【MySQL数据库】用户管理

Code Warrior2025-11-25 7:08

如果我们只能使用 root 用户,这样存在安全隐患。这时,就需要使用 MySQL 的用户管理。

13.1 用户

13.1.1 用户信息

MySQL 中的用户,都存储在系统数据库mysqluser表中。

字段解释:
  • host:表示这个用户可以从哪个主机登陆,如果是localhost,表示只能从本机登陆
  • user:用户名
  • authentication_string:用户密码通过password函数加密后的值
  • *_priv:用户拥有的权限
查看用户信息示例:
sql 复制代码 
mysql> use mysql;
Database changed
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host      | user          | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| localhost | root          | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-------------------------------------------+

备注:可以通过desc user初步查看user表的结构。

13.1.2 创建用户

语法:
sql 复制代码 
create user '用户名'@'登陆主机/ip' identified by '密码';
案例:
sql 复制代码 
mysql> create user 'whb'@'localhost' identified by '12345678';
Query OK, 0 rows affected (0.06 sec)

-- 创建后查看用户列表
mysql> select user,host,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| user          | host      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | %         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| whb           | localhost | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 | -- 新增用户
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

备注:此时便可以使用新账号(用户名whb,密码12345678)从本机登陆 MySQL。

密码设置注意事项:

可能实际设置密码时,因 MySQL 认证等级较高,简单密码无法设置,会出现如下报错:

复制代码 
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

重要提醒:不要轻易添加可从任意主机(host%)登陆的用户,存在安全风险。

13.1.3 删除用户

语法:
sql 复制代码 
drop user '用户名'@'主机名';
示例:
sql 复制代码 
-- 先查看当前用户列表
mysql> select user,host,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| user          | host      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | %         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| whb           | localhost | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)

-- 错误删除方式(仅写用户名,默认host为%,与实际用户的host不匹配)
mysql> drop user whb;
ERROR 1396 (HY000): Operation DROP USER failed for 'whb'@'%'

-- 正确删除方式(指定用户名和对应的host)
mysql> drop user 'whb'@'localhost';
Query OK, 0 rows affected (0.00 sec)

-- 删除后查看用户列表
mysql> select user,host,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| user          | host      | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root          | %         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+---------------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)

13.1.4 修改用户密码

1. 自己修改自己的密码

语法:

sql 复制代码 
set password=password('新的密码');

备注:可自行测试该命令。

2. root 用户修改指定用户的密码

语法:

sql 复制代码 
set password for '用户名'@'主机名'=password('新的密码');
案例:
sql 复制代码 
-- 先查看目标用户信息
mysql> select host,user, authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host      | user          | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| %         | root          | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | whb           | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)

-- root修改whb的密码为87654321
mysql> set password for 'whb'@'localhost'=password('87654321');
Query OK, 0 rows affected, 1 warning (0.00 sec)

-- 修改后查看密码变化
mysql> select host,user, authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host      | user          | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| %         | root          | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | whb           | *5D24C4D94238E65A6407DFAB95AA4EA97CA2B199 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)

13.2 数据库的权限

MySQL数据库提供的权限列表:

13.2.1 给用户授权

刚创建的用户没有任何权限,需要通过授权操作赋予其相应权限。

语法:
sql 复制代码 
grant 权限列表 on 库.对象名 to '用户名'@'登陆位置' [identified by '密码'];
说明:
  • 权限列表:多个权限用逗号分隔(如select,delete,create);all [privileges] 表示赋予该用户在指定对象上的所有权限
  • *.*:代表本系统中所有数据库的所有对象(表、视图、存储过程等)
  • 库.*:表示某个数据库中的所有数据对象(表、视图、存储过程等)
  • identified by(可选):若用户已存在,赋予权限的同时修改密码;若用户不存在,则创建该用户并授权
常见权限示例:
  • 赋予查询权限:grant select on ...
  • 赋予多权限:grant select, delete, create on ....
  • 赋予所有权限:grant all [privileges] on ...

(标注:比特就业课)

案例:给用户whb赋予test数据库的查询权限
步骤 1:root 用户查看数据库和表(终端 A)
sql 复制代码 
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| 57test             |
| bit_index          |
| ccdata_pro         |
| innodb_test        |
| musicserver        |
| myisam_test        |
| mysql              |
| order_sys          |
| performance_schema |
| scott              |
| sys                |
| test               |
| vod_system         |
+--------------------+
14 rows in set (0.00 sec)

mysql> use test;
Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| account        |
| student        |
| user           |
+----------------+
3 rows in set (0.01 sec)
步骤 2:root 用户给whb授权
sql 复制代码 
mysql> grant select on test.* to 'whb'@'localhost';
Query OK, 0 rows affected (0.01 sec)
步骤 3:whb用户登录后验证权限(终端 B)
sql 复制代码 
-- 授权前查看数据库(仅能看到information_schema)
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)

-- 授权后重新查看数据库(可见test数据库)
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| test               |
+--------------------+
2 rows in set (0.01 sec)

-- 访问test数据库并查看表
mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| account        |
| student        |
| user           |
+----------------+
3 rows in set (0.00 sec)

-- 执行查询操作(有权限)
mysql> select * from account;
+----+--------+---------+
| id | name   | blance  |
+----+--------+---------+
| 2  | 李四   | 321.00  |
| 3  | 王五   | 5432.00 |
| 4  | 赵六   | 543.90  |
| 5  | 赵六   | 543.90  |
+----+--------+---------+
4 rows in set (0.00 sec)

-- 执行删除操作(无权限,报错)
mysql> delete from account;
ERROR 1142 (42000): DELETE command denied to user 'whb'@'localhost' for table 'account'
备注:
  1. 查看特定用户的现有权限:
sql 复制代码 
-- 查看whb@%的权限
mysql> show grants for 'whb'@'%';
+-----------------------------------------------+
| Grants for whb@%                               |
+-----------------------------------------------+
| GRANT USAGE ON *.* TO 'whb'@'%'                |
| GRANT ALL PRIVILEGES ON `test`.* TO 'whb'@'%'  |
+-----------------------------------------------+
2 rows in set (0.00 sec)

-- 查看root@%的权限
mysql> show grants for 'root'@'%';
+-------------------------------------------------------------+
| Grants for root@%                                           |
+-------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION |
+-------------------------------------------------------------+
1 row in set (0.00 sec)
  1. 赋权后权限未生效的解决办法:执行flush privileges;刷新权限。

13.2.2 回收权限

语法:
sql 复制代码 
revoke 权限列表 on 库.对象名 from '用户名'@'登陆位置';
示例:回收whbtest数据库的所有权限
步骤 1:root 用户回收权限(终端 A)
sql 复制代码 
mysql> revoke all on test.* from 'whb'@'localhost';
Query OK, 0 rows affected (0.00 sec)
步骤 2:whb用户验证权限回收效果(终端 B)
sql 复制代码 
-- 回收后查看数据库(test数据库不可见)
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
相关推荐
哈__几秒前
时序数据库性能巅峰对决:金仓数据库在复杂场景下的技术突破与实战验证
数据库
WayserKON1 分钟前
pg 窗口函数
数据库·postgresql
!chen1 分钟前
Oracle回滚与撤销技术
数据库·oracle
总有刁民想爱朕ha2 分钟前
Windows Server 2019部署PostgreSQL 14教程
数据库·windows·postgresql
聆风吟º8 分钟前
时序数据战场巅峰对决:金仓数据库 VS InfluxDB深度解析
数据库·influxdb·kingbasees·金仓数据库
动亦定17 分钟前
微服务中如何保证数据一致性?
java·数据库·微服务·架构
瀚高PG实验室38 分钟前
timestampdiff (MYSQL)函数在Highgo DB中的写法
数据库·mysql·瀚高数据库
美人鱼战士爱学习44 分钟前
RODI: Benchmarking Relational-to-Ontology Mapping Generation Quality
数据库
Austindatabases1 小时前
云数据库备份恢复验证,云数据库高端客户的需求说明
数据库
赵渝强老师1 小时前
【赵渝强老师】MongoDB的数据类型
数据库·mongodb·nosql
热门推荐
01GitHub 镜像站点02UV安装并设置国内源03Linux下V2Ray安装配置指南04【AutoGLM部署】本地私有化部署AI手机Agent05Open-AutoGLM Windows 安装部署教程06在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)07Cursor 又偷偷更新,这个功能太实用:Visual Editor for Cursor Browser08【超详细教程】手把手教你从微软官网免费下载Windows 10官方原版ISO镜像(2025最新版)09BongoCat - 跨平台键盘猫动画工具10安娜的档案(Anna’s Archive) 镜像网站/国内最新可访问入口(持续更新)