create user 用户名 identified by ‘密码’;
mysql> create user dam identified by '12345678'; Query OK, 0 rows affected (0.01 sec)
mysql> create user dam1 identified by '12345678',dam2 identified by '12345678',dam3 identified by '12345678'; Query OK, 0 rows affected (0.01 sec)
mysql> create user dam1 identified by '12345678',dam2 identified by '12345678',dam3 identified by '12345678'; Query OK, 0 rows affected (0.01 sec)
mysql> create user 'dam'@'' identified by '12345678'; Query OK, 0 rows affected (0.01 sec)
mysql> use mysql; Database changed -- 如果所有字段一起查询的话,数据量非常大,显示效果不好 mysql> select Host,User from user; +-----------+------------------+ | Host | User | +-----------+------------------+ | % | dam | | % | dam1 | | % | dam2 | | % | dam3 | | localhost | mysql.infoschema | | localhost | mysql.session | | localhost | mysql.sys | | localhost | root | +-----------+------------------+ 8 rows in set (0.00 sec)
drop user 用户名;(默认删除host为%的用户)
drop user ‘用户名’@'host ';(指定host来删除用户)
mysql> drop user 'dam'@''; Query OK, 0 rows affected (0.01 sec)
PS C:\Users\17526> mysql -u dam -p12345678 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 908 Server version: 8.0.27 MySQL Community Server - GPL Copyright (c) 2000, 2021, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. -- 修改密码 mysql> ALTER USER USER() IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.01 sec) mysql> exit; Bye PS C:\Users\17526> mysql -u dam -p12345678 mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'dam'@'localhost' (using password: YES) PS C:\Users\17526> mysql -u dam -p123456 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 910 Server version: 8.0.27 MySQL Community Server - GPL Copyright (c) 2000, 2021, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
alter user 用户名 identified by 新密码;
mysql> alter user dam identified by '123456789'; Query OK, 0 rows affected (0.01 sec)
rename user 修改前用户名 to 修改后用户名;
mysql> rename user dam to dam1; Query OK, 0 rows affected (0.01 sec)
show grants;
show grants for ‘用户名’@‘主机地址’;
mysql> show grants for dam; +---------------------------------+ | Grants for dam@% | +---------------------------------+ | GRANT USAGE ON *.* TO `dam`@`%` | +---------------------------------+ 1 row in set (0.00 sec)
mysql> show privileges; +-----------------------------+---------------------------------------+-------------------------------------------------------+ | Privilege | Context | Comment | +-----------------------------+---------------------------------------+-------------------------------------------------------+ | Alter | Tables | To alter the table | | Alter routine | Functions,Procedures | To alter or drop stored functions/procedures | | Create | Databases,Tables,Indexes | To create new databases and tables | | Create routine | Databases | To use CREATE FUNCTION/PROCEDURE | | Create role | Server Admin | To create new roles | | Create temporary tables | Databases | To use CREATE TEMPORARY TABLE | | Create view | Tables | To create new views | | Create user | Server Admin | To create new users | | Delete | Tables | To delete existing rows | | Drop | Databases,Tables | To drop databases, tables, and views | | Drop role | Server Admin | To drop roles | | Event | Server Admin | To create, alter, drop and execute events | | Execute | Functions,Procedures | To execute stored routines | | File | File access on server | To read and write files on the server | | Grant option | Databases,Tables,Functions,Procedures | To give to other users those privileges you possess | | Index | Tables | To create or drop indexes | | Insert | Tables | To insert data into tables | | Lock tables | Databases | To use LOCK TABLES (together with SELECT privilege) | | Process | Server Admin | To view the plain text of currently executing queries | | Proxy | Server Admin | To make proxy user possible | | References | Databases,Tables | To have references on tables | | Reload | Server Admin | To reload or refresh tables, logs and privileges | | Replication client | Server Admin | To ask where the slave or master servers are | | Replication slave | Server Admin | To read binary log events from the master | | Select | Tables | To retrieve rows from table | | Show databases | Server Admin | To see all databases with SHOW DATABASES | | Show view | Tables | To see views with SHOW CREATE VIEW | | Shutdown | Server Admin | To shut down the server | | Super | Server Admin | To use KILL thread, SET GLOBAL, CHANGE MASTER, etc. | | Trigger | Tables | To use triggers | | Create tablespace | Server Admin | To create/alter/drop tablespaces | | Update | Tables | To update existing rows | | Usage | Server Admin | No privileges - allow connect only | | ENCRYPTION_KEY_ADMIN | Server Admin | | | INNODB_REDO_LOG_ARCHIVE | Server Admin | | | GROUP_REPLICATION_STREAM | Server Admin | | | CLONE_ADMIN | Server Admin | | | SYSTEM_USER | Server Admin | | | SHOW_ROUTINE | Server Admin | | | BACKUP_ADMIN | Server Admin | | | RESOURCE_GROUP_ADMIN | Server Admin | | | SESSION_VARIABLES_ADMIN | Server Admin | | | PERSIST_RO_VARIABLES_ADMIN | Server Admin | | | CONNECTION_ADMIN | Server Admin | | | SYSTEM_VARIABLES_ADMIN | Server Admin | | | APPLICATION_PASSWORD_ADMIN | Server Admin | | | FLUSH_OPTIMIZER_COSTS | Server Admin | | | AUDIT_ADMIN | Server Admin | | | AUTHENTICATION_POLICY_ADMIN | Server Admin | | | BINLOG_ADMIN | Server Admin | | | BINLOG_ENCRYPTION_ADMIN | Server Admin | | | FLUSH_STATUS | Server Admin | | | FLUSH_TABLES | Server Admin | | | FLUSH_USER_RESOURCES | Server Admin | | | SET_USER_ID | Server Admin | | | SERVICE_CONNECTION_ADMIN | Server Admin | | | GROUP_REPLICATION_ADMIN | Server Admin | | | REPLICATION_APPLIER | Server Admin | | | INNODB_REDO_LOG_ENABLE | Server Admin | | | XA_RECOVER_ADMIN | Server Admin | | | PASSWORDLESS_USER_ADMIN | Server Admin | | | TABLE_ENCRYPTION_ADMIN | Server Admin | | | ROLE_ADMIN | Server Admin | | | REPLICATION_SLAVE_ADMIN | Server Admin | | | RESOURCE_GROUP_USER | Server Admin | | +-----------------------------+---------------------------------------+-------------------------------------------------------+ 65 rows in set (0.00 sec)
:对表进行增删改查Grant option
GRANT 权限1,权限2,…权限n ON 数据库名称.表名称 TO '用户名'@'用户主机地址' [IDENTIFIED BY '密码'];
-- 赋予用户 dam 数据库 pratice 的所有表的 增删改查 权限 mysql> GRANT SELECT,INSERT,DELETE,UPDATE ON pratice.* TO dam; Query OK, 0 rows affected (0.01 sec)
REVOKE 权限1,权限2,…权限n ON 数据库名称.表名称 FROM '角色名称'@'域名';
grant all privileges on . to 用户名;
mysql> grant all privileges on *.* to dam;
- .:所有数据库的所有表
mysql> show grants for dam; +-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Grants for dam@% | +-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `dam`@`%` | | GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,AUTHENTICATION_POLICY_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,FLUSH_OPTIMIZER_COSTS,FLUSH_STATUS,FLUSH_TABLES,FLUSH_USER_RESOURCES,GROUP_REPLICATION_ADMIN,GROUP_REPLICATION_STREAM,INNODB_REDO_LOG_ARCHIVE,INNODB_REDO_LOG_ENABLE,PASSWORDLESS_USER_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SHOW_ROUTINE,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `dam`@`%` | +-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec)
revoke all privileges on . from 用户名;
mysql> revoke all privileges on *.* from dam; Query OK, 0 rows affected (0.01 sec) mysql> show grants for dam; +---------------------------------+ | Grants for dam@% | +---------------------------------+ | GRANT USAGE ON *.* TO `dam`@`%` | +---------------------------------+ 1 row in set (0.00 sec)
- 创建用户的时候限制Host,设置复杂一点的密码
- 给用户授权的时候,权限够用就行,不要多给
- 定期清理没有用的用户或者回收权限
-- 创建角色 门店管理员 ,限制只能在数据库服务器使用这个角色 mysql> create role 'storeManager'@'localhost'; Query OK, 0 rows affected (0.01 sec) -- 直接创建角色,默认域名是 % ,什么主机都可以使用这个角色 mysql> create role enterpriseManager; Query OK, 0 rows affected (0.01 sec) -- 同时创建多个角色 mysql> create role staff,systemManager; Query OK, 0 rows affected (0.01 sec)
drop role '角色名称'@'域名';
grant 权限1,权限2,…权限n on 数据库名称.表名 to '角色名称'@'域名';
grant all privileges on *.* to '角色名称'@'域名';
show grants for '角色名称'@'域名'; mysql> show grants for staff; +-----------------------------------+ | Grants for staff@% | +-----------------------------------+ | GRANT USAGE ON *.* TO `staff`@`%` | +-----------------------------------+ 1 row in set (0.00 sec)
revoke 权限1,权限2,…权限n on 数据库名称.表名 from '角色名称'@'域名';
revoke all privileges on *.* from '角色名称'@'域名';
mysql> show variables like 'activate_all_roles_on_login'; +-----------------------------+-------+ | Variable_name | Value | +-----------------------------+-------+ | activate_all_roles_on_login | OFF | +-----------------------------+-------+ 1 row in set, 1 warning (0.00 sec) -- 激活角色功能 mysql> SET GLOBAL activate_all_roles_on_login=ON; Query OK, 0 rows affected (0.00 sec)
grant role1,role2,…,rolen to '角色名称'@'域名';
mysql> select current_role(); +----------------+ | current_role() | +----------------+ | NONE | +----------------+ 1 row in set (0.00 sec)
revoke '角色名称'@'域名' FROM '用户名'@'域名';
mysqldump -h 主机地址 -u 用户名 -p 密码 数据库 [表1 表2 表3] > 磁盘位置/文件名.sql; 注:[表1 表2 表3] 不写,就导出整个数据库 -- 导出整个数据库 PS C:\Users\17526> mysqldump -hlocalhost -uroot -p12345678 practice >D:/Desktop/pratice.sql; mysqldump: [Warning] Using a password on the command line interface can be insecure. -- 导出数据库的指定表 PS C:\Users\17526> mysqldump -hlocalhost -uroot -p12345678 practice user major >D:/Desktop/pratice.sql; mysqldump: [Warning] Using a password on the command line interface can be insecure.