授权数据库用户 1.1 问题 本例要求掌握MariaDB数据库中用户账号的授权操作,完成下列任务:
1)为OA系统建立专库 oadb,并授权用户
允许用户 runoa 从本机访问,对库 oadb 有全部权限 访问密码为 pwd@123 测试用户runoa的数据库访问权限 2)新建名为tarzan的管理员
允许从本机访问,对所有库有全部权限 访问密码为 pwd@123 测试用户tarzan的数据库访问权限 1.2 步骤 实现此案例需要按照如下步骤进行。
步骤一:为OA系统建立专库 oadb,并授权用户
1)创建数据库oadb
MariaDB [(none)]> CREATE DATABASE oadb; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]>2)授权用户 runoa 从本机访问,对库 oadb 有全部权限,访问密码为 pwd@123
MariaDB [(none)]> GRANT all ON oadb.* TO runoa@localhost IDENTIFIED BY 'pwd@123'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>3)测试runoa的数据库访问权限
另开一个命令行终端,以runoa用户连接本机数据库,测试删除及重建oadb库。
[root@zbx ~]# mysql -urunoa -ppwd@123 .. .. MariaDB [(none)]> DROP DATABASE oadb; Query OK, 0 rows affected (0.01 sec) MariaDB [(none)]> CREATE DATABASE oadb; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> QUIT; Bye [root@zbx ~]#步骤二:新建名为tarzan的管理员
1)增加管理员用户
允许从本机访问,对所有库有全部权限,访问密码为 pwd@123。
管理员用户有权限通过GRANT授权用户。
MariaDB [(none)]> GRANT all ON *.* to tarzan@localhost IDENTIFIED BY 'pwd@123' WITH GRANT OPTION; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>2)以新管理员用户连接,测试数据库访问权限
使用mysql命令连接MariaDB数据库。
[root@svr7 ~]# mysql -utarzan -pwd@123 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2797 Server version: 5.5.56-MariaDB MariaDB Server Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>测试新建数据库zhdb:
MariaDB [(none)]> CREATE DATABASE zhdb; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]>测试授权数据库用户zhwuji:
MariaDB [(none)]> GRANT all ON zhdb.* TO zhwuji@localhost IDENTIFIED BY 'pwd@123'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>退出:
MariaDB [(none)]> QUIT; Bye [root@zbx ~]#2 案例2:查看及撤销授权 2.1 问题 本例要求学会在MariaDB数据库中查看及撤销指定用户的授权,完成下列任务:
1)查看用户tarzan访问本机数据库的权限
2)撤销用户tarzan从任何客户机来访对所有库的所有权限
3)再次查看用户tarzan访问本机数据库的权限
2.2 步骤 实现此案例需要按照如下步骤进行。
步骤一:查看用户tarzan访问本机数据库的权限
MariaDB [(none)]> SHOW GRANTS FOR tarzan@localhost; +----------------------------------------------------------------------------------------------------------------------------------+ | Grants for tarzan@% | +----------------------------------------------------------------------------------------------------------------------------------+ | GRANT ALL PRIVILEGES ON *.* TO 'tarzan'@'localhost' IDENTIFIED BY PASSWORD '*8AB2CB3B8352A05A9C4AB822AAF421001382BD5E' WITH GRANT OPTION | +----------------------------------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec) MariaDB [(none)]>步骤二:撤销用户tarzan从本机来访对所有库的所有权限
MariaDB [(none)]> REVOKE all ON *.* FROM tarzan@localhost; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>步骤三:再次查看用户tarzan访问本机数据库的权限
MariaDB [(none)]> SHOW GRANTS FOR tarzan@'localhost'; +-------------------------------------------------------------------------------------------------------------------------+ | Grants for tarzan@% | +-------------------------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'tarzan'@'%' IDENTIFIED BY PASSWORD '*8AB2CB3B8352A05A9C4AB822AAF421001382BD5E' WITH GRANT OPTION | +-------------------------------------------------------------------------------------------------------------------------+ 1 row in set (0.00 sec) MariaDB [(none)]>