User Management in MySQL

8/3/2019 User Management in MySQL

1/23

User Management in

MySQLAmit Kumar, B.Tech.,

Test ConsultantIndia


2/23

MySQL grant tables

user, db, host, tables_priv, andcolumns_priv

Authentication and rights to an user.

Types of Columns Scope andPrivilege


3/23

User table

Primary table

Controls information about users,privileges, hosts.

User identified as: user@host

Includes following columns: Scope(Host,User, and Password), Data-related

privilege, Administrative privilege,Encryption-related privilege, andConnection-related privilege.


4/23

db table

To assign database-specificprivileges.

Columns included Scope(Host, Db,and User), Privilege (data-related)

db table works in conjunction withhost table.


5/23

Host table

Checked only when a user is listed in thedb table but the host column is blank.

Combination of db and host allows to

apply privileges to a user who connectsfrom multiple hosts.

Columns included: Scope(Scope and Db)and Privilege

Only grant table that doesnt include usercolumn.


6/23

tables_priv table

Specific to table level privileges

Columns included: Scope(Host, DB,User, and Table_name),Pivilege(Table_priv, andColumn_priv)

table_priv works in conjunction withcolumns_priv table.


7/23

columns_priv table

Privileges related to individualcolumns

Columns included: Scope(Host, Db,User, and Column_name),Privilege(Column_priv)


8/23

MySQL privileges(user, db, and

host) Data-related select_priv, insert_priv,

update_priv, delete_priv, create_priv, drop_priv,grant_priv, index_priv, alter_priv,create_tmp_table_priv, and lock_table_priv.

Administrative reload_priv, shutdown_priv,process_priv, file_priv, show_db_priv,super_priv, repl_slave_priv, repl_client_priv

Encryption-related ssl_type, ssl_cipher,x509_issuer, x509_subject

Connection_related max_questions,max_updates, max_connections


9/23

MySQL access control

Authenticating connections

user table is involved.

% wild card in the host column.

user column is blank blank password

Host User

%Domain1.com

localhost

%

Rootuser1


10/23

MySQL access control contd

How MySQL accesses the user table; When the MySQL server starts, data from the user

table is copied to memory in sorted order. When a client attempts to log on to the server, the

user account is checked against the sorted user data

in memory. The server uses the first applicable entry toauthenticate a user, based first on host value andthen on the user value.

Sorting of the rows are very important

Host User

Domain1.com

localhost

%

%

User1

Root


11/23

MySQL access control contd

Verifying privileges (authorization)

Privileges checked in an order for anuser in the grant tables.

This also related to user who logged in.


12/23

Verifying Privileges


13/23

Verifying Privileges


14/23

Adding users

User can be added in many ways;

Using create user statement

Using insert into statement

Using grant statement

Create user syntax;

CREATE USER username@hostnameIDENTIFIED BY password;


15/23

Using the GRANT statement

GRANT [( [{, }...])][{, [( [{, }...])]}...]ON { | * | *.* | .*}TO @ [IDENTIFIED BY [PASSWORD] ][{, @ [IDENTIFIED BY [PASSWORD] ]}...][REQUIRE {NONE | SSL | X509 | {}][WITH [...]]

::= [[AND] ] [[AND] ]

::={CIPHER }| {ISSUER }| {SUBJECT }

::={GRANT OPTION}| {MAX_QUERIES_PER_HOUR }| {MAX_UPDATES_PER_HOUR }

| {MAX_CONNECTIONS_PER_HOUR }


16/23

GRANT statement contd

GRANT clause

ON clause

Global

Database Table

Column

TO clause Host

User

Password


17/23

Example

GRANT ALL

ON *.*

TO [email protected] IDENTIFIED BY pw1;

GRANT SELECT, UPDATE

ON test.*


GRANT SELECT, UPDATE

ON test.Books



18/23

Example contd..

GRANT SELECT, UPDATE (BookTitle, Copyright)

ON test.Books



19/23

WITH clause

[WITH [...]]

::=

{GRANT OPTION}

| {MAX_QUERIES_PER_HOUR }

| {MAX_UPDATES_PER_HOUR }| {MAX_CONNECTIONS_PER_HOUR }

Example:

GRANT SELECT, UPDATEON test.*

TO [email protected] IDENTIFIED BY pw1

WITH GRANT OPTION MAX_QUERIES_PER_HOUR 50MAX_UPDATES_PER_HOUR 50;


20/23

SHOW GRANTS

Syntax:

SHOW GRANTS FOR @

Example:SHOW GRANTS FOR [email protected];


21/23

Setting password for the user

SET PASSWORD [FOR@] =PASSWORD()

FLUSH PRIVILEGES

Examples:SET PASSWORD = PASSWORD(pw2);

SET PASSWORD FOR [email protected] =PASSWORD(pw3);


22/23

Dropping users and revokingprivileges

Removing an account often includesthree steps:

1. Using the SHOW GRANTS statement

to view the user accounts currentprivileges.

2. Using the REVOKE statement to

revoke the privileges from the useraccount.

3. Using the DROP USER statement toremove the user from the system.


23/23

REVOKE statement

REVOKE ALL PRIVILEGES, GRANT OPTION

FROM @ [{, @}...]

Example:GRANT SELECT, UPDATEON test.*

TO [email protected] IDENTIFIED BY pw1

WITH GRANT OPTION MAX_QUERIES_PER_HOUR 50

MAX_UPDATES_PER_HOUR 50;

REVOKE ALL PRIVILEGES, GRANT OPTION

[email protected];

User Management in MySQL

Documents