设为首页收藏本站
开启辅助访问

mysql用户权限管理:查看用户权限、授予用户权限、收回用户权限

 您所在的位置:网站首页 windows查看当前用户权限命令是哪个 mysql用户权限管理:查看用户权限、授予用户权限、收回用户权限

mysql用户权限管理:查看用户权限、授予用户权限、收回用户权限

2023-09-22 06:28| 来源: 网络整理| 查看: 265

查看用户权限、授予用户权限、收回用户权限命令总结:

项命令示例查看用户权限show grants;show grants for chushiyan@localhost;授予用户权限grant insert on test.* to chushiyan@localhost;grant delete on test.* to chushiyan@localhost;grant update on test.* to chushiyan@localhost;grant select on test.* to chushiyan@localhost;收回用户权限revoke insert,delete,update,select on test.* from chushiyan@localhost;revoke all on test.* from chushiyan@localhost;revoke all ,grant option from chushiyan@localhost;

具体详情见下。

一、查看用户权限 (一)使用show grant命令查看用户权限 1、查询当前用户权限: show grants;

示例:

mysql> show grants; +----------------------------------------------------------------------------------------------------------------------------------------+ | Grants for root@localhost | +----------------------------------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED BY PASSWORD '*7BB4897EB74329520EE1456DDA7DC45ED2CA2AD0' WITH GRANT OPTION | +----------------------------------------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec) 2、查看指定用户的权限 show grants for chushiyan@localhost;

首先创建用户chushiyan,然后授予test库的查询权限

create user chushiyan@localhost identified by “123456”; grant select on test.* to chushiyan@localhost;

查看用户chushiyan的权限:

mysql> show grants for chushiyan@localhost ; +------------------------------------------------------------------------------------------------------------------+ | Grants for chushiyan@localhost | +------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'chushiyan'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' | | GRANT SELECT ON `test`.* TO 'chushiyan'@'localhost' | +------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)

show grants命令将授权语句都打印出来了。第一条记录是使用create user命令创建用户chushiyan时默认的授权,第二条就是我们授予的test库的查询权限。

(二)使用select直接查询mysql.user表查看用户的全局权限 SELECT * FROM mysql.user WHERE user='chushiyan'\G

注释:\G使查询到的每列打印到单独的行,也有’;'的作用

mysql.user表存放的是用户名、密码、来源主机,同时也存放了用户的全局权限。

mysql> SELECT * FROM mysql.user WHERE user='chushiyan'\G *************************** 1. row *************************** Host: localhost User: chushiyan Password: *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 Select_priv: N Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Reload_priv: N Shutdown_priv: N Process_priv: N File_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Show_db_priv: N Super_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Execute_priv: N Repl_slave_priv: N Repl_client_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Create_user_priv: N ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 1 row in set (0.00 sec) 二、授予用户权限

示例:授予test库中所有表的增删改查权限:

grant insert on test.* to chushiyan@localhost; grant delete on test.* to chushiyan@localhost; grant update on test.* to chushiyan@localhost; grant select on test.* to chushiyan@localhost;

授权后查看该用户的权限:

mysql> show grants for chushiyan@localhost ; +------------------------------------------------------------------------------------------------------------------+ | Grants for chushiyan@localhost | +------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'chushiyan'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' | | GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.* TO 'chushiyan'@'localhost' | +------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)

那mysql中都有哪些权限?

mysql中用户的权限:

权限类型权限说明All/All Privileges代表全局或者全数据库对象级别的所有权限Alter代表允许修改表结构的权限,但必须要求有create和insert权限配合。如果是rename表名,则要求有alter和drop原表, create和insert新表的权限Alter routine代表允许修改或者删除存储过程、函数的权限Create代表允许创建新的数据库和表的权限Create routine代表允许创建存储过程、函数的权限Create tablespace代表允许创建、修改、删除表空间和日志组的权限Create temporary tables代表允许创建临时表的权限Create user代表允许创建、修改、删除、重命名user的权限Create view代表允许创建视图的权限Delete允许执行delete操作Drop代表允许删除数据库、表、视图的权限,包括truncate table命令Event代表允许查询,创建,修改,删除MySQL事件Execute代表允许执行存储过程和函数的权限File代表允许在MySQL可以访问的目录进行读写磁盘文件操作,可使用的命令包括load data infile,select … into outfile,load file()函数Grant option代表是否允许此用户授权或者收回给其他用户你给予的权限,重新付给管理员的时候需要加上这个权限Index代表是否允许创建和删除索引Insert代表是否允许在表里插入数据,同时在执行analyze table,optimize table,repair table语句的时候也需要insert权限Lock tables代表允许对拥有select权限的表进行锁定,以防止其他链接对此表的读或写Process代表允许查看MySQL中的进程信息,比如执行show processlist, mysqladmin processlist, show engine等命令Reference是在5.7.6版本之后引入,代表是否允许创建外键Reload代表允许执行flush命令,指明重新加载权限表到系统内存中,refresh命令代表关闭和重新开启日志文件并刷新所有的表lication client代表允许执行show master status,show slave status,show binary logs命令Replication slave代表允许slave主机通过此用户连接master以便建立主从复制关系Select允许执行select操作Show databases代表允许执行show databases命令查看所有的数据库名Show view代表允许执行show create view命令查看视图创建的语句Shutdown代表允许关闭数据库实例,执行语句包括mysqladmin shutdownSuper代表允许执行一系列数据库管理命令,包括kill强制关闭某个连接命令, change master to创建复制关系命令,以及create/alter/drop server等命令Trigger代表允许创建,删除,执行,显示触发器的权限Update允许执行update操作Usage是创建一个用户之后的默认权限,其本身代表连接登录权限。使用create user语句创建的用户,默认就拥有这个usage权限,但是除了能登录之外, 三、收回用户权限 (一)收回指定权限

收回前面授予test库中所有表的增删改查权限:

revoke insert,delete,update,select on test.* from chushiyan@localhost;

或者也可以通过下面命令收回对test库中所有表的所有权限:

revoke all privileges on test.* from chushiyan@localhost; # 当然省略privileges也可以: revoke all on test.* from chushiyan@localhost;

特殊情况:

1、usage权限是用户一经创建就拥有的,使用revoke命令无法收回:

mysql> revoke usage on *.* from chushiyan@localhost; Query OK, 0 rows affected (0.00 sec) mysql> show grants for chushiyan@localhost ; +------------------------------------------------------------------------------------------------------------------+ | Grants for chushiyan@localhost | +------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'chushiyan'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' | +------------------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec) (二)收回所有权限

下面这个命令会收回该用户所有权限(当然除了用户一创建就有的usage权限)

revoke all ,grant option from chushiyan@localhost; mysql> revoke all ,grant option from chushiyan@localhost; Query OK, 0 rows affected (0.01 sec) mysql> show grants for chushiyan@localhost ; +------------------------------------------------------------------------------------------------------------------+ | Grants for chushiyan@localhost | +------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'chushiyan'@'localhost' IDENTIFIED BY PASSWORD '*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' | +------------------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec)


【本文地址】


今日新闻

推荐新闻

CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3