mysql權限管理

參考http://my.oschina.net/u/1179414/blog/202377

登錄

mysql -u root -p --socket=/home/vpnmysql/mysql/mysql.sock

創建用戶

CREATE USER 'username'@'host' IDENTIFIED BY 'password';

說明: username – 你將創建的用戶名, host – 指定該用戶在哪個主機上可以登陸,如果是本地用戶可用localhost, 如 果想讓該用戶可以從任意遠程主機登陸,可以使用通配符%. password – 該用戶的登陸密碼,密碼可以爲空,如果爲空則該用戶可以不需要密碼登 陸服務器.

CREATE USER 'dog'@'localhost' IDENTIFIED BY '123456'; 
CREATE USER 'pig'@'192.168.1.101_' IDENDIFIED BY '123456'; 
CREATE USER 'pig'@'%' IDENTIFIED BY '123456'; 
CREATE USER 'pig'@'%' IDENTIFIED BY ''; 
CREATE USER 'pig'@'%';

CREATE USER 'qa'@'%' IDENTIFIED BY 'qa'; 
CREATE USER 'rd'@'%' IDENTIFIED BY 'rd'; 

授權

GRANT privileges ON databasename.tablename TO 'username'@'host'

說明: privileges – 用戶的操作權限,如SELECT , INSERT , UPDATE 等(詳細列表見該文最後面).如果要授予所 的權限則使用ALL.;databasename – 數據庫名,tablename-表名,如果要授予該用戶對所有數據庫和表的相應操作權限則可用* 表示, 如..

GRANT SELECT, INSERT ON test.user TO 'pig'@'%'; 
GRANT ALL ON *.* TO 'pig'@'%';

GRANT ALL ON `test%`.* TO 'qa'@'%';
GRANT ALL ON `online%`.* TO 'qa'@'%';
FLUSH PRIVILEGES;

GRANT ALL ON `dev%`.* TO 'rd'@'%';
GRANT ALL ON `faultms%`.* TO 'rd'@'%';
GRANT ALL ON `taskms%`.* TO 'rd'@'%';
GRANT ALL ON `vpnms%`.* TO 'rd'@'%';
GRANT ALL ON `aiems%`.* TO 'rd'@'%';
FLUSH PRIVILEGES;

撤銷用戶權限

命令:

REVOKE privilege ON databasename.tablename FROM 'username'@'host';

說明: privilege, databasename, tablename – 同授權部分.

例子:

REVOKE SELECT ON *.* FROM 'pig'@'%';

注意: 假如你在給用戶’pig’@’%’授權的時候是這樣的(或類似 的):GRANT SELECT ON test.user TO ‘pig’@’%’, 則在使用 REVOKE SELECT ON . FROM ‘pig’@’%’;命令並不能撤銷該用戶對test數據庫中user表的SELECT 操作. 相反,如果授權使用的是GRANT SELECT ON . TO ‘pig’@’%’;則 REVOKE SELECT ON test.user FROM ‘pig’@’%’;命令也不能撤銷該用戶對test數據庫中user表的 Select 權限.

具體信息可以用命令SHOW GRANTS FOR ‘pig’@’%’; 查看.

REVOKE ALL ON `dev%`.* FROM 'qa'@'%';
REVOKE ALL ON `faultms%`.* FROM 'qa'@'%';
REVOKE ALL ON `taskms%`.* FROM 'qa'@'%';
REVOKE ALL ON `vpnms%`.* FROM 'qa'@'%';
FLUSH PRIVILEGES;

設置與更改用戶密碼

命令:

SET PASSWORD FOR 'username'@'host' = PASSWORD('newpassword');

如果是當前登陸用戶用

SET PASSWORD = PASSWORD("newpassword");

附表:在MySQL中的操作權限

ALTER
Allows use of ALTER TABLE. 

ALTER ROUTINE 
Alters or drops stored routines. 

CREATE
Allows use of CREATE TABLE. 

CREATE ROUTINE 
Creates stored routines. 

CREATE TEMPORARY TABLE
Allows use of CREATE TEMPORARY TABLE. 

CREATE USER
Allows use of CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES. 

CREATE VIEW
Allows use of CREATE VIEW. 

DELETE
Allows use of DELETE. 

DROP
Allows use of DROP TABLE. 

EXECUTE
Allows the user to run stored routines. 

FILE 
Allows use of SELECT… INTO OUTFILE and LOAD DATA INFILE. 

INDEX
Allows use of CREATE INDEX and DROP INDEX. 

INSERT
Allows use of INSERT. 

LOCK TABLES 
Allows use of LOCK TABLES on tables for which the user also has SELECT privileges. 

PROCESS 
Allows use of SHOW FULL PROCESSLIST. 

RELOAD 
Allows use of FLUSH. 

REPLICATION 
Allows the user to ask where slave or master 

CLIENT 
servers are. 

REPLICATION SLAVE 
Needed for replication slaves. 

SELECT
Allows use of SELECT. 

SHOW DATABASES 
Allows use of SHOW DATABASES. 

SHOW VIEW
Allows use of SHOW CREATE VIEW. 

SHUTDOWN 
Allows use of mysqladmin shutdown. 

SUPER 
Allows use of CHANGE MASTER, KILL, PURGE MASTER LOGS, and SET GLOBAL SQL statements. Allows mysqladmin debug command. Allows one extra connection to be made if maximum connections are reached. 

UPDATE
Allows use of UPDATE. 

USAGE 
Allows connection without any specific privileges.

最後不要忘記刷新數據庫

flush privileges;

未完待續