Академический Документы
Профессиональный Документы
Культура Документы
user, db, host, tables_priv, and columns_priv Authentication and rights to an user. Types of Columns Scope and Privilege
User table
Primary table Controls information about users, privileges, hosts. User identified as: user@host Includes following columns: Scope(Host, User, and Password), Data-related privilege, Administrative privilege, Encryption-related privilege, and Connection-related privilege.
db table
To assign database-specific privileges. Columns included Scope(Host, Db, and User), Privilege (data-related) db table works in conjunction with host table.
Host table
Checked only when a user is listed in the db table but the host column is blank. Combination of db and host allows to apply privileges to a user who connects from multiple hosts. Columns included: Scope(Scope and Db) and Privilege Only grant table that doesnt include user column.
tables_priv table
Specific to table level privileges Columns included: Scope(Host, DB, User, and Table_name), Pivilege(Table_priv, and Column_priv) table_priv works in conjunction with columns_priv table.
columns_priv table
Privileges related to individual columns Columns included: Scope(Host, Db, User, and Column_name), Privilege(Column_priv)
Data-related select_priv, insert_priv, update_priv, delete_priv, create_priv, drop_priv, grant_priv, index_priv, alter_priv, create_tmp_table_priv, and lock_table_priv. Administrative reload_priv, shutdown_priv, process_priv, file_priv, show_db_priv, super_priv, repl_slave_priv, repl_client_priv Encryption-related ssl_type, ssl_cipher, x509_issuer, x509_subject Connection_related max_questions, max_updates, max_connections
Authenticating connections
user table is involved. % wild card in the host column. user column is blank blank password
Host
% Domain1.com localhost % Root user1
User
When the MySQL server starts, data from the user table is copied to memory in sorted order. When a client attempts to log on to the server, the user account is checked against the sorted user data in memory. The server uses the first applicable entry to authenticate a user, based first on host value and then on the user value.
Verifying Privileges
Verifying Privileges
Adding users
TO clause
Host User Password
Example
GRANT ALL
GRANT SELECT, UPDATE ON test.* TO user1@domain1.com IDENTIFIED BY pw1; GRANT SELECT, UPDATE ON test.Books TO user1@domain1.com IDENTIFIED BY pw1;
Example contd..
GRANT SELECT, UPDATE (BookTitle, Copyright)
WITH clause
[WITH <with option> [<with option>...]] <with option>::= {GRANT OPTION} | {MAX_QUERIES_PER_HOUR <count>} | {MAX_UPDATES_PER_HOUR <count>} | {MAX_CONNECTIONS_PER_HOUR <count>} Example:
GRANT SELECT, UPDATE ON test.* TO user1@domain1.com IDENTIFIED BY pw1 WITH GRANT OPTION MAX_QUERIES_PER_HOUR 50 MAX_UPDATES_PER_HOUR 50;
SHOW GRANTS
Syntax:
SHOW GRANTS FOR <user>@<host>
Example:
SHOW GRANTS FOR user1@domain1.com;
FLUSH PRIVILEGES
Examples:
SET PASSWORD = PASSWORD(pw2); SET PASSWORD FOR user1@domain1.com = PASSWORD(pw3);
REVOKE statement
REVOKE ALL PRIVILEGES, GRANT OPTION FROM <user>@<host> [{, <user>@<host>}...]
Example:
GRANT SELECT, UPDATE ON test.* TO user1@domain1.com IDENTIFIED BY pw1 WITH GRANT OPTION MAX_QUERIES_PER_HOUR 50 MAX_UPDATES_PER_HOUR 50; REVOKE ALL PRIVILEGES, GRANT OPTION FROM user1@domain1.com;