MySQL学习笔记.安全管理

用户管理

添加删除用户

1.添加用户
可以使用CREATE USER添加一个或多个用户。
语法格式：CREATE USER '用户名' @'主机名' IDENTIFIED BY PASSWORD,USER '用户名' @'主机名' IDENTIFIED BY PASSWORD...

create user
'user001'@'localhost' identified by 'root',
'user002'@'localhost' identified by 'root';

这里创建两个用户

mysql> create user'user001'@'localhost' identified by 'root', 'user002'@'localhost' identified by 'root';
Query OK, 0 rows affected (0.01 sec)mysql> use mysql;
Database changed
mysql> select * from user;

已创建
这里尝试登录一下user001这个用户

已登录进来
2.删除用户
语法格式：DROP USER 用户
这里删除user001用户

在这个用户下删除是会出现错误的，要回到root账户下

OK已经成功删除该用户

修改用户名，密码

1.修改用户名
语法格式：rename user '用户名' @'主机名' to '新用户名' @'主机名';
这里把用户user002修改为user001

mysql> rename user 'user002'@'localhost' to 'user001'@'localhost';
Query OK, 0 rows affected (0.00 sec)mysql> use mysql;
Database changed
mysql> select * from user;

已经修改完毕
2.修改用户密码
语法格式：set password for '用户名' @'主机名'=password('新密码');
这里把user001的密码修改为python

mysql> set password for 'user001'@'localhost' =password('python');
Query OK, 0 rows affected (0.00 sec)mysql>

权限管理

授予权限

授予的权限为以下几种
1.列权限：和表中的一个具体列相关
2.表权限：和一个具体表中的所有数据相关
3.数据库权限：和一个具体的数据库中的所有表相关
4.用户权限：和MySQL所有数据库相关，例如删除已有数据库或创建一个新数据库的权限
授予表权限

这里授予user001select student表的权限

mysql> grant select-> on student-> to user001@localhost;
Query OK, 0 rows affected (0.00 sec)

这时在user001用户下就可以查询student表了

授予列权限
列权限只能取SELECT，INSERT，UPDATE,后面加上列名
授予update权限给user001

mysql> grant update(sno,sname,sage)-> on student-> to user001@localhost;
Query OK, 0 rows affected (0.00 sec)

mysql> update student set sage=30 where sno='2018001001';
Query OK, 1 row affected (0.00 sec)
Rows matched: 1  Changed: 1  Warnings: 0mysql> select * from student;
+------------+--------------+--------+------+-------+
| sno        | sname        | sex    | sage | sdept |
+------------+--------------+--------+------+-------+
| 2018001001 | zhangsan     | male   |   30 | cs    |
| 2018001002 | lisi         | female |   19 | MA    |
| 2018001003 | jack         | male   |   20 | CS    |
| 2018001004 | clinton      | male   |   21 | IS    |
| 2018001005 | trump        | male   |   19 | IS    |
| 2018001006 | putin        | male   |   20 | CS    |
| 2018001007 | starlin      | male   |   19 | MA    |
| 2018001008 | hilery       | female |   19 | IS    |
| 2018001009 | zhangming    | female |   20 | CS    |
| 2018001010 | ligang       | male   |   19 | MA    |
| 2018001011 | 令狐冲       | male   |   18 | cs    |
| 2018001012 | 任盈盈       | female |   19 | MA    |
| 2018001013 | 岳不群       | male   |   20 | CS    |
| 2018001014 | 余沧海       | male   |   21 | IS    |
| 2018001015 | 林平之       | male   |   19 | IS    |
| 2018001016 | 岳灵珊       | male   |   20 | CS    |
| 2018001017 | 朱元璋       | male   |   19 | MA    |
| 2018001018 | 郑成功       | female |   19 | IS    |
| 2018001019 | 爱新觉罗玄烨 | female |   20 | CS    |
| 2018001020 | 慈禧         | male   |   19 | MA    |
+------------+--------------+--------+------+-------+
20 rows in set (0.00 sec)mysql> update student set sdept='MA' where sno='2018001001';
ERROR 1143 (42000): UPDATE command denied to user 'user001'@'localhost' for column 'sdept' in table 'student'
mysql>

因为没有授予user001update sdept的权限，所以会报错
授予数据库权限

授予user001在数据库yingmo中所有表的select权限
首先在yingmo数据库中创建两个表

mysql> grant select-> on yingmo.*-> to user001@localhost;
Query OK, 0 rows affected (0.00 sec)

这时已经可以在user001用户中看到

授予user001所有yingmo数据库中所有数据库权限

grant all
on *
to user001@localhost;

授予用户权限

授予user001对数据库的所有表的create，alter,drop权限

grant create,alter,drop
on *.*
to user001@localhost;

权限转移和限制

mysql> grant select-> on yingmo.student-> to user001@localhost-> with grant option;
Query OK, 0 rows affected (0.00 sec)mysql>

这里已经把select权限授予user001，这里将select权限传递给user002,此时创建user002用户

mysql> create user-> 'user002'@'localhost' identified by 'root';
Query OK, 0 rows affected (0.00 sec)

登录user002用户

权限已转移
这样的转移方式似乎没有添加限制，如何去限制呢？
如限制user002每两个小时处理一条select语句

mysql> grant select-> on yingmo.student-> to user002@localhost-> with max_queries_per_hour 2;
Query OK, 0 rows affected (0.00 sec)

权限回收

回收user001对student表的select权限

mysql> revoke select-> on student-> from user001@localhost;

使用

mysql> revoke all privileges,grant option-> from user001@localhost;
Query OK, 0 rows affected (2.08 sec)

回收user001的全部权限
此时在user001用户中无法查看数据库yingmo