赋予mysql⽤户触发器权限_12、创建mysql⽤户及赋予⽤户权
1、通过help命令查看grant的⽤法:
CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'password';
GRANT ALL ON db1.* TO 'jeffrey'@'localhost';
GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';
GRANT USAGE ON *.* TO 'jeffrey'@'localhost' WITH MAX_QUERIES_PER_HOUR 90;
2、运维⼈员标胶常⽤的创建⽤户的⽅法:
使⽤grant命令在创建⽤户的同时进⾏权限的授权,具体的例⼦如下;
grant all privileges on db1.* to 'jeffrey'@'localhost' identified by '123456';
这⼀条命令等于"1、"中标红的两条命令;
3、grant命令权限:
(1)grant命令语法:
grant all privileges on dbname.* to 'username'@'locahost' identified by 'password'
grant all privileges on dbname.* to username@localhost identified by password
授权命令 对应权限 ⽬标 库和表 ⽤户名和客户端主机 ⽤户密码
注意:all privleges权限不包括创建⽤户的权限;
(2)⽤法:
1)创建⽤户并赋予权限的⽅法:
mysql> grant all privileges on lc.* to 'lc'@'localhost' identified by '123456';
mysql> select user,host from mysql.user;
+-----------+------------+
| user | host |
+-----------+------------+
| root | 127.0.0.1 |
| wordpress | 172.16.1.% |
| root | ::1 |
| root | db01 |
| lc | localhost |
| root | localhost |
+-----------+------------+
6 rows in set (0.00 sec)
mysql>show grants for 'lc'@'localhost';
+-----------------------------------------------------------------------------------------------------------+
| Grants for lc@localhost |
+-----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'lc'@'localhost' IDENTIFIED BY PASSWORD
'*6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9' |
| GRANT ALL PRIVILEGES ON `lc`.* TO 'lc'@'localhost' |
+-----------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)
2)创建⽤户和权限命令配合的⽅法:
mysql> create user 'lc3'@'localhost' identified by '123456';
#创建的普通⽤户权限是USAGE,就是没有任何的权限的;
mysql> grant all privileges on lc.* to 'lc3'@'localhost';
mysql> flush privileges;
3)授权局域⽹内主机远程连接数据库:
A、⽹段:
10.0.0.%
10.0.0.0/255.255.255.0
C、特定ip地址:
10.0.0.1
D、域名:
www.web01
C、linux命令⾏的远程连接:
mysql -uroot -p123456 -P3306 -h localhost
D、通过php服务器连接mysql服务器的代码:
//$link_id=mysql_connect('主机名','⽤户','密码');
$link_id=mysql_connect('10.0.0.7','lc','123456') or mysql_error();
if($link_id){
echo "mysql successful by lc!";
}else{
echo "mysql_error()";
}
>
4、mysql ALL PRIVILEGES权限有哪些:
(1)收回权限:
revoke INSERT ON 'lc'.* from 'lc3'@'localhost';
flush privileges;
(2)查看all privileges的所有权限:
[root@db01 ~]# mysql -ulc3 -p123456 -e "show grants for 'lc3'@'localhost';" | tail -1 | tr "," "\n" GRANT SELECT #查询
UPDATE #更新
INSERT #插⼊
DELETE #删除
CREATE #创建库和表
DROP #删除库和表
REFERENCES
INDEX #索引
ALTER #修改
CREATE TEMPORARY TABLES #创建临时表
LOCK TABLES #锁表
EXECUTE #执⾏
CREATE VIEW #创建视图
php远程连接mysql数据库SHOW VIEW #显⽰视图
CREATE ROUTINE #创建存储过程
ALTER ROUTINE #显⽰存储过程
EVENT #事件
TRIGGER ON `lc`.* TO 'lc3'@'localhost' #触发器
根据以上的权限在给⽤户赋权的时候可以⽤逗号隔开赋权;
mysql> select * from mysql.user; #通过查看mysql库的user表来查看⽤户的权限
N代表没有权限,Y代表有该权限;
5、企业⽣产环境中如何授权⽤户权限:
在授权时可以授权⽤户最⼩的满⾜业务需求的权限,⽽不是⼀味的授权"ALL PRIVILEGES"。
(1)博客,cms等产品的数据库授权:
对于web连接⽤户授权尽量采⽤最⼩化的原则,很多开源软件都是web界⾯安装,因此,在
安装期间除了select,insert,update,delete 4个权限外,还需要create,drop等⽐较危险的权限;
grant select,insert,update,delete,create,drop on blog.* to 'blog'@'172.16.1.%' identified by '123456';
(2)⽣成数据库表后,要回收create,drop权限;
revoke crate,drop on blog.* from 'blog'@'localhost';
(3)⽣产环境针对主库(写为主,读为辅)⽤户的授权:
1)普通环境:
本机:lnmp,lamp环境数据库授权;
grant all privileges on blog.* to 'blog'@'172.16.1.%' identified by '123456';
应⽤服务器和数据库服务器不在⼀个主机上的授权;
grant all privileges on blog.* to 'blog'@'172.16.1.%' identified by '123456';
严格的授权:重视安全,忽略⽅便;
grant select,insert,update,delete on blog.* to 'blog'@'172.16.1.%' identified by '123456';
(4)⽣产环境从库(只读)⽤户的授权;
grant select on blog.* to 'blog'@'172.16.1.%' identified by '123456';
提⽰:这⾥表⽰给172.16.1.0/24的⽤户blog管理blog数据库的所有表(*表⽰所有表),只读
权限(select),密码为'123456';

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。