MySQL Architecture - user rights and management

Catalog

One 、MYSQL User management

1、 Create user

2、 Understanding users user surface

3、 Change user password

4、 Delete user

Two 、 Rights management

 1、 Authorization command

2、 Take back authority

3、 View permissions

3、 ... and 、 The remote access  

1、 Grant users remote connection permission

2、 First ping Let's look at the database IP Address

3、 Firewall settings

4、 Test connection

One 、MYSQL User management

1、 Create user

create user lisi identified by '123456';

Indicates that the creation user name is lisi, The password for 123456 Users of

2、 Understanding users user surface

  Query specific fields of user table

select host,user,authentication_string,select_priv,insert_priv,drop_priv from mysql.user;  

（1）host Indicates the connection type

        ①% Represents a remote connection , Other machines can pass through the IP Address to connect ;

        ②localhost Indicates a local connection , Such as mysql -u root -p;

（2）user Represents the user name , Different connection methods and permissions of the same user

（3）select_priv , insert_priv by · User permissions

3、 Change user password

 （1） Change the current user password

set password =password（'123456'）

（2） Change a user password , You have to use root The user to change

update mysql.user set authentication_string=password('111111') where user='lisi'; 

After modifying the user table , The following instructions need to be executed to take effect

flush privileges;

4、 Delete user

 drop user 'lisi';

notes ： Do not use the following statement to delete , There will be residual information in the system

delete from  user where user='lisi' 

Two 、 Rights management

 1、 Authorization command

The authorization order needs to be in root Execute under the user

grant  jurisdiction 1, jurisdiction 2,..., jurisdiction n on  Database name . Table name  to  user name @ Address of the user  identified by  User password 

Such as ：

grant select,insert,delete,update on mytabl.* to [email protected] identified by ‘123456

This command is given to lisi grant mytabl Permissions for adding, deleting, modifying and querying all tables under the database , user lisi Must save

2、 Take back authority

The revoke permission command needs to be in root Execute under the user

 

revoke  jurisdiction 1, jurisdiction 2,..., jurisdiction n on  Database name . Table name  to  user name @ Address of the user 

Such as ：

REVOKE select,insert,update,delete ON *.* FROM [email protected]'%';

Retract in lisi Under the user , Operate the addition, deletion, modification and query commands of all tables , After executing the instruction , need lisi Re login is effective

3、 View permissions

 （1）show grants： View current user permissions ;

（2） View the global permissions of a user ：

select * from mysql.user

3、 ... and 、 The remote access  

1、 Grant users remote connection permission

grant all privileges on *.* to  user @'%'  identified by ' password ';

2、 First ping Let's look at the database IP Address

ping  The machine where the database is located IP Address  -t

3、 Firewall settings

（1) Turn off firewall

systemctl stop firewalld.service

（2） Or open ports

firewall-cmd --add-port=3306/tcp --permanent
# service iptables restart 
firewall-cmd --reload 

4、 Test connection