1、添加用户
CREATE USER 'test'@'%' IDENTIFIED BY '123456' ;
%字符是一个通配符,表示“任意一台主机”都可以用 test用户连接。但这不是安全的,建议把%修改为限制的IP地址 或localhost。
2、对用户授权
GRANT ALL ON *.* TO 'test'@'%' ;
(1) ON *.* 表示“所有数据库和它们里面的所有对象”。也可以限定特定的数据库或表。
ON db_name.*
ON db_name.table_name
ON table_name
(2)GRANT ALL表示所有权限,但不包括GRANT OPTION。其他可选权限还有:
Privilege | Meaning and Grantable Levels |
---|---|
ALL [PRIVILEGES] | Grant all privileges at specified access level except GRANT OPTION and PROXY . |
ALTER | Enable use of ALTER TABLE . Levels: Global, database, table. |
ALTER ROUTINE | Enable stored routines to be altered or dropped. Levels: Global, database, procedure. |
CREATE | Enable database and table creation. Levels: Global, database, table. |
CREATE ROUTINE | Enable stored routine creation. Levels: Global, database. |
CREATE TABLESPACE | Enable tablespaces and log file groups to be created, altered, or dropped. Level: Global. |
CREATE TEMPORARY TABLES | Enable use of CREATE TEMPORARY TABLE . Levels: Global, database. |
CREATE USER | Enable use of CREATE USER , DROP USER , RENAME USER , and REVOKE ALL PRIVILEGES . Level: Global. |
CREATE VIEW | Enable views to be created or altered. Levels: Global, database, table. |
DELETE | Enable use of DELETE . Level: Global, database, table. |
DROP | Enable databases, tables, and views to be dropped. Levels: Global, database, table. |
EVENT | Enable use of events for the Event Scheduler. Levels: Global, database. |
EXECUTE | Enable the user to execute stored routines. Levels: Global, database, table. |
FILE | Enable the user to cause the server to read or write files. Level: Global. |
GRANT OPTION | Enable privileges to be granted to or removed from other accounts. Levels: Global, database, table, procedure, proxy. |
INDEX | Enable indexes to be created or dropped. Levels: Global, database, table. |
INSERT | Enable use of INSERT . Levels: Global, database, table, column. |
LOCK TABLES | Enable use of LOCK TABLES on tables for which you have the SELECT privilege. Levels: Global, database. |
PROCESS | Enable the user to see all processes with SHOW PROCESSLIST . Level: Global. |
PROXY | Enable user proxying. Level: From user to user. |
REFERENCES | Enable foreign key creation. Levels: Global, database, table, column. |
RELOAD | Enable use of FLUSH operations. Level: Global. |
REPLICATION CLIENT | Enable the user to ask where master or slave servers are. Level: Global. |
REPLICATION SLAVE | Enable replication slaves to read binary log events from the master. Level: Global. |
SELECT | Enable use of SELECT . Levels: Global, database, table, column. |
SHOW DATABASES | Enable SHOW DATABASES to show all databases. Level: Global. |
SHOW VIEW | Enable use of SHOW CREATE VIEW . Levels: Global, database, table. |
SHUTDOWN | Enable use of mysqladmin shutdown. Level: Global. |
SUPER | Enable use of other administrative operations such as CHANGE MASTER TO , KILL , PURGE BINARY LOGS , SET GLOBAL , and mysqladmin debug command. Level: Global. |
TRIGGER | Enable trigger operations. Levels: Global, database, table. |
UPDATE | Enable use of UPDATE . Levels: Global, database, table, column. |
USAGE | Synonym for “no privileges” |
见 https://dev.mysql.com/doc/refman/5.7/en/grant.html
1) 查看某用户授权的权限
mysql> show grants for sunlands;
+---------------------------------------------------------------+
| Grants for sunlands@% |
+---------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE ON *.* TO 'sun'@'%' |
2)撤销权限
REVOKE ALL ON *.* FROM 'sun'@'%';