十二、MySQL用戶管理
MySQL是一個多用戶數據庫,具有功能強大的訪問控制系統,可以為不同用戶指定允許的權限。MySQL用戶可以分為普通用戶和root用戶。root用戶是超級管理員,擁有所有權限,普通用戶只擁有被授予的各種權限。
12.1、權限表
MySQL服務器通過權限來控制用戶對數據庫的訪問,權限表存放在MySQL數據庫中,由MySQL_install_db腳本初始化.存儲賬戶權限信息表主要有:user,db,host,table_priv、columns_priv、procs_priv。
user表
user表是MySQL中最重要的一個權限表,記錄允許連接到服務器的帳號信息,裏面的權限是全局級的。
mysql> use mysql; Database changed mysql> DESC user; +------------------------+------------------------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +------------------------+------------------------------+------+-----+---------+-------+ | Host | char(60) | NO | PRI | | | | User | char(16) | NO | PRI | | | | Password | char(41) | NO | | | | | Select_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Insert_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Update_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Delete_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Drop_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Reload_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Shutdown_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Process_priv | enum(‘N‘,‘Y‘) | NO | | N | | | File_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Grant_priv | enum(‘N‘,‘Y‘) | NO | | N | | | References_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Index_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Alter_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Show_db_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Super_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_tmp_table_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Lock_tables_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Execute_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Repl_slave_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Repl_client_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_view_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Show_view_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_routine_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Alter_routine_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_user_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Event_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Trigger_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_tablespace_priv | enum(‘N‘,‘Y‘) | NO | | N | | | ssl_type |enum(‘‘,‘ANY‘,‘X509‘,‘SPECIFIED‘)| NO | | | | | ssl_cipher | blob | NO | | NULL | | | x509_issuer | blob | NO | | NULL | | | x509_subject | blob | NO | | NULL | | | max_questions | int(11) unsigned | NO | | 0 | | | max_updates | int(11) unsigned | NO | | 0 | | | max_connections | int(11) unsigned | NO | | 0 | | | max_user_connections | int(11) unsigned | NO | | 0 | | | plugin | char(64) | YES | | | | | authentication_string | text | YES | | NULL | | +------------------------+------------------------------+------+-----+---------+-------+
用戶列
user表的用戶列包括Host、User、Password。其中User和Host為User表的聯合主鍵。當用戶與服務器之間建立連接時,輸入的賬戶信息中的用戶名稱、主機名和密碼必須匹配User表中的對應字段,只有3個值都匹配的時候,才允許連接建立。
權限列
權限列的字段決定了用戶的權限,描述了全範圍內允許對數據和數據庫進行的操作。user表中對應的權限針對多有用戶數據庫的。這些字段值的類型為ENUM,可以取的值只有Y和N,Y表示該用戶有對應權限,N表示用戶沒有對應的權限。
安全列
安全列只有6個字段,其中兩個是ssl相關的,兩個是x509相關的,另外兩個是授權插件相關的。ssl用於加密;x509標準可用於標識用戶;Plugin字段標識可用於驗證用戶身份的插件。
資源控制列
資源控制列的字段用來限制用戶使用的資源,包含4各字段:
max_questions:用戶每小時允許執行的查詢操作次數
max_updates:用戶每小時允許執行的更新操作次數
max_connections:用戶每小時允許執行的連接操作數
max_user_connections:用戶允許同時建立的連接次數
db表和host表
db表和host表是MySQL數據中非常重要的權限表。db表中存儲了用戶對某個數據庫的操作權限,決定用戶能從哪個主機存取哪個數據庫。host表中存儲了某個主機對數據庫的操作權限。
mysql> USE mysql; Database changed mysql> DESC db; +-----------------------+---------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-----------------------+---------------+------+-----+---------+-------+ | Host | char(60) | NO | PRI | | | | Db | char(64) | NO | PRI | | | | User | char(16) | NO | PRI | | | | Select_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Insert_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Update_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Delete_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Drop_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Grant_priv | enum(‘N‘,‘Y‘) | NO | | N | | | References_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Index_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Alter_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_tmp_table_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Lock_tables_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_view_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Show_view_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_routine_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Alter_routine_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Execute_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Event_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Trigger_priv | enum(‘N‘,‘Y‘) | NO | | N | | +-----------------------+---------------+------+-----+---------+-------+ 22 rows in set (0.00 sec) mysql> DESC host; +-----------------------+---------------+------+-----+---------+-------+ | Field | Type | Null | Key | Default | Extra | +-----------------------+---------------+------+-----+---------+-------+ | Host | char(60) | NO | PRI | | | | Db | char(64) | NO | PRI | | | | Select_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Insert_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Update_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Delete_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Drop_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Grant_priv | enum(‘N‘,‘Y‘) | NO | | N | | | References_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Index_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Alter_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_tmp_table_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Lock_tables_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_view_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Show_view_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Create_routine_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Alter_routine_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Execute_priv | enum(‘N‘,‘Y‘) | NO | | N | | | Trigger_priv | enum(‘N‘,‘Y‘) | NO | | N | | +-----------------------+---------------+------+-----+---------+-------+ 20 rows in set (0.00 sec)
用戶列
db表用戶列有3個字段,分別是Host、User、Db,標識從某主機連接某個用戶對某個數據庫的操作權限,這3個字段的組合構成了db表的主鍵。
host表不存儲用戶名稱,用戶列只有兩個字段,分別是Host和Db,表示從某個主機連接的用戶對某個數據庫的操作權限,其逐漸包括Host和Db兩個字段。
權限列
表中create_routine_priv和alter_routine_priv這兩個字段表名用戶是否有創建和修改存儲過程的權限。
user表中的權限是針對所有數據庫的,當希望用戶只對某個數據庫有操作權限,需要將user表中對應的權限設置為N,然後在db表中設置對應數據庫的操作權限。
table_priv表和columns_priv表
table_priv表用來對表設置操作權限,columns_priv表用來對表的某一列設置權限。
mysql> DESC tables_priv; +-------------+-----------------------------------------------------------------------------------------------------------------------------------+------+-----+-------------------+-----------------------------+ | Field | Type | Null | Key | Default | Extra | +-------------+-----------------------------------------------------------------------------------------------------------------------------------+------+-----+-------------------+-----------------------------+ | Host | char(60) | NO | PRI | | | | Db | char(64) | NO | PRI | | | | User | char(16) | NO | PRI | | | | Table_name | char(64) | NO | PRI | | | | Grantor | char(77) | NO | MUL | | | | Timestamp | timestamp | NO | | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP | | Table_priv | set(‘Select‘,‘Insert‘,‘Update‘,‘Delete‘,‘Create‘,‘Drop‘,‘Grant‘,‘References‘,‘Index‘,‘Alter‘,‘Create View‘,‘Show view‘,‘Trigger‘) | NO | | | | | Column_priv | set(‘Select‘,‘Insert‘,‘Update‘,‘References‘) | NO | | | | +-------------+-----------------------------------------------------------------------------------------------------------------------------------+------+-----+-------------------+-----------------------------+ 8 rows in set (0.00 sec) mysql> DESC columns_priv; +-------------+----------------------------------------------+------+-----+-------------------+-----------------------------+ | Field | Type | Null | Key | Default | Extra | +-------------+----------------------------------------------+------+-----+-------------------+-----------------------------+ | Host | char(60) | NO | PRI | | | | Db | char(64) | NO | PRI | | | | User | char(16) | NO | PRI | | | | Table_name | char(64) | NO | PRI | | | | Column_name | char(64) | NO | PRI | | | | Timestamp | timestamp | NO | | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP | | Column_priv | set(‘Select‘,‘Insert‘,‘Update‘,‘References‘) | NO | | | | +-------------+----------------------------------------------+------+-----+-------------------+-----------------------------+ 7 rows in set (0.00 sec)
Host、Db、User、Table_name:分別表示主機名、數據庫名、用戶名和表名 |
Grantor:修改該記錄的用戶 |
Timestamp:修改該記錄的時間 |
Table_priv:對表的操作權限 |
Column_priv:對表中的列的操作權限 |
procs_priv表
procs_priv表可以對存儲過程和存儲函數設置操作權限。
mysql> DESC procs_priv; +--------------+----------------------------------------+------+-----+-------------------+-----------------------------+ | Field | Type | Null | Key | Default | Extra | +--------------+----------------------------------------+------+-----+-------------------+-----------------------------+ | Host | char(60) | NO | PRI | | | | Db | char(64) | NO | PRI | | | | User | char(16) | NO | PRI | | | | Routine_name | char(64) | NO | PRI | | | | Routine_type | enum(‘FUNCTION‘,‘PROCEDURE‘) | NO | PRI | NULL | | | Grantor | char(77) | NO | MUL | | | | Proc_priv | set(‘Execute‘,‘Alter Routine‘,‘Grant‘) | NO | | | | | Timestamp | timestamp | NO | | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP | +--------------+----------------------------------------+------+-----+-------------------+-----------------------------+ 8 rows in set (0.00 sec)
Host、Db、User:分別表示主機名、數據庫名、用戶名 |
Routine_name:存儲過程或函數的名稱 |
Routine_type:存儲過程或函數的類型 |
Grantor:插入或修改該記錄的用戶 |
Prov_priv:擁有的權限 |
Timestamp:記錄更新時間 |
12.2、賬戶管理
MySQL提供許多語句用來管理用戶賬號,這些語句用來管理包括登錄和退出MySQL服務器、創建用戶、刪除用戶、密碼管理和權限管理等內容。
登錄和退出MySQL服務器
使用root用戶登錄到本地mysql服務器的test庫中
[[email protected] ~]# mysql -uroot -p -hlocalhost test Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 15 Server version: 5.5.56-log Source distribution Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type ‘help;‘ or ‘\h‘ for help. Type ‘\c‘ to clear the current input statement. mysql>
使用root用戶登錄到本地mysql服務器的test庫中,執行一條查詢語句
[[email protected] ~]# mysql -uroot -p -hlocalhost test -e "DESC person;" Enter password: +-------+------------------+------+-----+---------+----------------+ | Field | Type | Null | Key | Default | Extra | +-------+------------------+------+-----+---------+----------------+ | id | int(10) unsigned | NO | PRI | NULL | auto_increment | | name | char(40) | NO | | | | | age | int(11) | NO | | 0 | | | info | char(50) | YES | | NULL | | +-------+------------------+------+-----+---------+----------------+
新建普通用戶
使用CREATE USER語句創建新用戶
在執行CREATE USER或CRANT與舉止,服務器會修改相應的用戶權限表,添加或修改用戶及權限。CREATE USER語法格式為:
CREATE USER auth_option [, auth_option] ... auth_option: [email protected] [ IDENTIFIED BY PASSWORD ‘hash_string‘ IDENTIFIED WITH auth_plugin AS ‘hash_string‘ ]
user:創建的用戶名稱 |
host:允許登錄的用戶主機名稱 |
IDENTIFIED BY:用來設置用戶的密碼 |
PASSWORD:使用哈希值設置密碼 |
hash_string:用戶登錄時使用的普通明文密碼 |
IDENTIFIED WITH:為用戶指定一個身份驗證插件 |
auth_plugin:插件的名稱,可以是帶單引號的字符串,或者帶引號的字符串 |
使用CREATE USER創建一個用戶,用戶名是jeffrey,密碼是mypass,主機名是localhost
mysql> CREATE USER [email protected] IDENTIFIED BY ‘mypass‘; Query OK, 0 rows affected (0.00 sec)
使用CRANT創建新用戶
GRANT語句是添加新用戶並授權它們訪問MySQL對象的首選方法,其語法格式為:
GRANT privileges ON db.table TO [email protected] [IDENTIFIED BY ‘password‘] [,user [IDENTIFIED BY ‘password‘]] [WITH GRANT OPTION]
使用GRANT語句創建一個新的用戶testUser,密碼為testpwd。 用戶 testUser對所有的數據有查詢和更新權限,並授於對所有數據表的SELECT和UPDATE權限 mysql> GRANT SELECT,UPDATE ON *.* TO [email protected] IDENTIFIED BY ‘testpwd‘; Query OK, 0 rows affected (0.00 sec) mysql> SELECT Host,User,Select_priv,Update_priv FROM mysql.user where user=‘testUser‘; +-----------+----------+-------------+-------------+ | Host | User | Select_priv | Update_priv | +-----------+----------+-------------+-------------+ | localhost | testUser | Y | Y | +-----------+----------+-------------+-------------+ 1 row in set (0.00 sec)
直接操作MySQL用戶表
使用INSERT語句創建新用戶的基本語法為:
INSERT INTO mysql.user(Host,User,Password,[privilegelist]) VALUES(‘localhost‘,‘username‘,PASSWORD(‘password‘),privilegevaluelist)
使用INSERT創建一個新賬戶,其用戶名稱為customer1,主機名稱為localhost,密碼為customer1:
mysql> INSERT INTO user (Host,User,Password) VALUES(‘localhost‘,‘customer1‘,PASSWORD(‘cust omer1‘)); Query OK, 1 row affected, 3 warnings (0.00 sec) mysql> SHOW WARNINGS; +---------+------+---------------------------------------------------+ | Level | Code | Message | +---------+------+---------------------------------------------------+ | Warning | 1364 | Field ‘ssl_cipher‘ doesn‘t have a default value | | Warning | 1364 | Field ‘x509_issuer‘ doesn‘t have a default value | | Warning | 1364 | Field ‘x509_subject‘ doesn‘t have a default value | +---------+------+---------------------------------------------------+ 3 rows in set (0.00 sec) mysql> SELECT host,user,password FROM user; +-----------+-----------+-------------------------------------------+ | host | user | password | +-----------+-----------+-------------------------------------------+ | localhost | root | | | mylinux | root | | | 127.0.0.1 | root | | | ::1 | root | | | localhost | | | | mylinux | | | | localhost | jeffrey | *6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4 | | localhost | testUser | *22CBF14EBDE8814586FF12332FA2B6023A7603BB | | localhost | customer1 | *73DA97747611396FD898E4A7E42B1097B0780646 | +-----------+-----------+-------------------------------------------+ 9 rows in set (0.00 sec)
由於ssl_cipher、x509_issuer、x509_subject這三個字段在user表中沒有定義默認值,所以新用戶創建失敗。
刪除普通用戶
使用DROP [email protected]
mysql> DROP USER [email protected]; Query OK, 0 rows affected (0.00 sec) mysql> SELECT host,user,password FROM user; +-----------+-----------+-------------------------------------------+ | host | user | password | +-----------+-----------+-------------------------------------------+ | localhost | root | | | mylinux | root | | | 127.0.0.1 | root | | | ::1 | root | | | localhost | | | | mylinux | | | | localhost | testUser | *22CBF14EBDE8814586FF12332FA2B6023A7603BB | | localhost | customer1 | *73DA97747611396FD898E4A7E42B1097B0780646 | +-----------+-----------+-------------------------------------------+ 8 rows in set (0.00 sec)
[email protected]
mysql> DELETE FROM mysql.user WHERE host=‘localhost‘ and user=‘customer1‘; Query OK, 1 row affected (0.00 sec) mysql> SELECT host,user,password FROM user; +-----------+----------+-------------------------------------------+ | host | user | password | +-----------+----------+-------------------------------------------+ | localhost | root | | | mylinux | root | | | 127.0.0.1 | root | | | ::1 | root | | | localhost | | | | mylinux | | | | localhost | testUser | *22CBF14EBDE8814586FF12332FA2B6023A7603BB | +-----------+----------+-------------------------------------------+ 7 rows in set (0.00 sec)
root用戶修改自己的密碼
使用mysqladmin命令行指定新密碼
mysqladmin命令的基本語法格式為:
mysqladmin -u username -h localhost -p password "newpwd"
使用mysqladmin將root用戶的密碼修改為“123456”
[[email protected] ~]# mysqladmin -u root -p password "123456" Enter password:
修改mysql數據庫的user表
使用UPDATE語句修改root用戶密碼的語句為:
UPDATE mysql.user set password=PASSWORD(‘ROOTPWD‘) WHERE User=‘root‘ AND Host=‘localhost‘
使用UPDATE語句將root用戶的密碼修改為“rootpwd2”:
mysql> UPDATE mysql.user set Password=password("rootpwd2") -> WHERE User="root" and Host="localhost"; Query OK, 1 row affected (0.00 sec) Rows matched: 1 Changed: 1 Warnings: 0 mysql> FLUSH PRIVILEGES; Query OK, 0 rows affected (0.00 sec)
使用SET語句修改root用戶密碼
SET PASSWORD語句可以用來重新設置其他用戶的登錄密碼或自己使用的賬號密碼,語法格式為:
SET PASSWORD=PASSWORD(‘ROOTPWD‘)
使用SET語句將root用戶的密碼修改為“rootpwd3”:
mysql> SET PASSWORD=password("rootpwd3"); Query OK, 0 rows affected (0.00 sec)
root用戶修改普通用戶密碼
使用SET語句將testUser用戶的密碼修改為“newpwd”:
SET PASSWORD FOR [email protected]=password("newpwd");
使用UPDATE語句將testUser用戶的密碼修改為“newpwd2”:
UPDATE mysql.user set Password=PASSWORD("newpwd2") WHERE User="testUser" and Host="localhost";
使用GRANT語句將testUser用戶的密碼修改為“newpwd3”:
GRANT USAGE ON *.* TO [email protected] IDENTIFIED BY ‘newpwd3‘;
普通用戶修改密碼
普通用戶登錄MySQL服務器後,通過SET語句設置自己的密碼
SET PASSWORD = PASSWORD("newpassword")
testUser用戶使用SET語句將自身的密碼修改為“newpwd4”:
SET PASSWORD = PASSWORD("newpwd4");
root用戶密碼丟失的解決辦法
1、使用--skip-grant-tables選項啟動MySQL服務 2、使用root用戶登錄,重新設置密碼 3、加載權限表,使用FLUSH PRIVILEGES語句 |
12.3、權限管理
權限管理主要是對登錄到MySQL的用戶進行權限驗證。
MySQL的各種權限
賬戶權限信息被存儲在MySQL數據庫的user、db、host、tables_priv、columns_priv和proc_priv表中。
授權
授權就是為某個用戶授予某個權限。合理的授權可以保證數據庫的安全。MySQL中可以使用GRRANT
語句授予權限。授權可以分為多個層級:
全局層級:適用於給定一個服務器中的所有數據庫 數據庫層級:適用於給定一個數據庫中的所有目標 表層級:適用於給定一個表中所有列 列層級:適用於給定表中單獨一列 子程序層級:CREATE ROUTINE、ALTER ROUTINE、EXECUTE、和GRANT權限適用於已存儲的子程序 |
使用GRANT語句創建一個新的用戶grantUser,密碼為“grantpwd”。用戶grantUser對所有的數據有查詢、插入權限,並授於GRANT權限。
mysql> GRANT SELECT,INSERT ON *.* TO [email protected] IDENTIFIED BY ‘grantpwd‘ WIT H GRANT OPTION; Query OK, 0 rows affected (0.00 sec) mysql> SELECT Host,User,Select_priv,Insert_priv, Grant_priv FROM mysql.user where user=‘g rantUser‘; +-----------+-----------+-------------+-------------+------------+ | Host | User | Select_priv | Insert_priv | Grant_priv | +-----------+-----------+-------------+-------------+------------+ | localhost | grantUser | Y | Y | Y | +-----------+-----------+-------------+-------------+------------+ 1 row in set (0.00 sec)
收回權限
使用REVOKE語句取消用戶testUser的更新權限。
mysql> REVOKE UPDATE ON *.* FROM [email protected]; Query OK, 0 rows affected (0.00 sec) mysql> SELECT Host,User,Select_priv,Update_priv,Grant_priv FROM mysql.user where user=‘tes tUser‘; +-----------+----------+-------------+-------------+------------+ | Host | User | Select_priv | Update_priv | Grant_priv | +-----------+----------+-------------+-------------+------------+ | localhost | testUser | Y | N | N | +-----------+----------+-------------+-------------+------------+ 1 row in set (0.00 sec)
查看權限
使用SHOW GRANTS語句查詢用戶testUser的權限信息
mysql> SHOW GRANTS FOR [email protected]; +------------------------------------------------------------------------------------------------------------------+ | Grants for [email protected] | +------------------------------------------------------------------------------------------------------------------+ | GRANT SELECT ON *.* TO [email protected] IDENTIFIED BY PASSWORD ‘*22CBF14EBDE8814586FF12332FA2B6023A7603BB‘ | +------------------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec)
12.4、訪問控制
當MySQL允許一個用戶執行各種操作時,它將首先核實該用戶向MySQL服務器發送的請求,然後確認用戶的操作請求是否被允許。MySQL的訪問控制分為兩個階段:連接核實請求,請求核實階段。
當連接MySQL服務器時,服務器基於用戶的身份以及用戶是否能通過正確的密碼身份驗證來接受或拒絕用戶。MySQL中使用user表中的3個字段(Host、User、Password)執行身份檢查,只有3個字段同時匹配,才接受連接。
建立連接後,服務器進入訪問控制的階段2.對在此連接上的請求,服務器檢查用戶要執行的操作,然後檢查是否有足夠權限來執行它。
本文出自 “隨風而飄” 博客,請務必保留此出處http://yinsuifeng.blog.51cto.com/10173491/1954229
十二、MySQL用戶管理