see ：

• 《MySQL Will know 》
• https://www.cnblogs.com/Richardzhu/p/3318595.html

One 、MySQL User permissions

There is a project recently , During the development process, the database is directly installed on the Alibaba cloud server , Connect locally to the Alibaba cloud server MySQL You can't just root User connection , Each database operation uses the newly created user to interact with the user .

In the use of non root User's time , Perform local sql file , You need some permissions , such as SELECT,INSERT,UPDATE,DELETE,CREATE And so on , Let's take a note of this , Later, during development , You can view the record of this article , Just apply it directly .
add to MySQL The benefits of users and setting permissions ： new SQL The user is not allowed to access other SQL User's library or table , You can't even use SELECT sentence . new SQL Users must be explicitly granted permissions , To execute the corresponding operation .

Two 、 Introduction to user permissions

1. Permission level

• overall situation ： Can manage the whole MySQL
• database ： Can manage the specified database
• Data sheet ： Can manage the specified tables of the specified database
• Field ： You can manage the specified fields of the specified table of the specified database

Permissions stored in mysql Library user,db,tables_priv,columns_priv,procs_priv In these system tables , stay MySQL Load the instance into memory after it starts , Implement user permission control .

2. Permission implementation

MySQL The permission implementation is divided into two sections for verification ：

The first stage ： The server will first check whether the user is allowed to connect . First from user In the table Host,User,Password this 3 Determine connected ip、 user name 、 Whether the password exists , Verify if it exists .

The second stage ： After authentication , Permission judgment is required for each request initiated by the user , according to user,db,tables_priv,columns_priv,procs_priv Verify in order of . Check the global permission table first user, If user The corresponding permissions in are Y, Then this user's permission to all databases is Y, Will no longer check db, tables_priv,columns_priv; If N, Then to db Check the specific database corresponding to this user in table , And get the db In Chinese, it means Y Authority ; If db In Chinese, it means N, Then check tables_priv The specific table corresponding to this database in . And so on .

3. Authority distribution

MYSQL How to distribute the authority of , What permissions can be set for the table , What permissions can be set for columns, etc , This can be illustrated by a table in the official document ：

The above are also some of the most commonly used permissions . More permission settings , You can directly view the authority description in the official document .

4. Query permission table

To view the user MySQL user

select user,host from mysql.user;

see root The user's permissions in the permission table

The previous table is N, The system will check the next table .

# Y It means you have permission  ,N Means no authority 
# 1.mysql.user surface  (all)
select * from mysql.user where user='root';

# 2.mysql.db surface  (empty)
select * from mysql.db where user='root';

# 3.mysql.tables_priv (empty)
select * from mysql.tables_priv where user='root';

# 4.mysql.colums_priv surface  (empty)
select * from mysql.columns_priv where user='root';

# 5.mysql.procs_priv (empty)
select * from mysql.procs_priv where user='root';

3、 ... and 、 User authority practice

All of the following operations are intended to root user , stay mysql In the library .

1. View user permission information

View the current user

select user();

see MYSQL Who are the users

select user,host from mysql.user;

View the permission information that has been authorized to the user

show grants for 'pdh'@'%';

2. User creation and Authorization

Just briefly MySQL The authorized users of ： ‘user_name’@‘host_name’（ In the middle @ Symbolic connection ）. among user_name Represents the user name ,host_name Represents the host , It can be ipv4 and ipv6 Format ,% Indicates that all hosts can access . The following lists different formats to represent different hosts ：

establish MySQL Users and permissions *

# 1. Use CREATE Create user , And then authorize 
# 1.1  establish  pdh  user , Set the password to 123456, It doesn't have permission 
CREATE USER 'pdh'@'%' IDENTIFIED BY '123456';
# 1.2  grant pdh Query and add test Permissions for Libraries 
grant select,insert,update,delete,create,alter on test.* to 'pdh';

# 2. Use GRANT Create users and authorize test All operations of the library 
grant all privileges on test.* to 'pdh'@'%' identified by "123456" with grant option;

The above instructions explain

1. ALL PRIVILEGES  It means all rights , You can also use select、update Such as permissions .
2. ON  Used to specify which libraries and tables permissions are for 
3. test.*   Express test All tables of the library 
4. TO  Means to give permission to a user .
5. 'pdh'@'%'  Express pdh user , The host to %. The host can be IP、IP paragraph 、 Domain name and %
6. IDENTIFIED BY  Specify the user's login password 
7. WITH GRANT OPTION  This option means that the user can authorize his own permissions to others 

Refresh the permissions
Use this command to make permissions work , For permission table user、db、host When we do update perhaps delete When updating, be sure to perform permission refresh .

flush privileges;

View and modify permissions
View current user permissions

show grants;

Recycling permissions

#  Recycling alter jurisdiction 
revoke alter on test.* from 'pdh'@'%';
#  Reclaim all permissions 
revoke all privilegeson test.* from 'pdh'@'%';