13.用户管理

别或许2025-11-27 9:47

13. 用户管理

如果我们只能使用root用户,这样存在安全隐患。这时,就需要使用MySQL的用户管理。

13.1 用户

13.1.1 用户信息

MySQL中的用户,都存储在系统数据库mysql的user表中

sql 复制代码 
mysql> use mysql;
Database changed
mysql> select host,user,authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host     | user         | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| localhost | root         | *81F5E21E35407D884A6CD4A731AEBFB6AF209E1B |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+-----------+---------------+-------------------------------------------+
--可以通过desc user初步查看一下表结构

字段解释:

host: 表示这个用户可以从哪个主机登陆,如果是localhost,表示只能从本机登陆

user: 用户名

authentication_string: 用户密码通过password函数加密后的

*_priv: 用户拥有的权限

13.1.2 创建用户

语法:

sql 复制代码 
create user '用户名'@'登陆主机/ip' identified by '密码';

案例:

sql 复制代码 
mysql> create user 'whb'@'localhost' identified by '12345678';
Query OK, 0 rows affected (0.06 sec)
mysql> select user,host,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| user         | host     | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root         | %         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| whb           | localhost | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 | --新增用
户
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)
-- 此时便可以使用新账号新密码进行登陆啦
--备注:可能实际在设置密码的时候,因为mysql本身的认证等级比较高,一些简单的密码无法设置,会爆出
如下报错:
-- ERROR 1819 (HY000): Your password does not satisfy the current policy 
requirements
-- 解决方案:https://blog.csdn.net/zhanaolu4821/article/details/93622812
--查看密码设置相关要求:SHOW VARIABLES LIKE 'validate_password%'; 
-- 这个大家下来自己玩玩
--关于新增用户这里,需要大家注意,不要轻易添加一个可以从任意地方登陆的user。

13.1.3 删除用户

语法:

sql 复制代码 
drop user '用户名'@'主机名'

示例:

sql 复制代码 
mysql> select user,host,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| user         | host     | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root         | %         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| whb           | localhost | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 |
+---------------+-----------+-------------------------------------------+
4 rows in set (0.00 sec)
mysql> drop user whb;               --尝试删除
ERROR 1396 (HY000): Operation DROP USER failed for 'whb'@'%' -- <= 直接给个用户名,
不能删除,它默认是%,表示所有地方可以登陆的用户
mysql> drop user 'whb'@'localhost'; --删除用户
Query OK, 0 rows affected (0.00 sec)
mysql> select user,host,authentication_string from user;
+---------------+-----------+-------------------------------------------+
| user         | host     | authentication_string                     |
+---------------+-----------+-------------------------------------------+
| root         | %         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| mysql.session | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| mysql.sys     | localhost | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
+---------------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)

13.1.4 修改用户密码

语法:

自己改自己密码

sql 复制代码 
set password=password('新的密码');
--自己下来试试

root用户修改指定用户的密码

sql 复制代码 
set password for '用户名'@'主机名'=password('新的密码');
sql 复制代码 
mysql> select host,user, authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host     | user         | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| %         | root         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | whb           | *84AAC12F54AB666ECFC2A83C676908C8BBC381B1 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)
mysql> set password for 'whb'@'localhost'=password('87654321');
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> select host,user, authentication_string from user;
+-----------+---------------+-------------------------------------------+
| host     | user         | authentication_string                     |
+-----------+---------------+-------------------------------------------+
| %         | root         | *A2F7C9D334175DE9AF4DB4F5473E0BD0F5FA9E75 |
| localhost | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | mysql.sys     | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE |
| localhost | whb           | *5D24C4D94238E65A6407DFAB95AA4EA97CA2B199 |
+-----------+---------------+-------------------------------------------+
4 rows in set (0.00 sec)

13.2 数据库的权限

MySQL数据库提供的权限列表:

13.2.1 给用户授权

刚创建的用户没有任何权限。需要给用户授权。

语法:

sql 复制代码 
grant 权限列表 on 库.对象名 to '用户名'@'登陆位置' [identified by '密码']

说明:

权限列表,多个权限用逗号分开

sql 复制代码 
grant select on ...
grant select, delete, create on ....
grant all [privileges] on ... -- 表示赋予该用户在该对象上的所有权限

*.* : 代表本系统中的所有数据库的所有对象(表,视图,存储过程等)

库.* : 表示某个数据库中的所有数据对象(表,视图,存储过程等)

identified by可选。 如果用户存在,赋予权限的同时修改密码,如果该用户不存在,就是创建用户

案例:

sql 复制代码 
--使用root账号
--终端A
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| 57test             |
| bit_index         |
| ccdata_pro         |
| innodb_test       |
| musicserver       |
| myisam_test       |
| mysql             |
| order_sys         |
| performance_schema |
| scott             |
| sys               |
| test               |
| vod_system         |
+--------------------+
14 rows in set (0.00 sec)
mysql> use test;
Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| account       |
| student       |
| user           |
+----------------+
3 rows in set (0.01 sec)
--给用户whb赋予test数据库下所有文件的select权限
mysql> grant select on test.* to 'whb'@'localhost';  
Query OK, 0 rows affected (0.01 sec)
--使用whb账号
--终端B
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
--暂停等root用户给whb赋完权之后,在查看
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| test               |  --赋完权之后,就能看到新的表
+--------------------+
2 rows in set (0.01 sec)
mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| account       |
| student       |
| user           |
+----------------+
3 rows in set (0.00 sec)
mysql> select * from account;
+----+--------+---------+
| id | name   | blance |
+----+--------+---------+
|  2 | 李四   |  321.00 |
|  3 | 王五   | 5432.00 |
|  4 | 赵六   |  543.90 |
|  5 | 赵六   |  543.90 |
+----+--------+---------+
4 rows in set (0.00 sec)
--没有删除权限
mysql> delete  from account;
ERROR 1142 (42000): DELETE command denied to user 'whb'@'localhost' for table 
'account'
备注:特定用户现有查看权限
mysql> show grants for 'whb'@'%';
+-----------------------------------------------+
| Grants for whb@%                             |
+-----------------------------------------------+
| GRANT USAGE ON *.* TO 'whb'@'%'               |
| GRANT ALL PRIVILEGES ON `test`.* TO 'whb'@'%' |
+-----------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for 'root'@'%';
+-------------------------------------------------------------+
| Grants for root@%                                           |
+-------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION |
+-------------------------------------------------------------+
1 row in set (0.00 sec)

注意:如果发现赋权限后,没有生效,执行如下指令:

sql 复制代码 
flush privileges;

13.2.2 回收权限

语法:

sql 复制代码 
revoke 权限列表 on 库.对象名 from '用户名'@'登陆位置';

示例:

sql 复制代码 
-- 回收whb对test数据库的所有权限
--root身份,终端A
mysql> revoke all on test.* from 'whb'@'localhost';
Query OK, 0 rows affected (0.00 sec)
--whb身份,终端B
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| test               |
+--------------------+
2 rows in set (0.00 sec)
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.00 sec)
相关推荐
常利兵6 分钟前
Android 字体字重设置:从XML到Kotlin的奇妙之旅
android·xml·kotlin
hnlgzb22 分钟前
kotlin安卓app中,当一个类继承ViewModel类的时候,这个类是想干什么?
android·开发语言·kotlin
zh_xuan22 分钟前
Android compose测试数据双向绑定
android·compose
hnlgzb26 分钟前
kotlin类 继承android.app.Activity 和androidx.activity.ComponentActivity 有什么区别?
android·kotlin·androidx
lizhenjun1144 小时前
android修改线程名字长度
android
用户69371750013847 小时前
Google 正在“收紧侧加载”:陌生 APK 安装或需等待 24 小时
android·前端
用户69371750013848 小时前
Room 3.0:这次不是升级,是重来
android·前端·google
alexhilton10 小时前
Compose中的ContentScale:终极可视化指南
android·kotlin·android jetpack
Digitally13 小时前
2026 年 8 款安卓数据擦除软件和应用对比
android
杨忆13 小时前
android 11以上 截图工具类
android
热门推荐
01GitHub 镜像站点02Qwen3.5 开源全解析:从 0.8B 到 397B,代际升级 + 全场景选型指南03OpenClaw 使用和管理 MCP 完全指南04Labelme从安装到标注:零基础完整指南05AI 编程三剑客:Spec-Kit、OpenSpec、Superpowers 深度对比与实战指南06UV安装并设置国内源07小黑课堂计算机二级WPSoffice题库软件下载安装教程(2026年3月最新版)08OpenClaw Control UI安全上下文访问配置09Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services10“wsl --install -d Ubuntu-22.04”下载慢,中国地区离线安装 Ubuntu 22.04 WSL方法(亲测2025年5月6日)