TiDB入门篇-用户管理与安全

企业开发 2023-04-06 15:49:46 阅读次数: 0

简介

简单的介绍用户的管理和安全。

操作

创建用户和创建角色&修改密码

mysql --host 192.168.66.10 --port 4000 -u root -p
#创建一个用户
create user'jack'@'192.168.66.10' identified by 'pingcap';
#创建2个新角色
create role r_manager,r_staff;
#查询mysql.user表的user,host 和 authentication_string 列,确认新的用户和角色是否已经被创建了
select user,host,authentication_string from mysql.user\G

mysql> select user,host,authentication_string from mysql.user\G
*************************** 1. row ***************************
                 user: root
                 host: %
authentication_string: 
*************************** 2. row ***************************
                 user: jack
                 host: 192.168.66.10
authentication_string: *926E4B88EB93FD344DF0870EE025D6EB153C02DE
*************************** 3. row ***************************
                 user: r_manager
                 host: %
authentication_string: 
*************************** 4. row ***************************
                 user: r_staff
                 host: %
authentication_string: 
4 rows in set (0.00 sec)

#上面创建的角色是没有密码的
查询角色r_staff的详细信息
select * from mysql.user where user='r_staff' \G
Account_locked: Y
authentication_string: 为空

#修改jack的密码
alter user 'jack'@'192.168.66.10' identified by 'tidb';
exit;
#测试登录
mysql --host 192.168.66.10 --port 4000 -u jack -ptidb

角色和用户的删除


mysql --host 192.168.66.10 --port 4000 -u root -p
#删除角色
drop role r_staff;
select * from mysql.user where user='r_staff';

mysql> select * from mysql.user where user='r_staff';
Empty set (0.00 sec)

#删除用户
drop user 'jack'@'192.168.66.10';
select * from mysql.user where user='jack';

权限管理


mysql --host 192.168.66.10 --port 4000 -u root -p
#删除角色
drop role r_staff;
select * from mysql.user where user='r_staff';

mysql> select * from mysql.user where user='r_staff';
Empty set (0.00 sec)

#删除用户
drop user 'jack'@'192.168.66.10';
select * from mysql.user where user='jack';

#权限管理
use test;
create table emp (id int,name varchar(20));
insert into emp values(1,'tom');
insert into emp values(1,'jack');
create user'jack'@'192.168.66.10' identified by 'pingcap';
create role r_mgr,r_emp;
#将test库下面的emp的读权限赋值给角色r_emp
grant select on test.emp to r_emp;
#将test库下面的所有表的insert,update和delete 权限赋权给角色r_mgr;
grant insert,update,delete on test.* to r_mgr;

create table dept (id int,dname varchar(20));
insert into dept values(1,'dev');
insert into dept values(2,'sales');

grant select on test.dept to 'jack'@'192.168.66.10';

#用jack用户登录看下效果
mysql --host 192.168.66.10 --port 4000 -u jack -ppingcap

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| INFORMATION_SCHEMA |
| test               |
+--------------------+
2 rows in set (0.00 sec)

mysql> use test;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| dept           |
+----------------+
1 row in set (0.00 sec)

mysql> select * from dept;
+------+-------+
| id   | dname |
+------+-------+
|    1 | dev   |
|    2 | sales |
+------+-------+
2 rows in set (0.00 sec)

delete from dept;
mysql> delete from dept;
ERROR 1142 (42000): DELETE command denied to user 'jack'@'192.168.66.10' for table 'dept'

赋予用户角色

#将角色r_emp赋予 r_mgr 和用户'jack'@'192.168.66.10'
grant r_emp to r_mgr,'jack'@'192.168.66.10';
#jack用户重新登录
mysql --host 192.168.66.10 --port 4000 -u jack -ppingcap
use test;
select current_role();
#登录进来以后没有看到任何角色
Database changed
mysql> select current_role();
+----------------+
| current_role() |
+----------------+
| NONE           |
+----------------+
1 row in set (0.00 sec)

show grants;

mysql> show grants;
+-----------------------------------------------------+
| Grants for User                                     |
+-----------------------------------------------------+
| GRANT USAGE ON *.* TO 'jack'@'192.168.66.10'        |
| GRANT SELECT ON test.dept TO 'jack'@'192.168.66.10' |
| GRANT 'r_emp'@'%' TO 'jack'@'192.168.66.10'         |
+-----------------------------------------------------+
3 rows in set (0.01 sec)

#开启角色功能才能有对应的角色权限
set role all;
select current_role();

mysql> select current_role();
+----------------+
| current_role() |
+----------------+
| `r_emp`@`%`    |
+----------------+
1 row in set (0.00 sec)

mysql> show tables;
+----------------+
| Tables_in_test |
+----------------+
| dept           |
| emp            |
+----------------+
2 rows in set (0.00 sec)

猜你喜欢

转载自blog.csdn.net/S1124654/article/details/129769376
今日推荐
面壁智能发布 Eurux-8x22B 开源大模型 —— 堪称「理科状元」
开源日报 | 谷歌扶持鸿蒙上位;开源Rabbit R1;Docker加持的安卓手机;微软的焦虑和野心;海尔电器把开放平台关了
中国码农的“35岁魔咒”
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Arc Browser for Windows 1.0 正式 GA
90后程序员开发视频搬运软件、不到一年获利超 700 万,结局很刑!
周排行
【转】spring中对控制反转和依赖注入的理解
tms webcore 安装和使用
java程序员进阶相关书籍
SpringMVC接受请求参数、
如何保存训练好的机器学习模型
MyEclipse、Eclipse设置项目JDK的三个地方
商超行业微信小程序开发定制一般多少钱 (行业技术人员解读)
Markdown编辑器语言——30分钟入门到到精通
Linux系统下MongoDB的简单安装与基本操作
Power Strings
每日归档
更多
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022