MySQL User Administration

9:12 PM

There are three major parts to creating a user in MySQL.

  1. IP address of the user will be connecting from.
  2. User Privileges
  3. User Name and Password


    Things not to provide for users because of security risks.

  • Grant users with super privlieges
    EX.
    GRANT SUPER ON database.* TO opsourceadmin@'10.103.240.173' IDENTIFIED BY 'opsource';
  • Grant users for login to MySQL using mutiple IP's
    EX.
    GRANT SELECT ON database.* TO opsourceadmin@'%' IDENTIFIED BY 'opsource';
  • Root users always has to be localhost.
    EX.
    GRANT SUPER ON database.* TO root@'localhost' IDENTIFIED BY 'opsource';



    The command to create a user is following

GRANT <Privilege> ON database.<Databases_Name> TO <username>@<'IP_Address_user_is_using'> IDENTIFIED BY <'Password'>;
EX.
GRANT SELECT, INSERT, DELETE ON database.* TO opsourceadmin@'10.103.240.173' IDENTIFIED BY 'opsource';



The command to see user's permissions

select * from mysql.user where User=<'username'>;
EX.
select * from mysql.user where User='opsourceadmin';

Another way to see user's privileges is to use SHOW GRANTS
EX:
mysql> show grants for 'opsbackup'@'localhost';
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for opsbackup@localhost                                                                                                                                                                       |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, RELOAD, PROCESS, FILE, SUPER, LOCK TABLES, EXECUTE, REPLICATION CLIENT, SHOW VIEW ON *.* TO 'opsbackup'@'localhost' IDENTIFIED BY PASSWORD '*8D156BD7C7F2FE530F1E5E9167D1452D9EE50EA3' |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
The command to revoke a user's permissions
REVOKE <privileges> PRIVILEGES ON database.<Databases_Name> FROM <username>@<'IP_Address_user_is_using'>;
EX.
REVOKE DELETE PRIVILEGES ON database.* FROM opsourceadmin@10.103.240.173;



Privilege

Meaning

ALL <PRIVILEGES> Sets all simple privileges except GRANT OPTION
ALTER Enables use of ALTER TABLE
CREATE Enables use of CREATE TABLE
CREATE TEMPORARY TABLES Enables use of CREATE TEMPORARY TABLE
DELETE Enables use of DELETE
FILE Enables use of SELECT ... INTO OUTFILE and LOAD DATA INFILE
INDEX Enables use of CREATE INDEX and DROP INDEX
INSERT Enables use of INSERT
LOCK TABLES Enables use of LOCK TABLES on tables for which you have the SELECT privilege
PROCESS Enables the user to see all processes with SHOW PROCESSLIST
RELOAD Enables use of FLUSH
REPLICATION CLIENT Enables the user to ask where slave or master servers are
REPLICATION SLAVE Needed for replication slaves (to read binary log events from the master)
SELECT Enables use of SELECT
SHOW DATABASES SHOW DATABASES shows all databases
SHUTDOWN Enables use of MySQLadmin shutdown
SUPER Enables use of CHANGE MASTER, KILL, PURGE MASTER LOGS, and SET GLOBAL statements, the MySQLadmin debug command; allows you to connect (once) even if max_connections is reached
UPDATE Enables use of UPDATE
USAGE Synonym for privileges
GRANT OPTION Enables privileges to be granted

Share This Story

Tags: ,

Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Aenean commodo ligula eget dolor Aenean massa.

You Might Also Like

0 comments

Contact Form

Name

Email *

Message *

Translate

Wikipedia

Search results