mysql权限管理: mysql的权限控制,首先在user表判断有没有权限连,连上后看有没有全局权限。然后看db表有哪些库级别的权限。然后看tables_priv表有哪些表级别的权限。最后还可以看有哪些列级别的权限。 mysql权限检查: 1.有没有权连接上来 2.有没有权执行操作(crud) 服务器是如何判断用户有没有权限连接上来: 1.你从哪里来,host 2.你是谁,user 3.你的密码 用户的这3个信息存储在mysql数据库的user表下 mysql> use mysql mysql> desc user; mysql> select Host,User from user; +-----------+---------------+ | Host | User | +-----------+---------------+ | localhost | mysql.session | mysql.session用户必须从localhost连接 | localhost | mysql.sys | mysql.sys用户必须从localhost连接 | localhost | root | root用户必须从localhost连接 +-----------+---------------+ 就算知道用户名和密码,但是可以限制ip。 修改user的host域, update user set host="192.168.1.101" where user=‘root‘; flush privileges; 冲刷权限, 如何修改用户的密码: update user set password=passwiord(‘111111‘) where user=‘root‘ flush privileges; mysql库下有一个db表, 用户连上来先通过user表,看能不能进来,然后经过db表判断有没有某个库的操作权,然后通过tables_priv判断有没有库下哪个表的权限。 //新增一个用户,grant[权限1,权限2,权限3......] on 哪个库.哪个表 to 用户@‘host‘ identified by ‘password‘ 常用权限all(所有权限),creat,drop,insert,delete,update,select mysql> grant all on *.* to lisi@‘127.0.0.1‘ identified by ‘111111‘; Query OK, 0 rows affected mysql> select Host,User from user; +-----------+---------------+ | Host | User | +-----------+---------------+ | 127.0.0.1 | lisi | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+---------------+ C:\Users\Administrator>mysql -h127.0.0.1 -ulisi -p //用户lisi登陆 Enter password: ****** Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 8 Server version: 5.7.20 MySQL Community Server (GPL) mysql> select * from user where user=‘lisi‘ \G; *************************** 1. row *************************** Host: 127.0.0.1 User: lisi Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Reload_priv: Y Shutdown_priv: Y Process_priv: Y File_priv: Y Grant_priv: N References_priv: Y Index_priv: Y Alter_priv: Y Show_db_priv: Y Super_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Execute_priv: Y Repl_slave_priv: Y Repl_client_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Create_user_priv: Y Event_priv: Y Trigger_priv: Y Create_tablespace_priv: Y ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 plugin: mysql_native_password authentication_string: *FD571203974BA9AFE270FE62151AE967ECA5E0AA password_expired: N password_last_changed: 2017-12-29 21:30:25 password_lifetime: NULL account_locked: N 1 row in set (0.00 sec) //收回权限,revoke all on *.* from lisi@‘127.0.0.1‘, mysql> revoke all on *.* from lisi@‘127.0.0.1‘; Query OK, 0 rows affected mysql> select * from user where user=‘lisi‘ \G; *************************** 1. row *************************** Host: 127.0.0.1 User: lisi Select_priv: N Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Reload_priv: N Shutdown_priv: N Process_priv: N File_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Show_db_priv: N Super_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Execute_priv: N Repl_slave_priv: N Repl_client_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Create_user_priv: N Event_priv: N Trigger_priv: N Create_tablespace_priv: N ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 plugin: mysql_native_password authentication_string: *FD571203974BA9AFE270FE62151AE967ECA5E0AA password_expired: N password_last_changed: 2017-12-29 21:30:25 password_lifetime: NULL account_locked: N 1 row in set (0.00 sec) mysql库下面的user里面可以检测能不能登陆,并且里面的权限是全局的,所有库所有表的。 //不是全局授权,而是分库分表管理权限。 grant all on test3.* to lidi@‘127.0.0.1‘; //给lisi test3库所有表的所有权限。 //针对某个表做授权 grant creat,drop,insert,update,select on test3.goods to lisi@‘127.0.0.1‘;//test3库的goods表做权限控制, //数据库级别的权限在db表中,表级别的权限在tables_priv表中。 mysql> select * from db \G; //哪个用户在哪个库哪个主机有哪些权限 *************************** 1. row *************************** Host: localhost Db: performance_schema User: mysql.session Select_priv: Y Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Execute_priv: N Event_priv: N Trigger_priv: N *************************** 2. row *************************** Host: localhost Db: sys User: mysql.sys Select_priv: N Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Execute_priv: N Event_priv: N Trigger_priv: Y *************************** 4. row *************************** Host: 127.0.0.1 Db: test2 User: lisi Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Grant_priv: N References_priv: Y Index_priv: Y Alter_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Execute_priv: Y Event_priv: Y Trigger_priv: Y 4 rows in set (0.00 sec) mysql> select * from tables_priv \G; *************************** 1. row *************************** Host: localhost Db: mysql User: mysql.session Table_name: user Grantor: boot@connecting host Timestamp: 0000-00-00 00:00:00 Table_priv: Select Column_priv: *************************** 2. row *************************** Host: localhost Db: sys User: mysql.sys Table_name: sys_config Grantor: root@localhost Timestamp: 2017-12-25 15:09:21 Table_priv: Select Column_priv: *************************** 3. row *************************** Host: 127.0.0.1 Db: test3 User: lisi Table_name: goods Grantor: root@localhost Timestamp: 0000-00-00 00:00:00 Table_priv: Select,Insert,Update,Create,Drop Column_priv: 3 rows in set (0.00 sec) //mysql的权限控制可以精确到列,常用的授权项,
