Method to add new user privileges in MySQL
- 2020-05-06 11:47:15
- OfStack
There are two different ways to add users: by using the GRANT statement or by directly manipulating the MySQL authorization table. It is better to use GRANT statements because they are more concise and seem to have fewer errors.
The following example shows how to install a new user using MySQL customers. These examples assume that permissions are installed by default as described in the previous section. This means that in order to change, you must be running on the same machine as MySQL, you must be connected as MySQL root user, and root user must have insert and reload administrative rights to MySQL database. Also, if you change the root user password, you must specify it in the MySQL command below.
You can add new users by issuing GRANT statements:
These GRANT statements install three new users:
monty: you can connect to a full superuser of the server from anywhere, but you must use a password ('something' to do this. Note that we must issue GRANT statements for monty@localhost and monty@"%". If we add the localhost entry, the anonymous user entry for localhost that was created by mysql_install_db when we connected from the localhost will take precedence because it has a more specific Host field value, so it will come earlier in order in the user table.
admin: users who can connect from localhost without a password and are granted administrative rights for reload and process. This allows users to execute the mysqladmin reload, mysqladmin refresh and mysqladmin flush-* commands, as well as mysqladmin processlist. Database - related permissions are not granted. They can authorize it later by issuing another GRANT statement.
dummy: can connect to a user without a password, but only from the localhost. Global permissions are set to 'N'- the USAGE permission type allows you to set a user without permission. It assumes that you will grant database-related permissions later.
You can also add the same user access information directly by issuing an INSERT statement and then telling the server to load the authorization table again:
The following example shows how to install a new user using MySQL customers. These examples assume that permissions are installed by default as described in the previous section. This means that in order to change, you must be running on the same machine as MySQL, you must be connected as MySQL root user, and root user must have insert and reload administrative rights to MySQL database. Also, if you change the root user password, you must specify it in the MySQL command below.
You can add new users by issuing GRANT statements:
shell> mysql --user=root mysql
mysql> GRANT ALL PRIVILEGES ON *.* TO monty@localhost
IDENTIFIED BY 'something' WITH GRANT OPTION;
mysql> GRANT ALL PRIVILEGES ON *.* TO monty@"%"
IDENTIFIED BY 'something' WITH GRANT OPTION;
mysql> GRANT RELOAD,PROCESS ON *.* TO admin@localhost;
mysql> GRANT USAGE ON *.* TO dummy@localhost;
These GRANT statements install three new users:
monty: you can connect to a full superuser of the server from anywhere, but you must use a password ('something' to do this. Note that we must issue GRANT statements for monty@localhost and monty@"%". If we add the localhost entry, the anonymous user entry for localhost that was created by mysql_install_db when we connected from the localhost will take precedence because it has a more specific Host field value, so it will come earlier in order in the user table.
admin: users who can connect from localhost without a password and are granted administrative rights for reload and process. This allows users to execute the mysqladmin reload, mysqladmin refresh and mysqladmin flush-* commands, as well as mysqladmin processlist. Database - related permissions are not granted. They can authorize it later by issuing another GRANT statement.
dummy: can connect to a user without a password, but only from the localhost. Global permissions are set to 'N'- the USAGE permission type allows you to set a user without permission. It assumes that you will grant database-related permissions later.
You can also add the same user access information directly by issuing an INSERT statement and then telling the server to load the authorization table again:
shell> mysql --user=root mysql
mysql> INSERT INTO user VALUES('localhost','monty',PASSWORD('something'),
'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')
mysql> INSERT INTO user VALUES('%','monty',PASSWORD('something'),
'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y')
mysql> INSERT INTO user SET Host='localhost',User='admin',
Reload_priv='Y', Process_priv='Y';
mysql> INSERT INTO user (Host,User,Password)
VALUES('localhost','dummy','');
mysql> FLUSH PRIVILEGES;