mysql权限管理:
mysql的权限控制,首先在user表判断有没有权限连,连上后看有没有全局权限。然后看db表有哪些库级别的权限。然后看tables_priv表有哪些表级别的权限。最后还可以看有哪些列级别的权限。
mysql权限检查:
1.有没有权连接上来
2.有没有权执行操作(crud)
服务器是如何判断用户有没有权限连接上来:
1.你从哪里来,host
2.你是谁,user
3.你的密码
用户的这3个信息存储在mysql数据库的user表下
mysql> use mysql
mysql> desc user;
mysql> select Host,User from user;
+-----------+---------------+
| Host | User |
+-----------+---------------+
| localhost | mysql.session | mysql.session用户必须从localhost连接
| localhost | mysql.sys | mysql.sys用户必须从localhost连接
| localhost | root | root用户必须从localhost连接
+-----------+---------------+
就算知道用户名和密码,但是可以限制ip。
修改user的host域,
update user set host="192.168.1.101" where user='root';
flush privileges; 冲刷权限,
如何修改用户的密码:
update user set password=passwiord('111111') where user='root'
flush privileges;
mysql库下有一个db表,
用户连上来先通过user表,看能不能进来,然后经过db表判断有没有某个库的操作权,然后通过tables_priv判断有没有库下哪个表的权限。
//新增一个用户,grant[权限1,权限2,权限3......] on 哪个库.哪个表 to 用户@'host' identified by 'password'
常用权限all(所有权限),creat,drop,insert,delete,update,select
mysql> grant all on *.* to lisi@'127.0.0.1' identified by '111111';
Query OK, 0 rows affected
mysql> select Host,User from user;
+-----------+---------------+
| Host | User |
+-----------+---------------+
| 127.0.0.1 | lisi |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+-----------+---------------+
C:\Users\Administrator>mysql -h127.0.0.1 -ulisi -p //用户lisi登陆
Enter password: ******
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 5.7.20 MySQL Community Server (GPL)
mysql> select * from user where user='lisi' \G;
*************************** 1. row ***************************
Host: 127.0.0.1
User: lisi
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Reload_priv: Y
Shutdown_priv: Y
Process_priv: Y
File_priv: Y
Grant_priv: N
References_priv: Y
Index_priv: Y
Alter_priv: Y
Show_db_priv: Y
Super_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Execute_priv: Y
Repl_slave_priv: Y
Repl_client_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Create_user_priv: Y
Event_priv: Y
Trigger_priv: Y
Create_tablespace_priv: Y
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin: mysql_native_password
authentication_string: *FD571203974BA9AFE270FE62151AE967ECA5E0AA
password_expired: N
password_last_changed: 2017-12-29 21:30:25
password_lifetime: NULL
account_locked: N
1 row in set (0.00 sec)
//收回权限,revoke all on *.* from lisi@'127.0.0.1',
mysql> revoke all on *.* from lisi@'127.0.0.1';
Query OK, 0 rows affected
mysql> select * from user where user='lisi' \G;
*************************** 1. row ***************************
Host: 127.0.0.1
User: lisi
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
Event_priv: N
Trigger_priv: N
Create_tablespace_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin: mysql_native_password
authentication_string: *FD571203974BA9AFE270FE62151AE967ECA5E0AA
password_expired: N
password_last_changed: 2017-12-29 21:30:25
password_lifetime: NULL
account_locked: N
1 row in set (0.00 sec)
mysql库下面的user里面可以检测能不能登陆,并且里面的权限是全局的,所有库所有表的。
//不是全局授权,而是分库分表管理权限。
grant all on test3.* to lidi@'127.0.0.1'; //给lisi test3库所有表的所有权限。
//针对某个表做授权
grant creat,drop,insert,update,select on test3.goods to lisi@'127.0.0.1';//test3库的goods表做权限控制,
//数据库级别的权限在db表中,表级别的权限在tables_priv表中。
mysql> select * from db \G; //哪个用户在哪个库哪个主机有哪些权限
*************************** 1. row ***************************
Host: localhost
Db: performance_schema
User: mysql.session
Select_priv: Y
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Execute_priv: N
Event_priv: N
Trigger_priv: N
*************************** 2. row ***************************
Host: localhost
Db: sys
User: mysql.sys
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Execute_priv: N
Event_priv: N
Trigger_priv: Y
*************************** 4. row ***************************
Host: 127.0.0.1
Db: test2
User: lisi
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Grant_priv: N
References_priv: Y
Index_priv: Y
Alter_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Execute_priv: Y
Event_priv: Y
Trigger_priv: Y
4 rows in set (0.00 sec)
mysql> select * from tables_priv \G;
*************************** 1. row ***************************
Host: localhost
Db: mysql
User: mysql.session
Table_name: user
Grantor: boot@connecting host
Timestamp: 0000-00-00 00:00:00
Table_priv: Select
Column_priv:
*************************** 2. row ***************************
Host: localhost
Db: sys
User: mysql.sys
Table_name: sys_config
Grantor: root@localhost
Timestamp: 2017-12-25 15:09:21
Table_priv: Select
Column_priv:
*************************** 3. row ***************************
Host: 127.0.0.1
Db: test3
User: lisi
Table_name: goods
Grantor: root@localhost
Timestamp: 0000-00-00 00:00:00
Table_priv: Select,Insert,Update,Create,Drop
Column_priv:
3 rows in set (0.00 sec)
//mysql的权限控制可以精确到列,常用的授权项,
浙公网安备 33010602011771号