Copy from http://comp4.com/ MySQL User Management (1)
Add time: 19 May 2004 01:08 Views: 1047 MySQL administrator should know how to set the mysql user account, pointing which user can connect the server, where to connect, what to do after the connection. MySQL 3.22.11 begins to introduce two statements to make this work easier: GRANT statements create mysql users and specify their permissions, while the REVOKE statement deletes permissions. Two statements play a front-end role of the MySQL database and provide another way to direct the contents of these tables. CREATE and REVOKE statements affect 4 tables: Authorization form User can connect to the server users and any global permission of the Global Permissions of the DB Database grade licensed TABLES_PRIV table-level license COLUMNS_PRIV list grade licenses also have the 5th authorization form (Host), but it is not affected by Grant and Revoke. When you send a GRANT statement to a user, create a record for the user in the User table. If the statement specifies any global permissions (management permission or license for all databases), these are also recorded in the User table. If you specify a database, table, and column grade licenses, they are recorded in DB, Tables_PRIV, and COLUMNS_PRIV tables. It is easier to use Grant and Revoke than the direct modification of the license table, however, I suggest you read the "MySQL Security Guide". These tables are important, and as an administrator, you should understand how they go beyond the feature levels of Grant and Revoke statements. In the following chapter, we will show how to set the mysql user account and authorize. We also involve how to withdraw and remove users from the license list. You may also want to consider using mysqlaccess and mysql_setpermission scripts, which is part of MySQL distribution, which is a Perl script, and another option to provide a GRANT statement to set a user account. MySQL_SETPERMISSION needs to install DBI support. 1 Create the user and authorize the syntax of the GRANT statement looks like this: GRANT privileges (columns) on what to user identified by "password" with grant option To use this statement, you need to fill out the following: Privilege's license to the user, under Tables list permission specifiers available for a GRANT statement: Permission Specifier License Operation Alter Modify Table and Index Create Create Database and Table Delete Delete Table Existing Record DROP Discard (Delete) Database and Table Index creates or discards the index INSERT inserts the new line Reference Reference Update in the table Update in the SELECT Retrieval table Update modified the existing table record file processs on the file Process on the server Process View the thread information executed in the server or kill the thread Reload Load authorization form or empty log, host cache or table cache. ShutDown Close Server All; All privileges synonyms USAGE Special "Unbustible" permissions The above table shows that the license specified in the first group is appropriate for the database, tables, and columns, the second group management permission. Typically, these are relatively strictly authorized because they allow users to affect the operation of the server. The third group of permissions, all means "all permissions", UASGE means no permissions, creating users, but does not grant permission. Columns licensed columns, it is optional, and you can only set column-specific permissions. If the command is more than one column, you should separate them with a comma. The level of WHAT license is used.