MySQL权限体系介绍
一、权限体系简介:MySQL的权限体系在实现上比较简单,相关权限信息主要存储在mysql.User、mysql.db、mysql.Host、mysql_table_priv和mysql.column_priv几个表中
一、权限体系简介:
MySQL的权限体系在实现上比较简单,相关权限信息主要存储在mysql.User、mysql.db、mysql.Host、mysql_table_priv和mysql.column_priv几个表中。由于权限信息数据量比较小,而且访问又比较频繁,所以MySQL在启动时就会将所有的权限信息都Load到内存中保存在几个特定的结构中,所以才有了我们手动修改了权限相关的表后,都需要通过执行"FLUSH PRIVILEGES" 命令重新加载MySQL的权限信息。我们也可以通过GRANT,REVOKE或者DROP USER命令所做的修改权限后也会同时更新到内存结构中的权限信息。
二、权限的赋予与去除
要为某个用户授权可以使用GRANT命令,要去除某个用户现有的权限可以使用REVKOE命令,当给用户授权不仅需要提供用户名,还可以指定通过哪个主机访问,下面提供给简单的列子:
#创建一个用户test1只能从本机登录并赋予这个用户拥有test库的查询权限 mysql> grant select on test.* to test1@'localhost' identified by 'test123'; Query OK, 0 rows affected (0.03 sec) #创建一个用户test2可以从互联网上任何一台主机登录并赋予这个用户拥有test库的查询权限 mysql> grant select on test.* to test2@'%' identified by 'test234'; Query OK, 0 rows affected (0.02 sec) 刷新权限,并查询用户test1的权限 mysql> flush privileges; Query OK, 0 rows affected (0.00 sec) mysql> show grants for test1@'localhost'; +--------------------------------------------------------------------------------------------------------------+ | Grants for test1@localhost | +--------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'test1'@'localhost' IDENTIFIED BY PASSWORD '*676243218923905CF94CB52A3C9D3EB30CE8E20D' | | GRANT SELECT ON `test`.* TO 'test1'@'localhost' | +--------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) 删除用户test1的权限 mysql> revoke select on test.* from 'test1'@'localhost' identified by 'test123'; Query OK, 0 rows affected (0.00 sec) 在此查看用户test1,网站空间,已经没有权限了。 mysql> show grants for test1@'localhost'; +--------------------------------------------------------------------------------------------------------------+ | Grants for test1@localhost | +--------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'test1'@'localhost' IDENTIFIED BY PASSWORD '*676243218923905CF94CB52A3C9D3EB30CE8E20D' | +--------------------------------------------------------------------------------------------------------------+三、权限级别
mysql的权限分为5个级别,分别如下:
1、Global Lovel:
Global Lovel的权限控制又称为全局控制权限,所有权限信息u保存在mysql.User 表中,Global Lovel的所有权限都是针对整个mysqld的,对所有mysql数据库下的所有表及所有字段都有效。如果一个权限是以Global Lovel来授予的,服务器空间,则会覆盖其他所有级别的相同权限设置。Global Lovel主要有如下权限:
名称版本支持限制信息
ALTERALL表结构更改权限
ALTER ROUTINE5.0.3procedure, function 和 trigger等的变更权限
CREATEALL数据库,表和索引的创建权限
CREATE ROUTINE5.0.3+procedure, function 和 trigger等的变更权限
CREATE TEMPORARY TABLES4.0.2+零时表的创建权限
CREATE USER5.0.3+创建用户的权限
CREATE VIEW5.0.1+创建视图的权限
DELETEALL删除表数据的权限
EXECUTE5.0.3+procedure, function 和 trigger等的执行权限
FILE
ALL执行LOAD DATA INFILE 和 SELECT... INTO FILE 的权限
INDEXALL在已有表上创建索引的权限
INSERT
ALL数据插入权限
LOCK TABLES
4.0.2+执行LOCK TABLES 命令显示给表加锁的权限
PROCESS
ALL执行SHOW PROCESSLIST命令的权限
RELOAD
ALL执行FLUSH等让数据库重载LOAD某些对象或者数据命令的权限
REPLCATION SLAVE
4.0.2+主从复制中SLAVE连接用户所需的复制权限
REPLICATION CLIENT
4.0.2+执行SHOW MASTER STATUS 和SHOW SLAVE STSTUS命令的权限
SELECT
ALL数据查询权限
SHOW DATABASES
4.0.2+执行SHOW DATABASES的权限
SHUTDOWN
ALLMySQL Server的shut down 权限
SHOW VIEW
5.0.1+执行SHOW CREATE VIEW命令查看VIEW创建语句的权限
SUPER
4.0.2+执行kill线程,CHANGE MASTER,PURGE MASTER LOGS, and SET GLOBAL等命令的权限
UPDATE
ALL更新数据库的权限
USAGE
ALL新创建用户后不授权时所用到拥有最小的权限
要授予Global Lovel权限只需要在执行GRANT命令的时候,用*.*来指定范围是Global即可,如果有多个用户,可以使用逗号分隔开,如下:
mysql> grant all on *.* to test3,test4@'localhost' identified by 'test123'; Query OK, 0 rows affected (0.00 sec)2、Database Level
Database Level是在Global Level之下,其他三个Level之上的权限级别,其作用域即为所指定数据库中的所有对象,和Database Level比 Database Level主要少了以下几个权限,CREATE USER,FILE,PROCESS,RELOAD,REPLICATION CLIENT,REPLICATION SLAVE, SHOW DATABASES, SHUTDOWN,没有增加任何权限,
要授予Database Level权限,用如下方式实现:
1)、在执行GRANT命令的时候,通过database.* 来指定作用域为整个数据库:或者先创建一个没有权限的用户在使用过GRANT命令来授权。
mysql> grant all on test.* to test3,test4@'localhost' identified by 'test123'; Query OK, 0 rows affected (0.00 sec)3、Table Level
Table Level权限可以被Global Level和Database Level权限覆盖,Table Level权限的作用域是授权所指定的表,可以通过如下语句来授权:
mysql> grant all on test.test1 to wolf@'%' identified by 'wolf@123'; Query OK, 0 rows affected (0.01 sec) mysql> show grants for wolf@'%'; +-----------------------------------------------------------------------------------------------------+ | Grants for wolf@% | +-----------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'wolf'@'%' IDENTIFIED BY PASSWORD '*F693761139616215C4AC1A7C23A8B8F5B94704D1' | | GRANT ALL PRIVILEGES ON `test`.`test1` TO 'wolf'@'%' | +-----------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)Table Level权限由于作用域仅限于每张表,所以权限种类也比较小,只有如下8个权限,ALTER,CREATE,DELETE,DROP,INDEX,INSERT,SELECT,UODATE
4、Column Level
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Enable root permissions with one click (quickly obtain root permissions)
Jun 02, 2024 pm 05:32 PM
It allows users to perform more in-depth operations and customization of the system. Root permission is an administrator permission in the Android system. Obtaining root privileges usually requires a series of tedious steps, which may not be very friendly to ordinary users, however. By enabling root permissions with one click, this article will introduce a simple and effective method to help users easily obtain system permissions. Understand the importance and risks of root permissions and have greater freedom. Root permissions allow users to fully control the mobile phone system. Strengthen security controls, customize themes, and users can delete pre-installed applications. For example, accidentally deleting system files causing system crashes, excessive use of root privileges, and inadvertent installation of malware are also risky, however. Before using root privileges
Leak reveals key specs of Intel Arrow Lake-U, -H, -HX and -S
Jun 15, 2024 pm 09:49 PM
IntelArrowLakeisexpectedtobebasedonthesameprocessorarchitectureasLunarLake,meaningthatIntel'sbrandnewLionCoveperformancecoreswillbecombinedwiththeeconomicalSkymontefficiencycores.WhileLunarLakeisonlyavailableasava
PHP's big data structure processing skills
May 08, 2024 am 10:24 AM
Big data structure processing skills: Chunking: Break down the data set and process it in chunks to reduce memory consumption. Generator: Generate data items one by one without loading the entire data set, suitable for unlimited data sets. Streaming: Read files or query results line by line, suitable for large files or remote data. External storage: For very large data sets, store the data in a database or NoSQL.
How to optimize MySQL query performance in PHP?
Jun 03, 2024 pm 08:11 PM
MySQL query performance can be optimized by building indexes that reduce lookup time from linear complexity to logarithmic complexity. Use PreparedStatements to prevent SQL injection and improve query performance. Limit query results and reduce the amount of data processed by the server. Optimize join queries, including using appropriate join types, creating indexes, and considering using subqueries. Analyze queries to identify bottlenecks; use caching to reduce database load; optimize PHP code to minimize overhead.
How to use MySQL backup and restore in PHP?
Jun 03, 2024 pm 12:19 PM
Backing up and restoring a MySQL database in PHP can be achieved by following these steps: Back up the database: Use the mysqldump command to dump the database into a SQL file. Restore database: Use the mysql command to restore the database from SQL files.
How to insert data into a MySQL table using PHP?
Jun 02, 2024 pm 02:26 PM
How to insert data into MySQL table? Connect to the database: Use mysqli to establish a connection to the database. Prepare the SQL query: Write an INSERT statement to specify the columns and values to be inserted. Execute query: Use the query() method to execute the insertion query. If successful, a confirmation message will be output.
How to fix mysql_native_password not loaded errors on MySQL 8.4
Dec 09, 2024 am 11:42 AM
One of the major changes introduced in MySQL 8.4 (the latest LTS release as of 2024) is that the "MySQL Native Password" plugin is no longer enabled by default. Further, MySQL 9.0 removes this plugin completely. This change affects PHP and other app
How to use MySQL stored procedures in PHP?
Jun 02, 2024 pm 02:13 PM
To use MySQL stored procedures in PHP: Use PDO or the MySQLi extension to connect to a MySQL database. Prepare the statement to call the stored procedure. Execute the stored procedure. Process the result set (if the stored procedure returns results). Close the database connection.
