MySQL数据库管理

目录

一、MySQL用户管理

1、新建用户

2、删除用户

3、重命名用户

4、给用户设置密码

二、授权控制

1、授予权限

2、授予权限的语法格式

三、查看用户权限

四、撤销用户权限

---

一、MySQL用户管理

1、新建用户

语法格式：

create USER 'username'@'host' [identified by [password] 'password']；

## 创建一个用户，名为lili 密码为abc123 允许在本地登录
 
mysql> create user 'lili'@'localhost' identified by 'abc123';   ## 创建新用户lili
Query OK, 0 rows affected (0.00 sec)
 
 
###验证：
 
mysql> use mysql                     #### 切换数据库
 
mysql> show tables;                  #### 显示当前数据库的表
+---------------------------+
| Tables_in_mysql           |
+---------------------------+
| columns_priv              |
| db                        |
| engine_cost               |
...............................
 
mysql> select User,authentication_string from user    ## 在user中查找显示User和 
                                                        authentication_string两个字节
    -> ;
+---------------+-------------------------------------------+
| User          | authentication_string                     |
+---------------+-------------------------------------------+
| root          | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 |
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| lili          | *6691484EA6B50DDDE1926A220DA01FA9E575C18A |  ###  新用户创建成功
+---------------+-------------------------------------------+
4 rows in set (0.00 sec)
 
[root@zwb_mysql ~]# mysql -ulili -pabc123         ###使用lili用户名进行登录测试
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.20 Source distribution
 
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
 
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
mysql> 
 
 

2、删除用户

语法格式：

drop user 'username'@'localhost';

mysql> select User,authentication_string from user            ### 查询用户
    -> ;
+---------------+-------------------------------------------+
| User          | authentication_string                     |
+---------------+-------------------------------------------+
| root          | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 |
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| lili          | *6691484EA6B50DDDE1926A220DA01FA9E575C18A |
+---------------+-------------------------------------------+
4 rows in set (0.00 sec)
 
mysql> drop user 'lili'@'localhost';                          ### 删除用户lili
Query OK, 0 rows affected (0.00 sec) 
 
mysql> select User,authentication_string from user            ### 验证，查询用户
    -> ;
+---------------+-------------------------------------------+
| User          | authentication_string                     |
+---------------+-------------------------------------------+
| root          | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 |
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+---------------+-------------------------------------------+
3 rows in set (0.00 sec)

3、重命名用户

语法格式：

rename user 'old_name'@'localhost' to 'new_name'@'localhost';

### 创建用户wangyi
 
mysql> create user 'wangyi'@'localhost' identified by 'abc123';
Query OK, 0 rows affected (0.00 sec)
 
### 查看新创建用户
 
mysql> select User,authentication_string from user;
+---------------+-------------------------------------------+
| User          | authentication_string                     |
+---------------+-------------------------------------------+
| root          | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 |
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| wangyi        | *6691484EA6B50DDDE1926A220DA01FA9E575C18A |
+---------------+-------------------------------------------+
4 rows in set (0.00 sec)
 
 
### 把用户名wangyi 修改为 wangwu
 
mysql> rename user 'wangyi'@'localhost' to 'wangwu'@'localhost';
Query OK, 0 rows affected (0.01 sec)
 
 
###查看修改后结果
 
mysql> select User,authentication_string from user;
+---------------+-------------------------------------------+
| User          | authentication_string                     |
+---------------+-------------------------------------------+
| root          | *E56A114692FE0DE073F9A1DD68A00EEB9703F3F1 |
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| wangwu        | *6691484EA6B50DDDE1926A220DA01FA9E575C18A |
+---------------+-------------------------------------------+
4 rows in set (0.00 sec)

4、给用户设置密码

①修改当前登录的用户的密码

语法格式：(使用password（）函数对密码进行加密)

mysqladmin -u用户名 -p旧密码 password 新密码 

##  修改root用户密码。设置为abc123
[root@zwb_mysql ~]# mysqladmin -uroot -p123123 password abc123;
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
 
 
### 实验用新密码登录
[root@zwb_mysql ~]# mysql -uroot -pabc123   
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.7.20 Source distribution
 
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
 
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
mysql> 

二、授权控制

授权控制目的：

我们使用create user 创建的用户，只能登录进入数据库，但是无法做任何事情

还需要grant 命令进行 用户授权。同时，此命令，如果当用户不存在，也可以创建该用户。

1、授予权限

授权控制遵循的原则：

①只授予能满足要求的最小权限，防止用户误操作

②创建用户时限制用户的登录主机

③初始化数据库时删除没有密码的用户

④为每个用户设置复杂的符合要求的密码

⑤定期清理不需要的用户

2、授予权限的语法格式

grant 权限列表 on 数据库名.表名 to '用户名'@'主机名 ' identified by '密码' with grant option ；

权限列表：多个权限用逗号‘,’ 隔开，如 'select,update' 

数据库名.表名：用于指定授权操作的数据库名和表名，可以使用通配符' *' 表示所有。如 *.* 表示所有库，所有表。

'用户名'@'主机名 '：用户指定用户名和可以登录的客户端地址

identified by :用于设置用户连数据库时候的密码，在新建用户时，如果省略此部分，则用户密码为空。但是我们在配置文件中设置了'NO_AUTO_CREATE_USER'项，所以是无法创建空密码用户。会报错。

with grant option :让被授权的用户，可以将相同的权限授权给他人。

###授权 所有库的所有表的select权限给用户 test，登录密码是abc123,只能本地登录
 
mysql> grant select on *.* to 'test'@'localhost' identified by 'abc123';
 
### 退出数据库，使用用户 test ，密码abc123 本地登录mysql
[root@zwb_mysql ~]# mysql -utest -pabc123
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.7.20 Source distribution
 
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
 
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
 
 
 
### 查看MySQL服务器的数据库
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| AAA                |
| class              |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
6 rows in set (0.00 sec)
 
 
 
### 切换数据库
mysql> use AAA;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
 
Database changed
 
 
 
 
#### 查看表
mysql> SHOW TABLES;
+---------------+
| Tables_in_AAA |
+---------------+
| tongxunlu     |
+---------------+
1 row in set (0.00 sec)
 
 
 
### 查看表的基本结构
mysql> desc tongxunlu;
+-----------+-------------+------+-----+---------+-------+
| Field     | Type        | Null | Key | Default | Extra |
+-----------+-------------+------+-----+---------+-------+
| 序号      | int(3)      | NO   | PRI | NULL    |       |
| 姓名      | varchar(20) | YES  |     | NULL    |       |
| 手机号    | int(15)     | YES  |     | NULL    |       |
+-----------+-------------+------+-----+---------+-------+
3 rows in set (0.00 sec)
 
 
 
### 插入数据，提示拒绝添加数据
mysql> insert into tongxunlu values(4,大圣，12345);
ERROR 1142 (42000): INSERT command denied to user 'test'@'localhost' for table 'tongxunlu'
mysql> select * from tongxunlu;
+--------+--------+------------+
| 序号   | 姓名   | 手机号     |
+--------+--------+------------+
|      1 | 张三   |  188888888 |
|      2 | 张二   | 1888888888 |
+--------+--------+------------+
2 rows in set (0.00 sec)

三、查看用户权限

①用户显示自身的访问权限

语法格式：show grants;

mysql> show grants;   ### 以test普通用户的身份登录
+-------------------------------------------+
| Grants for test@localhost                 |
+-------------------------------------------+
| GRANT SELECT ON *.* TO 'test'@'localhost' |
+-------------------------------------------+
1 row in set (0.00 sec)

②管理员查看已拥有授权用户权限

语法格式：show grants for '用户名'@'登录地点'

mysql> show grants for 'test'@'localhost';    ### 以root身份登录的
+-------------------------------------------+
| Grants for test@localhost                 |
+-------------------------------------------+
| GRANT SELECT ON *.* TO 'test'@'localhost' |
+-------------------------------------------+
1 row in set (0.00 sec)
 

四、撤销用户权限

语法格式：revoke 权限 on 库名.表名 from '用户名'@'登录地点' ;

mysql> revoke select on *.* from 'test'@'localhost';
Query OK, 0 rows affected (0.00 sec)
 
 
## 查看结果
mysql> show grants for 'test'@'localhost';
+------------------------------------------+
| Grants for test@localhost                |
+------------------------------------------+
| GRANT USAGE ON *.* TO 'test'@'localhost' |
+------------------------------------------+
1 row in set (0.01 sec)