User Management in MySQL
-
Upload
amit-srivastava -
Category
Documents
-
view
231 -
download
0
Transcript of User Management in MySQL
-
8/3/2019 User Management in MySQL
1/23
User Management in
MySQLAmit Kumar, B.Tech.,
Test ConsultantIndia
-
8/3/2019 User Management in MySQL
2/23
MySQL grant tables
user, db, host, tables_priv, andcolumns_priv
Authentication and rights to an user.
Types of Columns Scope andPrivilege
-
8/3/2019 User Management in MySQL
3/23
User table
Primary table
Controls information about users,privileges, hosts.
User identified as: user@host
Includes following columns: Scope(Host,User, and Password), Data-related
privilege, Administrative privilege,Encryption-related privilege, andConnection-related privilege.
-
8/3/2019 User Management in MySQL
4/23
db table
To assign database-specificprivileges.
Columns included Scope(Host, Db,and User), Privilege (data-related)
db table works in conjunction withhost table.
-
8/3/2019 User Management in MySQL
5/23
Host table
Checked only when a user is listed in thedb table but the host column is blank.
Combination of db and host allows to
apply privileges to a user who connectsfrom multiple hosts.
Columns included: Scope(Scope and Db)and Privilege
Only grant table that doesnt include usercolumn.
-
8/3/2019 User Management in MySQL
6/23
tables_priv table
Specific to table level privileges
Columns included: Scope(Host, DB,User, and Table_name),Pivilege(Table_priv, andColumn_priv)
table_priv works in conjunction withcolumns_priv table.
-
8/3/2019 User Management in MySQL
7/23
columns_priv table
Privileges related to individualcolumns
Columns included: Scope(Host, Db,User, and Column_name),Privilege(Column_priv)
-
8/3/2019 User Management in MySQL
8/23
MySQL privileges(user, db, and
host) Data-related select_priv, insert_priv,
update_priv, delete_priv, create_priv, drop_priv,grant_priv, index_priv, alter_priv,create_tmp_table_priv, and lock_table_priv.
Administrative reload_priv, shutdown_priv,process_priv, file_priv, show_db_priv,super_priv, repl_slave_priv, repl_client_priv
Encryption-related ssl_type, ssl_cipher,x509_issuer, x509_subject
Connection_related max_questions,max_updates, max_connections
-
8/3/2019 User Management in MySQL
9/23
MySQL access control
Authenticating connections
user table is involved.
% wild card in the host column.
user column is blank blank password
Host User
%Domain1.com
localhost
%
Rootuser1
-
8/3/2019 User Management in MySQL
10/23
MySQL access control contd
How MySQL accesses the user table; When the MySQL server starts, data from the user
table is copied to memory in sorted order. When a client attempts to log on to the server, the
user account is checked against the sorted user data
in memory. The server uses the first applicable entry toauthenticate a user, based first on host value andthen on the user value.
Sorting of the rows are very important
Host User
Domain1.com
localhost
%
%
User1
Root
-
8/3/2019 User Management in MySQL
11/23
MySQL access control contd
Verifying privileges (authorization)
Privileges checked in an order for anuser in the grant tables.
This also related to user who logged in.
-
8/3/2019 User Management in MySQL
12/23
Verifying Privileges
-
8/3/2019 User Management in MySQL
13/23
Verifying Privileges
-
8/3/2019 User Management in MySQL
14/23
Adding users
User can be added in many ways;
Using create user statement
Using insert into statement
Using grant statement
Create user syntax;
CREATE USER username@hostnameIDENTIFIED BY password;
-
8/3/2019 User Management in MySQL
15/23
Using the GRANT statement
GRANT [( [{, }...])][{, [( [{, }...])]}...]ON { | * | *.* | .*}TO @ [IDENTIFIED BY [PASSWORD] ][{, @ [IDENTIFIED BY [PASSWORD] ]}...][REQUIRE {NONE | SSL | X509 | {}][WITH [...]]
::= [[AND] ] [[AND] ]
::={CIPHER }| {ISSUER }| {SUBJECT }
::={GRANT OPTION}| {MAX_QUERIES_PER_HOUR }| {MAX_UPDATES_PER_HOUR }
| {MAX_CONNECTIONS_PER_HOUR }
-
8/3/2019 User Management in MySQL
16/23
GRANT statement contd
GRANT clause
ON clause
Global
Database Table
Column
TO clause Host
User
Password
-
8/3/2019 User Management in MySQL
17/23
Example
GRANT ALL
ON *.*
TO [email protected] IDENTIFIED BY pw1;
GRANT SELECT, UPDATE
ON test.*
TO [email protected] IDENTIFIED BY pw1;
GRANT SELECT, UPDATE
ON test.Books
TO [email protected] IDENTIFIED BY pw1;
-
8/3/2019 User Management in MySQL
18/23
Example contd..
GRANT SELECT, UPDATE (BookTitle, Copyright)
ON test.Books
TO [email protected] IDENTIFIED BY pw1;
-
8/3/2019 User Management in MySQL
19/23
WITH clause
[WITH [...]]
::=
{GRANT OPTION}
| {MAX_QUERIES_PER_HOUR }
| {MAX_UPDATES_PER_HOUR }| {MAX_CONNECTIONS_PER_HOUR }
Example:
GRANT SELECT, UPDATEON test.*
TO [email protected] IDENTIFIED BY pw1
WITH GRANT OPTION MAX_QUERIES_PER_HOUR 50MAX_UPDATES_PER_HOUR 50;
-
8/3/2019 User Management in MySQL
20/23
SHOW GRANTS
Syntax:
SHOW GRANTS FOR @
Example:SHOW GRANTS FOR [email protected];
-
8/3/2019 User Management in MySQL
21/23
Setting password for the user
SET PASSWORD [FOR@] =PASSWORD()
FLUSH PRIVILEGES
Examples:SET PASSWORD = PASSWORD(pw2);
SET PASSWORD FOR [email protected] =PASSWORD(pw3);
-
8/3/2019 User Management in MySQL
22/23
Dropping users and revokingprivileges
Removing an account often includesthree steps:
1. Using the SHOW GRANTS statement
to view the user accounts currentprivileges.
2. Using the REVOKE statement to
revoke the privileges from the useraccount.
3. Using the DROP USER statement toremove the user from the system.
-
8/3/2019 User Management in MySQL
23/23
REVOKE statement
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM @ [{, @}...]
Example:GRANT SELECT, UPDATEON test.*
TO [email protected] IDENTIFIED BY pw1
WITH GRANT OPTION MAX_QUERIES_PER_HOUR 50
MAX_UPDATES_PER_HOUR 50;
REVOKE ALL PRIVILEGES, GRANT OPTION