1.创建test1用户
select password('test1');
+-------------------------------------------+
| password('test1') |
+-------------------------------------------+
| *06C0BF5B64ECE2F648B5F048A71903906BA08E5C |
+-------------------------------------------+
create user 'test1'@'localhost' identified by password '*06C0BF5B64ECE2F648B5F048A71903906BA08E5C';
这里create user中密码使用普通字符串时,则不需要password关键字,当使用password()函数加密之后的字符串时,则需要有password关键字
2.授权
grant select,create,delete on pmx.* to 'test1'@'localhost' with grant option;
grant后面可以不用设置密码,因为在create user中已经设置好了。为数据库pmx下的所有表授权,用户的权限信息保存在mysql.db表中。
3.收回权限
revoke select,create,delete,grant option on pmx.* from 'test1'@'localhost';
或者
revoke all privileges,grant option from 'test1'@'localhost';
或者
revoke all privileges on pmx.* from 'test1'@'localhost';revoke grant option on pmx.* from 'test1'@'localhost';
4. 授予什么权限就回收什么权限
4.1
grant select on *.* to 'test1'@'localhost' with grant option;
授予全局权限,权限信息保存在mysql.user表中
select * from mysql.user where user='test1'\G;*************************** 1. row ***************************Host: localhostUser: test1
Password:*06C0BF5B64ECE2F648B5F048A71903906BA08E5C
Select_priv: Y
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: Y
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
Event_priv: N
Trigger_priv: N
Create_tablespace_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions:0max_updates:0max_connections:0max_user_connections:0plugin: mysql_native_password
authentication_string:
password_expired: N1 row in set (0.00 sec)
4.2
grant select on pmx.* to 'test1'@'localhost' with grant option;
授予数据库权限,权限信息保存在mysql.db表中
select * frommysql.db\G;*************************** 1. row ***************************Host: localhost
Db: pmxUser: test1
Select_priv: Y
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Grant_priv: Y
References_priv: N
Index_priv: N
Alter_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Execute_priv: N
Event_priv: N
Trigger_priv: N1 rows in set (0.00 sec)
4.3
grant select on pmx.score to 'test1'@'localhost' with grant option;
授予某张表权限,权限信息保存在mysql.tables_priv表中
select * frommysql.tables_priv;+-----------+-----+-------+------------+----------------+---------------------+--------------+-------------+
| Host | Db | User | Table_name | Grantor | Timestamp | Table_priv | Column_priv |
+-----------+-----+-------+------------+----------------+---------------------+--------------+-------------+
| localhost | pmx | test1 | score | root@localhost | 0000-00-00 00:00:00 | Select,Grant | |
+-----------+-----+-------+------------+----------------+---------------------+--------------+-------------+
4.4
grant select(grade) on pmx.score to 'test1'@'localhost' with grant option;
授予某个字段的权限,权限信息保存在mysql.columns_priv表中
select * frommysql.columns_priv;+-----------+-----+-------+------------+-------------+---------------------+-------------+
| Host | Db | User | Table_name | Column_name | Timestamp | Column_priv |
+-----------+-----+-------+------------+-------------+---------------------+-------------+
| localhost | pmx | test1 | score | grade | 0000-00-00 00:00:00 | Select |
+-----------+-----+-------+------------+-------------+---------------------+-------------+
当使用
revoke all privileges on *.* from 'test1'@'localhost';
回收的只是全局的权限,test1用户其他的权限,比如对pmx数据库的权限,对score表的权限,对某个字段的权限仍然持有。 所以为了回收用户的所有权限,使用
revoke all privileges,grant option from 'test1'@'localhost';
这是条固定语法,all privileges和grant option必须都有
1697
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
