;
示例:
mysql> show grants;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root@localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*7BB4897EB74329520EE1456DDA7DC45ED2CA2AD0' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
2、查看指定用戶的權(quán)限
show grants for chushiyan@localhost;
首先創(chuàng)建用戶chushiyan脊僚,然后授予test庫的查詢權(quán)限
create user chushiyan@localhost identified by “123456”;
grant select on test.* to chushiyan@localhost;
查看用戶chushiyan的權(quán)限:
mysql> show grants for chushiyan@localhost ;
+------------------------------------------------------------------------------------------------------------------+
| Grants for chushiyan@localhost |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'chushiyan'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT SELECT ON `test`.* TO 'chushiyan'@'localhost' |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
show grants命令將授權(quán)語句都打印出來了相叁。第一條記錄是使用create user命令創(chuàng)建用戶chushiyan時(shí)默認(rèn)的授權(quán),第二條就是我們授予的test庫的查詢權(quán)限辽幌。
(二)使用select直接查詢mysql.user表查看用戶權(quán)限
SELECT * FROM mysql.user WHERE user='chushiyan'\G
注釋:\G使查詢到的每列打印到單獨(dú)的行增淹,也有’;'的作用
mysql> SELECT * FROM mysql.user WHERE user='chushiyan'\G
*************************** 1. row ***************************
Host: localhost
User: chushiyan
Password: *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
1 row in set (0.00 sec)
二、授予用戶權(quán)限
示例:授予test庫中所有表的增刪改查權(quán)限:
grant insert on test.* to chushiyan@localhost;
grant delete on test.* to chushiyan@localhost;
grant update on test.* to chushiyan@localhost;
grant select on test.* to chushiyan@localhost;
授權(quán)后查看該用戶的權(quán)限:
mysql> show grants for chushiyan@localhost ;
+------------------------------------------------------------------------------------------------------------------+
| Grants for chushiyan@localhost |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'chushiyan'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.* TO 'chushiyan'@'localhost' |
+------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
那mysql中都有哪些權(quán)限舶衬?
mysql中用戶的權(quán)限:
| 權(quán)限類型 | 權(quán)限說明 |
|---|---|
| All/All Privileges | 代表全局或者全數(shù)據(jù)庫對象級別的所有權(quán)限 |
| Alter | 代表允許修改表結(jié)構(gòu)的權(quán)限,但必須要求有create和insert權(quán)限配合赎离。如果是rename表名逛犹,則要求有alter和drop原表, create和insert新表的權(quán)限 |
| Alter routine | 代表允許修改或者刪除存儲過程梁剔、函數(shù)的權(quán)限 |
| Create | 代表允許創(chuàng)建新的數(shù)據(jù)庫和表的權(quán)限 |
| Create routine | 代表允許創(chuàng)建存儲過程虽画、函數(shù)的權(quán)限 |
| Create tablespace | 代表允許創(chuàng)建、修改荣病、刪除表空間和日志組的權(quán)限 |
| Create temporary tables | 代表允許創(chuàng)建臨時(shí)表的權(quán)限 |
| Create user | 代表允許創(chuàng)建码撰、修改、刪除个盆、重命名user的權(quán)限 |
| Create view | 代表允許創(chuàng)建視圖的權(quán)限 |
| Delete | 允許執(zhí)行delete操作 |
| Drop | 代表允許刪除數(shù)據(jù)庫脖岛、表朵栖、視圖的權(quán)限,包括truncate table命令 |
| Event | 代表允許查詢柴梆,創(chuàng)建陨溅,修改,刪除MySQL事件 |
| Execute | 代表允許執(zhí)行存儲過程和函數(shù)的權(quán)限 |
| File | 代表允許在MySQL可以訪問的目錄進(jìn)行讀寫磁盤文件操作绍在,可使用的命令包括load data infile,select … into outfile,load file()函數(shù) |
| Grant option | 代表是否允許此用戶授權(quán)或者收回給其他用戶你給予的權(quán)限,重新付給管理員的時(shí)候需要加上這個(gè)權(quán)限 |
| Index | 代表是否允許創(chuàng)建和刪除索引 |
| Insert | 代表是否允許在表里插入數(shù)據(jù)门扇,同時(shí)在執(zhí)行analyze table,optimize table,repair table語句的時(shí)候也需要insert權(quán)限 |
| Lock tables | 代表允許對擁有select權(quán)限的表進(jìn)行鎖定,以防止其他鏈接對此表的讀或?qū)?/td> |
| Process | 代表允許查看MySQL中的進(jìn)程信息偿渡,比如執(zhí)行show processlist, mysqladmin processlist, show engine等命令 |
| Reference | 是在5.7.6版本之后引入臼寄,代表是否允許創(chuàng)建外鍵 |
| Reload | 代表允許執(zhí)行flush命令,指明重新加載權(quán)限表到系統(tǒng)內(nèi)存中溜宽,refresh命令代表關(guān)閉和重新開啟日志文件并刷新所有的表 |
| lication client | 代表允許執(zhí)行show master status,show slave status,show binary logs命令 |
| Replication slave | 代表允許slave主機(jī)通過此用戶連接master以便建立主從復(fù)制關(guān)系 |
| Select | 允許執(zhí)行select操作 |
| Show databases | 代表允許執(zhí)行show databases命令查看所有的數(shù)據(jù)庫名 |
| Show view | 代表允許執(zhí)行show create view命令查看視圖創(chuàng)建的語句 |
| Shutdown | 代表允許關(guān)閉數(shù)據(jù)庫實(shí)例吉拳,執(zhí)行語句包括mysqladmin shutdown |
| Super | 代表允許執(zhí)行一系列數(shù)據(jù)庫管理命令,包括kill強(qiáng)制關(guān)閉某個(gè)連接命令坑质, change master to創(chuàng)建復(fù)制關(guān)系命令合武,以及create/alter/drop server等命令 |
| Trigger | 代表允許創(chuàng)建,刪除涡扼,執(zhí)行稼跳,顯示觸發(fā)器的權(quán)限 |
| Update | 允許執(zhí)行update操作 |
| Usage | 是創(chuàng)建一個(gè)用戶之后的默認(rèn)權(quán)限,其本身代表連接登錄權(quán)限吃沪。使用create user語句創(chuàng)建的用戶汤善,默認(rèn)就擁有這個(gè)usage權(quán)限,但是除了能登錄之外票彪, |
三红淡、收回用戶權(quán)限
(一)收回指定權(quán)限
收回前面授予test庫中所有表的增刪改查權(quán)限:
revoke insert,delete,update,select on test.* from chushiyan@localhost;
或者也可以通過下面命令收回對test庫中所有表的所有權(quán)限:
revoke all privileges on test.* from chushiyan@localhost;
# 當(dāng)然省略privileges也可以:
revoke all on test.* from chushiyan@localhost;
特殊情況:
1、usage權(quán)限是用戶一經(jīng)創(chuàng)建就擁有的降铸,使用revoke命令無法收回:
mysql> revoke usage on *.* from chushiyan@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for chushiyan@localhost ;
+------------------------------------------------------------------------------------------------------------------+
| Grants for chushiyan@localhost |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'chushiyan'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
+------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
(二)收回所有權(quán)限
下面這個(gè)命令會收回該用戶所有權(quán)限(當(dāng)然除了用戶一創(chuàng)建就有的usage權(quán)限)
revoke all ,grant option from chushiyan@localhost;
mysql> revoke all ,grant option from chushiyan@localhost;
Query OK, 0 rows affected (0.01 sec)
mysql> show grants for chushiyan@localhost ;
+------------------------------------------------------------------------------------------------------------------+
| Grants for chushiyan@localhost |
+------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'chushiyan'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
+------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
