mysql用户和权限管理

用户和权限管理

Information about account privileges is stored in the user, db, host, tables_priv, columns_priv, and procs_priv tables in the mysql database.  The MySQL server reads the contents of these tables into memory when it starts and reloads them under the circumstances. Access-control decisions are based on the in-memory copies of the grant tables.

user: Contains user accounts, global privileges, and other non-privilege columns.
user: 用户帐号、全局权限、其他非权限字段

db: Contains database-level privileges.
db: 库级别权限

host: Obsolete.
host: 废弃

tables_priv: Contains table-level privileges.
表级别权限

columns_priv: Contains column-level privileges.
列级别权限

procs_priv: Contains stored procedure and function privileges.
存储过程和存储函数相关的权限

proxies_priv: Contains proxy-user privileges.
代理用户权限

There are several distinctions between the way user names and passwords are used by MySQL and the way they are used by your operating system:

User names, as used by MySQL for authentication purposes, have nothing to do with user names (login names) as used by Windows or Unix.
    MySQL user names can be up to 16 characters long.
    The server uses MySQL passwords stored in the user table to authenticate client connections using MySQL native authentication (against passwords stored in the mysql.user table).
    MySQL encrypts passwords stored in the user table using its own algorithm. This encryption is the same as that implemented by the PASSWORD() SQL function but differs from that used during the Unix login process.
    It is possible to connect to the server regardless of character set settings if the user name and password contain only ASCII characters.

用户帐号：
    用户名@主机
        用户名：16字符以内
        主机：
            主机名：www.magedu.com, mysql
            IP: 172.16.10.177
            网络地址:
                172.16.0.0/255.255.0.0

通配符：%，_
                172.16.%.%
                %.magedu.com

--skip-name-resolve   略过名称（主机名）解析，提高用户连接的速度

权限级别：
    全局级别： SUPER、
    库
    表: DELETE, ALTER, TRIGGER
    列: SELECT, INSERT, UPDATE
    存储过程和存储函数

字段级别：

临时表：内存表
    heap: 16MB

触发器：主动数据库
    INSERT, DELETE, UPDATE
        user: log

创建用户：
CREATE USER username@host [IDENTIFIED BY 'password']

GRANT 授权时用户不存在则创建新用户
GRANT ALL PRIVILEGES ON [object_type] db.* TO username@'%';

TABLE
  | FUNCTION
  | PROCEDURE

GRANT EXECUTE ON FUNCTION db.abc TO username@'%';

创建用户：不会自动读取授权表
INSERT INTO mysql.user
mysql> FLUSH PRIVILEGES;

查看用户相关的授权信息：
SHOW GRANTS FOR 'username@host';

GRANT OPTION
  | MAX_QUERIES_PER_HOUR count
  | MAX_UPDATES_PER_HOUR count
  | MAX_CONNECTIONS_PER_HOUR count
  | MAX_USER_CONNECTIONS count

--skip-grant-tables  跳过授权表
--skip-name-resolve  略过名称（主机名）解析，提高用户连接的速度
--skip-networking    跳过网络,只能通过本机连接

DROP USER 'username'@'host' 删除用户

RENAME USER old_name TO new_name 重命名用户

REVOKE 收回权限

管理员密码忘记找回：
启动mysqld_safe时传递两个参数：
    --skip-grant-tables
    --skip-networking 跳过网络,只能通过本机连接

set password for 'root'@'localhost' IDENTIFIED by 'passed'  --此方法不行，因为跳过了授权表
    update user set password=password('passed') where USER = 'root'
    通过更新授权表方式直接修改其密码，而后移除此两个选项重启服务器。