Table of Contents

Permission Management

Account management

Create user

View user permissions

Grant permissions

Delete permissions

Change password

Supplementary permissions in mysql

Home

Database

Mysql Tutorial

Detailed introduction to permission management in MySQL

黄舟

Mar 01, 2017 pm 02:10 PM

Permission Management

The MySQL permission system authenticates through the following two stages:

Perform identity authentication on connected users. Legal users pass the authentication, and illegal users refuse to connect.
Grant corresponding permissions to legal users who have passed the authentication. Users can perform corresponding operations on the database within the scope of these permissions.
In the permission access process, it mainly involves the user table and db table under the mysql database. The data structure of the user table is as follows:

The data structure of the db table is as follows:

Description of the table: It contains user columns, permission columns, security columns and resource control columns. The most frequently used ones are the user column and the permission column. Permissions are divided into normal permissions and management permissions. Operations of ordinary permissions user database such as select_priv, insert_priv, etc. Management permissions are mainly used to manage database operations, such as process_priv, super_priv, etc.
When a user connects, the access process of the permission table:
First determine the connected IP and user from the three fields of host, user and password in the user table Whether the name and password exist in the table, if they exist, the verification is passed, otherwise the connection is refused.
After passing the authentication, obtain the database permissions in the order of the following permission table: user->db->tables->priv->columns_priv. Global permissions cover local permissions. For example, if a user has select permission in the user table, then he will have select permission on all columns in all tables in all data.

Detailed description of permission search: When the user passes permission authentication, when allocating permissions, the permissions are allocated in the order of user->db->tables_priv->columns_priv, that is, the permissions are checked first. Table user, if the corresponding permission in the user table is Y, then all database permissions corresponding to the user are Y, and db, tables_priv, and columns_priv will no longer be checked; if it is N, the user's specific database permissions will be searched in the db table. , if you get the Y permission in the db, you will not be searching. Otherwise, you will check tables_priv to see the specific table permissions corresponding to the database. If it is Y, you will not be searching. Otherwise, you will be checking the columns_priv table to see the corresponding specific column permissions. This is important when we grant user permissions.

Account management

Create user

To create a user, you can use grant syntax to create or directly operate the user table.
Method 1:
Directly operate the use table
insert into user(Host,User,Password) values(“127.0.0.1 ","test",password("51testit"));
Method 2:
Format CREATE USER 'username'@'host' IDENTIFIED BY 'password';
eg:CREATE USER 'test'@ '127.0.0.1' IDENTIFIED BY '51testit';
Detailed introduction to permission management in MySQL
After creation, log in as follows:

MySQL encryption method: MYSQL323 encryption generates a 16-bit string. What survives in MySQLSHA1 is a 41-bit string, of which is not added to the actual password operation. Through observation, many users carry "", and the "*" is removed during the actual cracking process. In other words, the actual number of digits in the password encrypted by MySQLSHA1 is 40 digits.
Host field description

The Host value can be the host name or IP number, or locahost represents the local host.
You can use wildcard characters "%" and "_" in front of the host column value. "%" means matching any host. An empty Host value is equal to "%". For example, "%.myweb.com" matches all hosts in all mysql.com domains. The case is as follows:

##%pps pps, connect from any host%”Any user, connect from any host122.164.35.127ppspps, connect from 122.164.35.127122.164.35.%ppspps, connect from any host on 122.164.35. type subnet

View user permissions

For the test created above, I did not perform any authorization operations. When I used the test user to operate the database, I found:
Detailed introduction to permission management in MySQL
No database operation permissions , how can I check the permissions a user has?
View permissions
Method one:
show grants for test@127.0.0.1;
Method two:
View the permissions recorded in the user table.
select * from mysql.user where user='test' and host='127.0.0.1' \G;
Detailed introduction to permission management in MySQL

Grant permissions

The syntax format is as follows:
grant [privilege1|privilege2|all privileges] on dbName|.tableName or to user@hostName;
When granting xxpt selection permission to the test user:
grant select On xxpt. * to test.127.0.0.1;
The db table has changed and a new record has been added. But the user table has not changed. As follows:
Detailed introduction to permission management in MySQL
At this time, you can use the test user to perform data query operations, but you cannot add, delete, or modify. So grant it all permissions on the xxpt database.
grant all privileges on xxpt.* to test@127.0.0.1;
User test permissions are as follows:
Detailed introduction to permission management in MySQL
You can update data at this time

Management permissions Grant sueper, process, file
grant sueper, process, file On . to 'test'@'127.0.0.1';
Only the words following on in the statement can be .
Note: usage permission is used for login and cannot perform any operations.

Delete permissions

Use grant to add permissions and use revoke to recycle permissions. Of course, permissions can be revoked, and you can also directly operate on the user, db, tables_priv and columns_priv tables. However, the usage permission cannot be revoked.
To revoke test’s read and write permissions on all databases:
revoke select ,insert on . from test@127.0.0.1;

Change password

1. Use mysqladmin
2. Use set password for test@127.0.0.1 =password('isayhello');
3. Pass grant usage
grant usage on . to 'test '@'127.0.0.1' identified by 'isayhello';
4. Directly modify the user table
update user set Password=password("newpassword") where ***;

Supplementary permissions in mysql

Host	User	Analysis
myweb.wang	pps	pps, connect from myweb.wang

##DROPGRANT OPTIONREFERENCESALTER##Table Index permissionTableInsert permissionTableQuery PermissionTable##File access on the server hostFile Access Permissions##CREATE TEMPORARY TABLESLOCK TABLES##CREATE USERPROCESS##Server management Server ManagementReplication PermissionsServer ManagementReplication PermissionServer ManagementView database permissionsServer ManagementClose database permissionsServer ManagementExecute kill thread permissionHow MYSQL permissions are distributed, that is, what permissions can be set for tables, what permissions can be set for columns, etc. This can be explained from a table in the official documentation:

##Permissions	Permission Level	Permission Description
CREATE	Database, table or index	Create database , table or index permission
##Database or table	Delete database or table permissions
##Database, table or saved program	Grant permission options
Database or table
##Table	Change the table, such as adding fields, indexes, etc.	DELETE
Table	Delete data permission	INDEX
		INSERT
		SELECT
		UPDATE
	Update Permissions
CREATE VIEW	View	Create View Permission
SHOW VIEW	View	View View Permission
ALTER ROUTINE	Stored Procedure	Change stored procedure permissions
CREATE ROUTINE	Stored procedure	Create Stored Procedure Permission
EXECUTE	Stored Procedure	Permission to execute stored procedures
##FILE
Server Management	Create temporary table permissions
Server management	Lock table permission
Server management	Create User Permissions
Server Management	View process permissions	##RELOAD
	Permission to execute flush-hosts, flush-logs, flush-privileges, flush-status, flush-tables, flush-threads, refresh, reload and other commands	REPLICATION CLIENT
		REPLICATION SLAVE
		SHOW DATABASES
		SHUTDOWN
		SUPER

Permission distribution

Permissions that may be set'Select', 'Insert', 'Update', 'Delete', 'Create', 'Drop', 'Grant', 'References', 'Index', 'Alter''Select', 'Insert', 'Update', 'References' 'Execute', 'Alter Routine', 'Grant'

	Table permissions
	Column permissions
	Process Permissions
	The above is the detailed introduction of permission management in MySQL. For more related content, please pay attention to the PHP Chinese website (www.php.cn) !

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

2 weeks ago By DDD

R.E.P.O. How to Fix Audio if You Can't Hear Anyone

4 weeks ago By 尊渡假赌尊渡假赌尊渡假赌

WWE 2K25: How To Unlock Everything In MyRise

1 months ago By 尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7507

CakePHP Tutorial

1378

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

Related knowledge

MySQL: The Ease of Data Management for Beginners Apr 09, 2025 am 12:07 AM

MySQL is suitable for beginners because it is simple to install, powerful and easy to manage data. 1. Simple installation and configuration, suitable for a variety of operating systems. 2. Support basic operations such as creating databases and tables, inserting, querying, updating and deleting data. 3. Provide advanced functions such as JOIN operations and subqueries. 4. Performance can be improved through indexing, query optimization and table partitioning. 5. Support backup, recovery and security measures to ensure data security and consistency.

How to open phpmyadmin Apr 10, 2025 pm 10:51 PM

You can open phpMyAdmin through the following steps: 1. Log in to the website control panel; 2. Find and click the phpMyAdmin icon; 3. Enter MySQL credentials; 4. Click "Login".

MySQL: Simple Concepts for Easy Learning Apr 10, 2025 am 09:29 AM

MySQL is an open source relational database management system. 1) Create database and tables: Use the CREATEDATABASE and CREATETABLE commands. 2) Basic operations: INSERT, UPDATE, DELETE and SELECT. 3) Advanced operations: JOIN, subquery and transaction processing. 4) Debugging skills: Check syntax, data type and permissions. 5) Optimization suggestions: Use indexes, avoid SELECT* and use transactions.

How to create navicat premium Apr 09, 2025 am 07:09 AM

Create a database using Navicat Premium: Connect to the database server and enter the connection parameters. Right-click on the server and select Create Database. Enter the name of the new database and the specified character set and collation. Connect to the new database and create the table in the Object Browser. Right-click on the table and select Insert Data to insert the data.

MySQL and SQL: Essential Skills for Developers Apr 10, 2025 am 09:30 AM

MySQL and SQL are essential skills for developers. 1.MySQL is an open source relational database management system, and SQL is the standard language used to manage and operate databases. 2.MySQL supports multiple storage engines through efficient data storage and retrieval functions, and SQL completes complex data operations through simple statements. 3. Examples of usage include basic queries and advanced queries, such as filtering and sorting by condition. 4. Common errors include syntax errors and performance issues, which can be optimized by checking SQL statements and using EXPLAIN commands. 5. Performance optimization techniques include using indexes, avoiding full table scanning, optimizing JOIN operations and improving code readability.

How to create a new connection to mysql in navicat Apr 09, 2025 am 07:21 AM

You can create a new MySQL connection in Navicat by following the steps: Open the application and select New Connection (Ctrl N). Select "MySQL" as the connection type. Enter the hostname/IP address, port, username, and password. (Optional) Configure advanced options. Save the connection and enter the connection name.

How to recover data after SQL deletes rows Apr 09, 2025 pm 12:21 PM

Recovering deleted rows directly from the database is usually impossible unless there is a backup or transaction rollback mechanism. Key point: Transaction rollback: Execute ROLLBACK before the transaction is committed to recover data. Backup: Regular backup of the database can be used to quickly restore data. Database snapshot: You can create a read-only copy of the database and restore the data after the data is deleted accidentally. Use DELETE statement with caution: Check the conditions carefully to avoid accidentally deleting data. Use the WHERE clause: explicitly specify the data to be deleted. Use the test environment: Test before performing a DELETE operation.

How to execute sql in navicat Apr 08, 2025 pm 11:42 PM

Steps to perform SQL in Navicat: Connect to the database. Create a SQL Editor window. Write SQL queries or scripts. Click the Run button to execute a query or script. View the results (if the query is executed).

See all articles