MySQL用户管理

Smile丶凉轩

于 2025-01-07 15:07:37 发布

阅读量530

点赞数 13

分类专栏：数据库文章标签： mysql adb android

本文链接：https://blog.youkuaiyun.com/m0_65558082/article/details/144962741

版权

数据库专栏收录该内容

16 篇文章

订阅专栏

1. 为什么需要使用普通用户来操作数据库

（1）如果我们只能使用root用户，这样存在安全隐患。这时就需要使用MySQL的用户管理。

2. 查看用户信息

（1）MySQL中的用户，都存储在系统数据库mysql的user表中：

mysql> use mysql;
Database changed
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host      | user          | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| localhost | root          | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-------------------------------------------+

--可以通过desc user初步查看一下表结构

（2）字段解释：

host：表示这个用户可以从哪个主机登陆，如果是localhost，表示只能从本机登陆。
user：用户名。
authentication_string：用户密码通过password函数加密后的。
*_priv：用户拥有的权限。

3. 创建用户

（1）语法：

create user '用户名'@'登陆主机/ip' identified by '密码';

（2）案例：

mysql> create user 'xiaomaker'@'localhost' identified by '12345678';
Query OK, 0 rows affected (0.06 sec)
mysql> select user,host,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| user          | host      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | %         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| xiaomaker     | localhost | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 |   --新增用户 
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

-- 此时便可以使用新账号新密码进行登陆啦

（3）注意：可能实际在设置密码的时候，因为mysql本身的认证等级比较高，一些简单的密码无法设置，会爆出如下报错：

ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

解决方案见博客：https://blog.youkuaiyun.com/zhanaolu4821/article/details/93622812。
查看密码设置相关要求：SHOW VARIABLES LIKE ‘validate_password%’;
关于新增用户这里，我们需要注意，不要轻易添加一个可以从任意地方登陆的user。

4. 删除用户

（1）语法：

drop user '用户名'@'主机名'

（2）示例：

mysql> select user,host,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| user          | host      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | %         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| xiaomaker     | localhost | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

mysql> drop user xiaomaker;   --尝试删除
ERROR 1396 (HY000): Operation DROP USER failed for 'whb'@'%' -- <= 直接给个用户名，不能删除，它默认是%，表示所有地方可以登陆的用户
mysql> drop user 'xiaomaker'@'localhost';   --删除用户
Query OK, 0 rows affected (0.00 sec)

mysql> select user,host,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| user          | host      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | %         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+---------------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)

5. 修改用户的密码

（1）语法：

自己改自己的密码：

set password=password('新的密码');

root用户修改指定用户的密码：

set password for '用户名'@'主机名'=password('新的密码');

（2）案例：

mysql> select host,user, authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host      | user          | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| %         | root          | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | xiaomaker     | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)

mysql> set password for 'xiaomaker'@'localhost'=password('87654321');
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> select host,user, authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host      | user          | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| %         | root          | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | xiaomaker     | *5D24C4D94238E65A6407DFAB95AA4EA97CA2B199 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)

6. 数据库的权限

（1）MySQL数据库提供的权限列表：

6.1 给用户授权

（1）刚创建的用户没有任何权限。需要给用户授权。语法如下：

grant 权限列表 on 库.对象名 to '用户名'@'登陆位置' [identified by '密码']

（2）说明：

权限列表，多个权限用逗号分开：

grant select on ...

grant select, delete, create on ....

grant all [privileges] on ... -- 表示赋予该用户在该对象上的所有权限

*. *：代表本系统中的所有数据库的所有对象（表，视图，存储过程等）。
库.*：表示某个数据库中的所有数据对象(表，视图，存储过程等)。
identified by可选。如果用户存在，赋予权限的同时修改密码，如果该用户不存在，就是创建用户。

（3）案例：

--使用root账号
--终端A
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| 57test             |
| bit_index			 |
| ccdata_pro 		 |
| innodb_test 		 |
| musicserver 		 |
| myisam_test 		 |
| mysql 			 |
| order_sys 		 |
| performance_schema |
| scott 			 |
| sys 				 |
| test 				 |
| vod_system 		 |
+--------------------+
14 rows in set (0.00 sec)

mysql> use test;
Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| account		 |
| student 		 |
| user 			 |
+----------------+
3 rows in set (0.01 sec)

--给用户whb赋予test数据库下所有文件的select权限
mysql> grant select on test.* to 'xiaomaker'@'localhost';
Query OK, 0 rows affected (0.01 sec)


--使用xiaomaker账号
--终端B
mysql> show databases;
+--------------------+
| Database 			 |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)

--暂停等root用户给xiaomaker赋完权之后，在查看
mysql> show databases;
+--------------------+
| Database 			 |
+--------------------+
| information_schema |
| test 				 |    --赋完权之后，就能看到新的表
+--------------------+
2 rows in set (0.01 sec)

mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| account 		 |
| student 		 |
| user 			 |
+----------------+
3 rows in set (0.00 sec)

mysql> select * from account;
+----+--------+---------+
| id | name   | blance  |
+----+--------+---------+
| 2  | 李四 	  | 321.00  |
| 3  | 王五 	  | 5432.00 |
| 4  | 赵六 	  | 543.90  |
| 5  | 赵六 	  | 543.90  |
+----+--------+---------+
4 rows in set (0.00 sec)

--没有删除权限
mysql> delete from account;
ERROR 1142 (42000): DELETE command denied to user 'whb'@'localhost' for table
'account'

-- 备注：特定用户现有查看权限
mysql> show grants for 'xiaomaker'@'%';
+----------------------------------------------------+
| Grants for xiaomaker@%                        	 |
+----------------------------------------------------+
| GRANT USAGE ON *.* TO 'xiaomaker'@'%' 			 |
| GRANT ALL PRIVILEGES ON `test`.* TO 'xiaomaker'@'%'|
+----------------------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for 'root'@'%';
+-------------------------------------------------------------+
| Grants for root@% 										  |
+-------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION |
+-------------------------------------------------------------+
1 row in set (0.00 sec)

-- 注意：如果发现赋权限后，没有生效，执行如下指令：
flush privileges;

6.2 回收用户权限

（1）语法：

revoke 权限列表 on 库.对象名 from '用户名'@'登陆位置';

（2）示例：

-- 回收xiaomaker对test数据库的所有权限
-- root身份，终端A
mysql> revoke all on test.* from 'xiaomaker'@'localhost';
Query OK, 0 rows affected (0.00 sec)

-- xiaomaker身份，终端B。回收之前的databases
mysql> show databases;
+--------------------+
| Database 			 |
+--------------------+
| information_schema |
| test 				 |
+--------------------+
2 rows in set (0.00 sec)

-- 这是回收之后的databases
mysql> show databases;
+--------------------+
| Database 			 |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)