MYSQL用户管理
数据库的root用户拥有操作数据库的所有权限,如果要团队协作开发,为了避免有成员误操作,可以给成员创建一个权限较低的用户账号
创建用户
create user 用户名 identified by ‘密码’;
mysql> create user dam identified by '12345678';
Query OK, 0 rows affected (0.01 sec)
还可以一次性创建多个用户
mysql> create user dam1 identified by '12345678',dam2 identified by '12345678',dam3 identified by '12345678';
Query OK, 0 rows affected (0.01 sec)
默认创建的用户的主机地址是%,也可以指定主机地址来创建用户
mysql> create user 'dam'@'127.0.0.1' identified by '12345678';
Query OK, 0 rows affected (0.01 sec)
查看所有用户
使用命令行来查询
mysql> use mysql;
Database changed
-- 如果所有字段一起查询的话,数据量非常大,显示效果不好
mysql> select Host,User from user;
+-----------+------------------+
| Host | User |
+-----------+------------------+
| % | dam |
| % | dam1 |
| % | dam2 |
| % | dam3 |
| localhost | mysql.infoschema |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+-----------+------------------+
8 rows in set (0.00 sec)
删除用户
drop user 用户名;(默认删除host为%的用户)
drop user ‘用户名’@'host ';(指定host来删除用户)
mysql> drop user 'dam'@'127.0.0.1';
Query OK, 0 rows affected (0.01 sec)
修改用户密码
修改当前用户密码
ALTER USER USER() IDENTIFIED BY ‘新密码’;
PS C:\Users\17526> mysql -u dam -p12345678
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 908
Server version: 8.0.27 MySQL Community Server - GPL
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
-- 修改密码
mysql> ALTER USER USER() IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.01 sec)
mysql> exit;
Bye
PS C:\Users\17526> mysql -u dam -p12345678
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'dam'@'localhost' (using password: YES)
PS C:\Users\17526> mysql -u dam -p123456
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 910
Server version: 8.0.27 MySQL Community Server - GPL
Copyright (c) 2000, 2021, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
修改指定用户的密码
root用户不仅可以修改自己的密码,还可以修改其他普通用户的密码
alter user 用户名 identified by 新密码;
mysql> alter user dam identified by '123456789';
Query OK, 0 rows affected (0.01 sec)
修改指定用户的用户名
rename user 修改前用户名 to 修改后用户名;
mysql> rename user dam to dam1;
Query OK, 0 rows affected (0.01 sec)
查看用户的权限
查看当前登录用户的权限
show grants;
查询其他用户的权限
show grants for ‘用户名’@‘主机地址’;
mysql> show grants for dam;
+---------------------------------+
| Grants for dam@% |
+---------------------------------+
| GRANT USAGE ON *.* TO `dam`@`%` |
+---------------------------------+
1 row in set (0.00 sec)
给用户赋予权限
权限分类
mysql> show privileges;
+-----------------------------+---------------------------------------+-------------------------------------------------------+
| Privilege | Context | Comment |
+-----------------------------+---------------------------------------+-------------------------------------------------------+
| Alter | Tables | To alter the table |
| Alter routine | Functions,Procedures | To alter or drop stored functions/procedures |
| Create | Databases,Tables,Indexes | To create new databases and tables |
| Create routine | Databases | To use CREATE FUNCTION/PROCEDURE |
| Create role | Server Admin | To create new roles |
| Create temporary tables | Databases | To use CREATE TEMPORARY TABLE |
| Create view | Tables | To create new views |
| Create user | Server Admin | To create new users |
| Delete | Tables | To delete existing rows |
| Drop | Databases,Tables | To drop databases, tables, and views |
| Drop role | Server Admin | To drop roles |
| Event | Server Admin | To create, alter, drop and execute events |
| Execute | Functions,Procedures | To execute stored routines |
| File | File access on server | To read and write files on the server |
| Grant option | Databases,Tables,Functions,Procedures | To give to other users those privileges you possess |
| Index | Tables | To create or drop indexes |
| Insert | Tables | To insert data into tables |
| Lock tables | Databases | To use LOCK TABLES (together with SELECT privilege) |
| Process | Server Admin | To view the plain text of currently executing queries |
| Proxy | Server Admin | To make proxy user possible |
| References | Databases,Tables | To have references on tables |
| Reload | Server Admin | To reload or refresh tables, logs and privileges |
| Replication client | Server Admin | To ask where the slave or master servers are |
| Replication slave | Server Admin | To read binary log events from the master |
| Select | Tables | To retrieve rows from table |
| Show databases | Server Admin | To see all databases with SHOW DATABASES |
| Show view | Tables | To see views with SHOW CREATE VIEW |
| Shutdown | Server Admin | To shut down the server |
| Super | Server Admin | To use KILL thread, SET GLOBAL, CHANGE MASTER, etc. |
| Trigger | Tables | To use triggers |
| Create tablespace | Server Admin | To create/alter/drop tablespaces |
| Update | Tables | To update existing rows |
| Usage | Server Admin | No privileges - allow connect only |
| ENCRYPTION_KEY_ADMIN | Server Admin | |
| INNODB_REDO_LOG_ARCHIVE | Server Admin | |
| GROUP_REPLICATION_STREAM | Server Admin | |
| CLONE_ADMIN | Server Admin | |
| SYSTEM_USER | Server Admin | |
| SHOW_ROUTINE | Server Admin | |
| BACKUP_ADMIN | Server Admin | |
| RESOURCE_GROUP_ADMIN | Server Admin | |
| SESSION_VARIABLES_ADMIN | Server Admin | |
| PERSIST_RO_VARIABLES_ADMIN | Server Admin | |
| CONNECTION_ADMIN | Server Admin | |
| SYSTEM_VARIABLES_ADMIN | Server Admin | |
| APPLICATION_PASSWORD_ADMIN | Server Admin | |
| FLUSH_OPTIMIZER_COSTS | Server Admin | |
| AUDIT_ADMIN | Server Admin | |
| AUTHENTICATION_POLICY_ADMIN | Server Admin | |
| BINLOG_ADMIN | Server Admin | |
| BINLOG_ENCRYPTION_ADMIN | Server Admin | |
| FLUSH_STATUS | Server Admin | |
| FLUSH_TABLES | Server Admin | |
| FLUSH_USER_RESOURCES | Server Admin | |
| SET_USER_ID | Server Admin | |
| SERVICE_CONNECTION_ADMIN | Server Admin | |
| GROUP_REPLICATION_ADMIN | Server Admin | |
| REPLICATION_APPLIER | Server Admin | |
| INNODB_REDO_LOG_ENABLE | Server Admin | |
| XA_RECOVER_ADMIN | Server Admin | |
| PASSWORDLESS_USER_ADMIN | Server Admin | |
| TABLE_ENCRYPTION_ADMIN | Server Admin | |
| ROLE_ADMIN | Server Admin | |
| REPLICATION_SLAVE_ADMIN | Server Admin | |
| RESOURCE_GROUP_USER | Server Admin | |
+-----------------------------+---------------------------------------+-------------------------------------------------------+
65 rows in set (0.00 sec)
Index:创建或者删除索引Create、Drop:创建或者删除库、表Alter:修改表的结构/重命名表Select、Insert、Update、Delete:对表进行增删改查Grant option:赋予用户给其他用户授权的权利
赋予部分权限
【命令行方式】
GRANT 权限1,权限2,…权限n ON 数据库名称.表名称 TO '用户名'@'用户主机地址' [IDENTIFIED BY '密码'];
使用上面的命令,如果用户不存在,将会创建相应用户
-- 赋予用户 dam 数据库 pratice 的所有表的 增删改查 权限
mysql> GRANT SELECT,INSERT,DELETE,UPDATE ON pratice.* TO dam;
Query OK, 0 rows affected (0.01 sec)
【使用MYSQL工具Navicat】
使用工具可以更加方便直观的管理权限
收回部分权限
REVOKE 权限1,权限2,…权限n ON 数据库名称.表名称 FROM '角色名称'@'域名';
赋予全部权限
grant all privileges on . to 用户名;
mysql> grant all privileges on *.* to dam;
- .:所有数据库的所有表
授予所有权限之后,可以查出来很多权限
mysql> show grants for dam;
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for dam@% |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `dam`@`%` |
| GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,AUTHENTICATION_POLICY_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,FLUSH_OPTIMIZER_COSTS,FLUSH_STATUS,FLUSH_TABLES,FLUSH_USER_RESOURCES,GROUP_REPLICATION_ADMIN,GROUP_REPLICATION_STREAM,INNODB_REDO_LOG_ARCHIVE,INNODB_REDO_LOG_ENABLE,PASSWORDLESS_USER_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SHOW_ROUTINE,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `dam`@`%` |
+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
收回用户的所有权限
revoke all privileges on . from 用户名;
mysql> revoke all privileges on *.* from dam;
Query OK, 0 rows affected (0.01 sec)
mysql> show grants for dam;
+---------------------------------+
| Grants for dam@% |
+---------------------------------+
| GRANT USAGE ON *.* TO `dam`@`%` |
+---------------------------------+
1 row in set (0.00 sec)
用户管理tips
- 创建用户的时候限制Host,设置复杂一点的密码
- 给用户授权的时候,权限够用就行,不要多给
- 定期清理没有用的用户或者回收权限
MYSQL角色管理
在开发中,可能多个开发者的权限是一致的,如果为每个开发者的账号都赋予一遍权限,会浪费很多没有必要的工作量,解决方式是:先将权限绑定到角色中,然后将用户账号与角色绑定,这样用户就被赋予了角色的权限,同时用户还可以有自己额外的权限
创建角色
-- 创建角色 门店管理员 ,限制只能在数据库服务器使用这个角色
mysql> create role 'storeManager'@'localhost';
Query OK, 0 rows affected (0.01 sec)
-- 直接创建角色,默认域名是 % ,什么主机都可以使用这个角色
mysql> create role enterpriseManager;
Query OK, 0 rows affected (0.01 sec)
-- 同时创建多个角色
mysql> create role staff,systemManager;
Query OK, 0 rows affected (0.01 sec)
删除角色
drop role '角色名称'@'域名';
给角色赋予权限
赋予部分权限
grant 权限1,权限2,…权限n on 数据库名称.表名 to '角色名称'@'域名';
赋予所有权限
grant all privileges on *.* to '角色名称'@'域名';
查看角色所拥有的权限
show grants for '角色名称'@'域名';
mysql> show grants for staff;
+-----------------------------------+
| Grants for staff@% |
+-----------------------------------+
| GRANT USAGE ON *.* TO `staff`@`%` |
+-----------------------------------+
1 row in set (0.00 sec)
角色一旦被创建,系统会自动赋予一个UEAGE权限,该权限用于连接登录数据库。
回收部分权限
revoke 权限1,权限2,…权限n on 数据库名称.表名 from '角色名称'@'域名';
回收所有权限
revoke all privileges on *.* from '角色名称'@'域名';
激活角色功能
mysql> show variables like 'activate_all_roles_on_login';
+-----------------------------+-------+
| Variable_name | Value |
+-----------------------------+-------+
| activate_all_roles_on_login | OFF |
+-----------------------------+-------+
1 row in set, 1 warning (0.00 sec)
-- 激活角色功能
mysql> SET GLOBAL activate_all_roles_on_login=ON;
Query OK, 0 rows affected (0.00 sec)
给用户赋予角色
grant role1,role2,…,rolen to '角色名称'@'域名';
查询当前用户拥有的角色
mysql> select current_role();
+----------------+
| current_role() |
+----------------+
| NONE |
+----------------+
1 row in set (0.00 sec)
撤销用户所绑定的角色
revoke '角色名称'@'域名' FROM '用户名'@'域名';
MYSQL数据备份
使用软件备份
将数据库的数据和结构导出成sql,后面只需要导入sql即可恢复数据库
使用命令
使用navicat导出较大数据库的数据,可能会出现bug,我有遇到过,但是使用命令导出没有问题
mysqldump -h 主机地址 -u 用户名 -p 密码 数据库 [表1 表2 表3] > 磁盘位置/文件名.sql;
注:[表1 表2 表3] 不写,就导出整个数据库
-- 导出整个数据库
PS C:\Users\17526> mysqldump -hlocalhost -uroot -p12345678 practice >D:/Desktop/pratice.sql;
mysqldump: [Warning] Using a password on the command line interface can be insecure.
-- 导出数据库的指定表
PS C:\Users\17526> mysqldump -hlocalhost -uroot -p12345678 practice user major >D:/Desktop/pratice.sql;
mysqldump: [Warning] Using a password on the command line interface can be insecure.
