1、查询数据库的所有用户及可登陆的客户端
SELECT DISTINCT CONCAT('User: ''',user,'''@''',host,''';') AS query FROM mysql.user;
————————————————
| |
| User: 'user_one'@'%'; |
| User: 'user_one'@'localhost'; |
| |
————————————————
用户名@host:localhost,只可以从本机登陆,%通配符,可以从任意客户端登录
查看用户权限
show grants for 'user_one';
2、创建新用户
命令:CREATE USER 'username'@'host' IDENTIFIED BY 'password';
说明:
username - 你将创建的用户名,
host - 指定该用户在哪个主机上可以登陆,如果是本地用户可用localhost, 如果想让该用户可以从任意远程主机登陆,可以使用通配符%.
password - 该用户的登陆密码,密码可以为空,如果为空则该用户可以不需要密码登陆服务器.
3、给用户授权
命令:GRANT privileges ON databasename.tablename TO 'username'@'host' IDENTIFIED BY '123'
flush privileges
说明:
privileges - 用户的操作权限,如SELECT , INSERT , UPDATE 等.如果要授予所有的权限则使用ALL.;
databasename - 数据库名,
tablename-表名,如果要授予该用户对所有数据库和表的相应操作权限则可用*表示, 如*.*.
IDENTIFIED BY 后面加访问密码
flush privileges 刷新权限表,即刻生效
例子:
GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.* TO 'pig'@'%' IDENTIFIED BY '123';
GRANT SELECT, INSERT ON test.user TO 'pig'@'%';
GRANT ALL ON *.* TO 'pig'@'%';
4、撤销用户权限
命令: REVOKE privilege ON databasename.tablename FROM 'username'@'host';
说明: privilege, databasename, tablename - 同授权部分.
例子: REVOKE SELECT ON *.* FROM 'pig'@'%';
注意: 假如你在给用户'pig'@'%'授权的时候是这样的(或类似的):
GRANT SELECT ON test.user TO 'pig'@'%',
则在使用REVOKE SELECT ON *.* FROM 'pig'@'%';命令并不能撤销该用户对test数据库中user表的SELECT 操作.
相反,如果授权使用的是GRANT SELECT ON *.* TO 'pig'@'%';
则REVOKE SELECT ON test.user FROM 'pig'@'%';命令也不能撤销该用户对test数据库中user表的Select 权限.
附表:在MySQL中的操作权限
ALTER | Allows use of ALTER TABLE. |
ALTER ROUTINE | Alters or drops stored routines. |
CREATE | Allows use of CREATE TABLE. |
CREATE ROUTINE | Creates stored routines. |
CREATE TEMPORARY TABLE | Allows use of CREATE TEMPORARY TABLE. |
CREATE USER | Allows use of CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES. |
CREATE VIEW | Allows use of CREATE VIEW. |
DELETE | Allows use of DELETE. |
DROP | Allows use of DROP TABLE. |
EXECUTE | Allows the user to run stored routines. |
FILE | Allows use of SELECT... INTO OUTFILE and LOAD DATA INFILE. |
INDEX | Allows use of CREATE INDEX and DROP INDEX. |
INSERT | Allows use of INSERT. |
LOCK TABLES | Allows use of LOCK TABLES on tables for which the user also has SELECT privileges. |
PROCESS | Allows use of SHOW FULL PROCESSLIST. |
RELOAD | Allows use of FLUSH. |
REPLICATION | Allows the user to ask where slave or master |
CLIENT | servers are. |
REPLICATION SLAVE | Needed for replication slaves. |
SELECT | Allows use of SELECT. |
SHOW DATABASES | Allows use of SHOW DATABASES. |
SHOW VIEW | Allows use of SHOW CREATE VIEW. |
SHUTDOWN | Allows use of mysqladmin shutdown. |
SUPER | Allows use of CHANGE MASTER, KILL, PURGE MASTER LOGS, and SET GLOBAL SQL statements. Allows mysqladmin debug command. Allows one extra connection to be made if maximum connections are reached. |
UPDATE | Allows use of UPDATE. |
USAGE | Allows connection without any specific privileges. |
