root用户可以操纵所有的库,但是我们不想让某些用户操纵所有的库,我们就可以修改其权限
1.用户
1.1用户信息
MySQL中的用户,都存储再系统数据库mysql的user表中
mysql> use mysql;
Database changed
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *C40B82231AC54B3C8D5E427F74777CE81692A00D |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-------------------------------------------+
3 rows in set (0.05 sec)
字段解释:
- host:表名用户可以从那个主机登录。若是host,表明只能从本机登录
- user:用户名
- authentication_string:通过password函数加密后的密码
1.2创建用户
语法:
create user '用户名'@'登录主机ip' identified by '密码';
案例:
mysql> create user 'zm'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *C40B82231AC54B3C8D5E427F74777CE81692A00D |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | zm | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+-----------+---------------+-------------------------------------------
1.3删除用户
mysql> drop user 'zm'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host | user | authentication_string |
+-----------+---------------+-------------------------------------------+
| localhost | root | *C40B82231AC54B3C8D5E427F74777CE81692A00D |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-------------------------------------------+
3 rows in set (0.00 sec)
1.4修改用户密码
1.4.1自己该密码
set password=password('新的密码');
1.4.2root用户修改指定用户的密码
set password for '用户名'@'主机名'=password('新的密码');
案例:
set password for 'zm'@'localhost'=password('abcdefg');
2.数据库的权限
MySQL数据库提供的权限列表:
2.1给用户授权
刚创建的用户没有权限,需要给用户
注意
- 多个权限用逗号隔开
grant select on ...
grant select, delete, create on ....
grant all [privileges] on ... -- 表示赋予该用户在该对象上的所有权限
案例:
mysql> grant select on mytest.DEPT to 'zm'@'localhost';
Query OK, 0 rows affected (0.03 sec)
若zm想要删除dept表就会出错-- 没有删除权限
mysql> delete from DEPT;
ERROR 1142 (42000): DELETE command denied to user 'zm'@'localhost' for table 'DEPT'
- 表示本系统中所有数据库的所有对象*.*
- 库.*:表示某个数据库中的所有对象
- identified by可选。 如果用户存在,赋予权限的同时修改密码,如果该用户不存在,就是创建用户
2.2回收权限
语法:
revoke 权限列表 on 库.对象名 from '用户名'@'登陆位置';
– 回收zm对数据库的所有权限
案例:
revoke all on mytest.DEPT from 'zm'@'localhost';