MYSQL数据库初阶 之 MYSQL用户管理

好名字更能让你们记住我2025-09-14 11:57

文章目录

  • [13. MySQL用户管理](#13. MySQL用户管理)
    • [13.1 用户管理](#13.1 用户管理)
      • [13.1.1 用户信息](#13.1.1 用户信息)
      • [13.1.2 创建用户](#13.1.2 创建用户)
      • [13.1.3 删除用户](#13.1.3 删除用户)
      • [13.1.4 修改用户密码](#13.1.4 修改用户密码)
    • [13.2 数据库权限管理](#13.2 数据库权限管理)
      • MySQL权限列表
      • [13.2.1 授权](#13.2.1 授权)
      • [13.2.2 回收权限](#13.2.2 回收权限)

13. MySQL用户管理

如果我们只能使用root用户,这样存在安全隐患。这时,就需要使用MySQL的用户管理。

13.1 用户管理

13.1.1 用户信息

MySQL用户存储在系统库 mysqluser 表中:

sql 复制代码 
mysql> use mysql;
Database changed
mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *EDD1889F47EEB2C9DDB1855642E57BBEFFC2158F |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *sTHISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+---------------+-----------+-------------------------------------------+
-- 可以通过desc user初步查看一下表结构

字段说明:

  • host:登录主机(localhost 表示仅本机登录)
  • user:用户名
  • authentication_string:加密后的密码
  • *_priv:权限字段

13.1.2 创建用户

语法:

sql 复制代码 
CREATE USER '用户名'@'登录主机/IP' IDENTIFIED BY '密码';

示例:

sql 复制代码 
mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+---------------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)

mysql> create user 'lll'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)

mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| lll           | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

-- 此时便可以使用新账号新密码进行登陆啦

-- 备注:可能实际在设置密码的时候,因为mysql本身的认证等级比较高,一些简单的密码无法设置,会爆出如下报错:
-- ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
-- 解决方案:https://blog.csdn.net/zhanaolu4821/article/details/93622812
-- 查看密码设置相关要求:SHOW VARIABLES LIKE 'validate_password%';

-- 这个大家下来自己玩玩
-- 关于新增用户这里,需要大家注意,不要轻易添加一个可以从任意地方登陆的user。

13.1.3 删除用户

语法:

sql 复制代码 
drop user '用户名'@'主机名'

示例:

sql 复制代码 
mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| lll           | localhost | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

mysql> drop user 'lll'@'localhost';
Query OK, 0 rows affected (0.01 sec)

mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+---------------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)

13.1.4 修改用户密码

修改自己的密码:

sql 复制代码 
SET PASSWORD = PASSWORD('新密码');

Root修改其他用户密码:

sql 复制代码 
SET PASSWORD FOR '用户名'@'主机名' = PASSWORD('新密码');

示例:

sql 复制代码 
mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| lll           | %         | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

mysql> set password for 'lll'@'%'=password('654321');
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> select USER,HOST,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| USER          | HOST      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | localhost | *23AE809DDACAF96AF0FD78ED04B6A265E05AA257 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| lll           | %         | *2A032F7C5BA932872F0F045E0CF6B53CF702F2C5 |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

13.2 数据库权限管理

MySQL权限列表

13.2.1 授权

语法:

sql 复制代码 
GRANT 权限列表 ON 库.对象 TO '用户'@'登录位置' [IDENTIFIED BY '密码'];

关键符号:

  • 权限列表,多个权限用逗号分开
  • . : 代表本系统中的所有数据库的所有对象(表,视图,存储过程等)
  • 库.* : 表示某个数据库中的所有数据对象(表,视图,存储过程等)
  • identified by可选。 如果用户存在,赋予权限的同时修改密码,如果该用户不存在,就是创建用户

示例:

sql 复制代码 
-- 使用root账号
-- 终端A
mysql> create database rootdb;
Query OK, 1 row affected (0.00 sec)

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| bit_index          |
| index_db           |
| mysql              |
| performance_schema |
| rootdb             |
| scott              |
| sys                |
| test_db            |
+--------------------+
9 rows in set (0.00 sec)

mysql> use rootdb;
Database changed
mysql> create table user(id int primary key,name varchar(20));
Query OK, 0 rows affected (0.01 sec)

mysql> insert into user values (1,'张三');
Query OK, 1 row affected (0.00 sec)

mysql> show tables;
+------------------+
| Tables_in_rootdb |
+------------------+
| user             |
+------------------+
1 row in set (0.00 sec)

-- 给用户lll赋予rootdb数据库下所有文件的select权限
mysql> grant select on rootdb.* to 'lll'@'%';
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for 'lll'@'%';
+-----------------------------------------+
| Grants for lll@%                        |
+-----------------------------------------+
| GRANT USAGE ON *.* TO 'lll'@'%'         |
| GRANT SELECT ON `rootdb`.* TO 'lll'@'%' |
+-----------------------------------------+
2 rows in set (0.00 sec)

-- 使用lll账号

-- 终端B
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)

-- 暂停等root用户给lll赋完权之后,在查看

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| rootdb             |
+--------------------+
2 rows in set (0.00 sec)

mysql> use rootdb;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select*from user;
+----+--------+
| id | name   |
+----+--------+
|  1 | 张三   |
+----+--------+
1 row in set (0.00 sec)

-- 没有删除权限
mysql> delete from user;
ERROR 1142 (42000): DELETE command denied to user 'lll'@'localhost' for table 'user'

备注:特定用户现有查看权限
mysql> show grants for 'whb'@'%';

mysql> show grants for 'lll'@'%';
+-----------------------------------------+
| Grants for lll@%                        |
+-----------------------------------------+
| GRANT USAGE ON *.* TO 'lll'@'%'         |
| GRANT SELECT ON `rootdb`.* TO 'lll'@'%' |
+-----------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for 'root'@'localhost';
+---------------------------------------------------------------------+
| Grants for root@localhost                                           |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION        |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)

注意:如果发现赋权限后,没有生效,执行如下指令:

sql 复制代码 
flush privileges;

13.2.2 回收权限

语法:

sql 复制代码 
REVOKE 权限列表 ON 库.对象 FROM '用户'@'登录位置';

示例:

sql 复制代码 
-- 回收whb对test数据库的所有权限
-- root身份,终端A

mysql> show grants for 'lll'@'%';
+-----------------------------------------+
| Grants for lll@%                        |
+-----------------------------------------+
| GRANT USAGE ON *.* TO 'lll'@'%'         |
| GRANT SELECT ON `rootdb`.* TO 'lll'@'%' |
+-----------------------------------------+
2 rows in set (0.00 sec)

mysql> revoke select on rootdb.* from 'lll'@'%';
Query OK, 0 rows affected (0.00 sec)

mysql> show grants for 'lll'@'%';
+---------------------------------+
| Grants for lll@%                |
+---------------------------------+
| GRANT USAGE ON *.* TO 'lll'@'%' |
+---------------------------------+
1 row in set (0.00 sec)

-- 终端B

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
相关推荐
快乐觉主吖2 小时前
adb的常用命令
adb
网硕互联的小客服2 小时前
Mysql服务无法启动,显示错误1067如何处理?
数据库·mysql
哥哥还在IT中2 小时前
mysql分库分表数据量核查问题
数据库·mysql·adb
paid槮2 小时前
MySql基础:数据类型
android·mysql·adb
黎相思2 小时前
MySQL在Centos 7环境下安装
数据库·mysql·centos
vxtkjzxt8882 小时前
手机群控平台的核心功能
数据库·数据仓库
TG_yilongcloud2 小时前
阿里云国际代理:怎么保障数据库在凭据变更过程中的安全与稳定?
数据库·安全·阿里云·云计算
半桔3 小时前
【网络编程】TCP 服务器并发编程:多进程、线程池与守护进程实践
linux·服务器·网络·c++·tcp/ip
恣艺3 小时前
Redis有序集合(ZSet):排行榜功能的最优解,原理与实战
数据库·chrome·redis
热门推荐
01KGG转MP3工具|非KGM文件|解密音频02UV安装并设置国内源03GitHub 镜像站点04conda中设置镜像地址(附所有可换的地址)05A股预测还能更准?开源大模型Kronos带你跑通预测+回测全流程0646个Nano-banana 精选提示词,持续更新中07UV 工具安装与国内镜像源配置指南08突破百度网盘的下载限速,两种方法教会你【超详细】09智能库存管理的需求预测模型:从业务痛点到落地代码的完整实践10教你如何认证 Gemini 教育优惠的二次验证,薅个 1年的 Gemini Pro 会员