【MySQL】用户管理

熙曦Sakura2025-05-30 18:04

13.用户管理

13.1用户

13.1.1用户信息

MySQL 中的用户,都存储在系统数据库 mysql 的 user 表中。

sql 复制代码 
mysql> use mysql;
Database changed
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host      | user          | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| localhost | root          | *81F5E21E35407D884A6CD4A731AEBF6AF209E1B |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-------------------------------------------+
  • 可以通过 desc user 初步查看一下表结构

字段解释

  • host:表示这个用户可以从哪个主机登陆,如果是 localhost,表示只能从本机登陆。
  • user:用户名。
  • authentication_string:用户密码通过 password 函数加密后的。
  • *\ _ priv:用户拥有的权限。

13.1.2 创建用户

语法

sql 复制代码 
create user '用户名'@'登陆主机/ip' identified by '密码';

案例

sql 复制代码 
mysql> create user 'xixi'@'localhost' identified by '12345678';
Query OK, 0 rows affected (0.06 sec)

mysql> select user,host,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| user          | host      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | %         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| whb           | localhost | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 | -- 新增用户
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)
-- 此时便可以使用新账号新密码进行登陆啦

备注

  • 可能实际在设置密码的时候,因为 mysql 本身的认证等级比较高,一些简单的密码无法设置,会爆出如下报错:
sql 复制代码 
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

  • 解决方案

  • 关于新增用户这里,需要大家注意,不要轻易添加一个可以从任意地方登陆的 user。

13.1.3 删除用户

语法

sql 复制代码 
drop user '用户名'@'主机名'

示例

sql 复制代码 
mysql> select user,host,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| user          | host      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | %         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| xixi           | localhost | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

mysql> drop user xixi; -- 尝试删除
ERROR 1396 (HY000): Operation DROP USER failed for 'whb'@'%' -- <= 直接给个用户名,不能删除,它默认是%,表示所有地方可以登陆的用户

mysql> drop user 'xixi'@'localhost'; -- 删除用户
Query OK, 0 rows affected (0.00 sec)

mysql> select user,host,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| user          | host      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | %         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+---------------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)

13.1.4 修改用户密码

语法

  • 自己改自己密码
sql 复制代码 
set password=password('新的密码');
  • root 用户修改指定用户的密码
sql 复制代码 
set password for '用户名'@'主机名'=password('新的密码');
sql 复制代码 
mysql> select host,user, authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host      | user          | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| %         | root          | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | xixi           | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)

mysql> set password for 'xixi'@'localhost'=password('87654321');
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> select host,user, authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host      | user          | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| %         | root          | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | xixi           | *5D24C4D94238E65A6407DFAB95AA4AE97CA2B199 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)

13.2 数据库的权限

MySQL 数据库提供的权限列表:

权限 上下文
CREATE Create_priv 数据库、表或索引
DROP Drop_priv 数据库或表
GRANT OPTION Grant_priv 数据库、表或保存的程序
REFERENCES References_priv 数据库或表
ALTER Alter_priv
DELETE Delete_priv
INDEX Index_priv
INSERT Insert_priv
UPDATE Update_priv
CREATE VIEW Create_view_priv 视图
SHOW VIEW Show_view_priv 视图
ALTER ROUTINE Alter_routine_priv 保存的程序
CREATE ROUTINE Create_routine_priv 保存的程序
EXECUTE Execute_priv 保存的程序
FILE File_priv 服务器主机上的文件访问
CREATE TEMPORARY TABLES Create_tmp_table_priv 服务器管理
LOCK TABLES Lock_tables_priv 服务器管理
CREATE USER Create_user_priv 服务器管理
PROCESS Process_priv 服务器管理
RELOAD Reload_priv 服务器管理
REPLICATION CLIENT Repl_client_priv 服务器管理
REPLICATION SLAVE Repl_slave_priv 服务器管理
SHOW DATABASES Show_db_priv 服务器管理
SHUTDOWN Shutdown_priv 服务器管理
SUPER Super_priv 服务器管理

13.2.1 给用户授权

刚创建的用户没有任何权限,需要给用户授权。

  • 语法
sql 复制代码 
grant 权限列表 on 库.对象名 to '用户名'@'登陆位置' [identified by '密码']
  • 说明
    • 权限列表,多个权限用逗号分开
      • grant select on ...
      • grant select, delete, create on ...
      • grant all [privileges] on ... -- 表示赋予该用户在该对象上的所有权限
    • *.*:代表本系统中的所有数据库的所有对象(表,视图,存储过程等)
    • 库.*:表示某个数据库中的所有数据对象(表,视图,存储过程等)
    • identified by可选。如果用户存在,赋予权限的同时修改密码;如果该用户不存在,就是创建用户
  • 案例
sql 复制代码 
-- 使用root账号
-- 终端A
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| 57test             |
| bit_index          |
| ccdata_pro         |
| innodbserver       |
| myisam_test        |
| mysql              |
| mysql_sys          |
| performance_schema |
| scott              |
| sys                |
| test               |
| vod_system         |
+--------------------+
14 rows in set (0.00 sec)

mysql> use test;
Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| account        |
| student        |
| user           |
+----------------+
3 rows in set (0.01 sec)

-- 给用户whb赋予test数据库下所有文件的select权限
mysql> grant select on test.* to 'whb'@'localhost';
Query OK, 0 rows affected (0.01 sec)

-- 使用whb账号
-- 终端B
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)

-- 暂停等root用户给whb赋完权之后,在查看
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| test               | -- 赋完权之后,就能看到新的表
+--------------------+
2 rows in set (0.01 sec)

mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| account        |
| student        |
| user           |
+----------------+
3 rows in set (0.00 sec)

mysql> select * from account;
+----+-------+---------+
| id | name  | balance |
+----+-------+---------+
| 2  | 李四  | 321.00  |
| 3  | 王五  | 543.00  |
| 4  | 赵六  | 543.90  |
+----+-------+---------+
4 rows in set (0.00 sec)

-- 没有删除权限
mysql> delete from account;
ERROR 1142 (42000): DELETE command denied to user 'whb'@'localhost' for table 'account'

备注: 特定用户现有查看权限
mysql> show grants for 'whb'@'%';
+-----------------------------------------------------+
| Grants for whb@%                                    |
+-----------------------------------------------------+
| GRANT USAGE ON *.* TO 'whb'@'%'                    |
| GRANT ALL PRIVILEGES ON `whb`.* TO 'whb'@'%'       |
+-----------------------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for 'root'@'%';
+---------------------------------------------------------------------+
| Grants for root@%                                                   |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION         |
| GRANT PROXY ON ''@'' TO 'root'@'%' WITH GRANT OPTION                |
+---------------------------------------------------------------------+
1 row in set (0.00 sec)

注意: 如果发现赋权限后,没有生效,执行如下指令:
flush privileges;

13.2.2 回收权限

  • 语法
sql 复制代码 
revoke 权限列表 on 库.对象名 from '用户名'@'登陆位置';
  • 示例
sql 复制代码 
-- 回收whb对test数据库的所有权限
-- root身份,终端A
mysql> revoke all on test.* from 'whb'@'localhost';
Query OK, 0 rows affected (0.00 sec)

-- whb身份,终端B
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
2 rows in set (0.00 sec)

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
相关推荐
阿巴斯甜16 分钟前
Android 报错:Zip file '/Users/lyy/develop/repoAndroidLapp/l-app-android-ble/app/bu
android
Kapaseker1 小时前
实战 Compose 中的 IntrinsicSize
android·kotlin
xq95272 小时前
Andorid Google 登录接入文档
android
黄林晴3 小时前
告别 Modifier 地狱,Compose 样式系统要变天了
android·android jetpack
冬奇Lab15 小时前
Android触摸事件分发、手势识别与输入优化实战
android·源码阅读
城东米粉儿18 小时前
Android MediaPlayer 笔记
android
Jony_19 小时前
Android 启动优化方案
android
阿巴斯甜19 小时前
Android studio 报错:Cause: error=86, Bad CPU type in executable
android
张小潇19 小时前
AOSP15 Input专题InputReader源码分析
android
_小马快跑_1 天前
Kotlin | 协程调度器选择:何时用CoroutineScope配置,何时用launch指定?
android
热门推荐
01GitHub 镜像站点02【OpenClaw 本地实战 Ep.3】突破瓶颈:强制修改 openclaw.json 解锁 32k 上下文记忆03OpenClaw 使用和管理 MCP 完全指南04OpenClaw优化飞书API 额度已耗尽问题05OpenClaw + 飞书(Feishu)环境搭建指南06Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services07Window 10部署openclaw报错node.exe : npm error code 12808Clawdbot部署教程:解决‘gateway token missing’授权问题的完整步骤09OpenClaw大龙虾机器人完整安装教程10OpenClaw 接入阿里云百炼 Coding Plan 指南