针对 MySQL 帐号信息,其存储在 mysql 库的表中。
for MySQL 5.7
MySQL Manual/Account Management Statements
MySQL Manual/MySQL User Account Management
MySQL 中关于用户账户管理的内容涉及了以下的几个方面:
- ALTER USER Syntax
- CREATE USER Syntax
- DROP USER Syntax: 用户删除语法。
- RENAME USER Syntax
- SET PASSWORD Syntax
授与 | GRANT
MySQL 5.7 Reference Manual / GRANT Statement | https://dev.mysql.com/doc/refman/5.7/en/grant.html
部分权限,例如 REPLICATION CLIENT, REPLICATION SLAVE 等等,需要使用 *.* 进行全局授权,而无法针对库或表进行操作。否则会提示 … ERROR 1221 (HY000): Incorrect usage of DB GRANT and GLOBAL PRIVILEGES[1221] … 信息
SHOW GRANTS
13.7.5 SHOW Syntax / 13.7.5.17 SHOW GRANTS Syntax | https://docs.oracle.com/cd/E17952_01/mysql-5.0-en/show-grants.html
MySQL 8.4 Reference Manual / … / SHOW GRANTS Statement | https://dev.mysql.com/doc/refman/8.4/en/show-grants.html
mysql> SHOW GRANTS FOR 'jeffrey'@'localhost'; +------------------------------------------------------------------+ | Grants for jeffrey@localhost | +------------------------------------------------------------------+ | GRANT USAGE ON *.* TO `jeffrey`@`localhost` | | GRANT SELECT, INSERT, UPDATE ON `db1`.* TO `jeffrey`@`localhost` | +------------------------------------------------------------------+
撤销 | REVOKE
REVOKE Statement | https://dev.mysql.com/doc/refman/8.4/en/revoke.html
REVOKE INSERT ON *.* FROM 'jeffrey'@'localhost'; REVOKE SELECT ON world.* FROM 'role3'; REVOKE 'role1', 'role2' FROM 'user1'@'localhost', 'user2'@'localhost'; REVOKE ALL PRIVILEGES, GRANT OPTION FROM user_or_role [, user_or_role] ... REVOKE ALL ON *.* FROM user_or_role [, user_or_role] ... REVOKE ALL PRIVILEGES ON *.* FROM '<user_name>'@'%';
注意事项
MySQL 的一些版本引入了对授表(grant table)结构的更改,以添加新权限或功能。为了确保可以利用任何新功能,只要更新到新版本的 MySQL,就可以更新授权表(grant table)以拥有当前的结构。
当启用了 read_only 系统变量时,除了任何其他所需权限之外,帐户管理语句(account-management statements)还需要 SUPER 权限。这是因为它们要修改 mysql 库中的表。