Managing user accounts and granular privileges in MySQL
Jul 12, 2025 am 01:52 AM
MySQL user permission management must follow the principle of least permissions to avoid abuse of root accounts. 1. Use the CREATE USER statement when creating a user to ensure that there is no permission at the beginning; 2. Assign specific permissions such as SELECT, INSERT, etc. as needed instead of all permissions; 3. Use GRANT and REVOKE to accurately control and recycle permissions; 4. Check permissions regularly and clean up accounts that are no longer needed; 5. Use wildcards to achieve flexible authorization but use them with caution. These methods can improve database security and reduce risks.
MySQL user permission management is actually not difficult, but it takes some experience to do it carefully and accurately. When many people use MySQL, they start by rooting and traveling around the world, but later they find that the permissions are too loose and prone to problems. This article will talk about some practical operation and setting suggestions to help you control user accounts and permissions more refinedly.
Don't use root randomly when creating a user
MySQL has a root user by default and has the highest permissions. But in actual use, we should not use root to do all operations. For example, if a web application connects to a database, it only needs to read and write specific tables, so you don’t need to give it the full library permissions.
Creating user syntax is now recommended to use CREATE USER :
CREATE USER 'app_user'@'localhost' IDENTIFIED BY 'password123';
The users created in this way have no default permissions, which are clean and safe. You can increase the permissions step by step as needed, instead of giving too much first and then slowly collecting.
Permission allocation should be "minimized on demand"
When authorizing users, many people will say directly:
GRANT ALL PRIVILEGES ON *.* TO 'some_user'@'%';
This is equivalent to relaxing all permissions, which is very dangerous. The correct way is to only give necessary permissions.
For example: your application only needs to add, delete, modify and check a few tables under a certain database, so don't authorize the entire server or all databases.
Several commonly used permission combinations are recommended:
- Read-only user:
SELECT - Write to the user:
INSERT, UPDATE, DELETE - Administrator users:
SELECT, INSERT, UPDATE, DELETE, CREATE, DROP
Example of authorization statement:
GRANT SELECT, INSERT ON mydb.mytable TO 'app_user'@'localhost';
Remember to refresh the permissions after execution:
FLUSH PRIVILEGES;
View and recycle permissions to avoid legacy risks
Sometimes when the project is replaced and the service is offline, and the corresponding database account is not cleaned, it becomes a safety hazard. You can view user permissions through the following command:
SHOW GRANTS FOR 'app_user'@'localhost';
If you find that a user's permissions are too large or no longer needed, you can reclaim the permissions or even delete the user:
REVOKE INSERT ON mydb.mytable FROM 'app_user'@'localhost'; DROP USER 'old_user'@'localhost';
Regularly checking permission lists, especially in production environments, can effectively reduce misoperation and potential attack surfaces.
Use wildcards to flexibly control permission ranges
MySQL supports the use of wildcards for bulk authorization. for example:
GRANT SELECT ON mydb.* TO 'report_user'@'%';
Indicates that the user can query all tables under the mydb database.
It can also be a little broader:
GRANT SELECT ON *.* TO 'monitor_user'@'%';
However, this kind of permission should also be used with caution, especially for accounts that are open to the external network.
Basically that's it. Permission management is not a one-time task, but a process of continuous adjustment as the system changes. You may feel troublesome at first, but after you develop the habit, you will find that a clear permission structure is not only safe, but also easier to troubleshoot problems.
The above is the detailed content of Managing user accounts and granular privileges in MySQL. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Resetting the root password for MySQL server
Jul 03, 2025 am 02:32 AM
To reset the root password of MySQL, please follow the following steps: 1. Stop the MySQL server, use sudosystemctlstopmysql or sudosystemctlstopmysqld; 2. Start MySQL in --skip-grant-tables mode, execute sudomysqld-skip-grant-tables&; 3. Log in to MySQL and execute the corresponding SQL command to modify the password according to the version, such as FLUSHPRIVILEGES;ALTERUSER'root'@'localhost'IDENTIFIEDBY'your_new
Performing logical backups using mysqldump in MySQL
Jul 06, 2025 am 02:55 AM
mysqldump is a common tool for performing logical backups of MySQL databases. It generates SQL files containing CREATE and INSERT statements to rebuild the database. 1. It does not back up the original file, but converts the database structure and content into portable SQL commands; 2. It is suitable for small databases or selective recovery, and is not suitable for fast recovery of TB-level data; 3. Common options include --single-transaction, --databases, --all-databases, --routines, etc.; 4. Use mysql command to import during recovery, and can turn off foreign key checks to improve speed; 5. It is recommended to test backup regularly, use compression, and automatic adjustment.
Handling NULL Values in MySQL Columns and Queries
Jul 05, 2025 am 02:46 AM
When handling NULL values ??in MySQL, please note: 1. When designing the table, the key fields are set to NOTNULL, and optional fields are allowed NULL; 2. ISNULL or ISNOTNULL must be used with = or !=; 3. IFNULL or COALESCE functions can be used to replace the display default values; 4. Be cautious when using NULL values ??directly when inserting or updating, and pay attention to the data source and ORM framework processing methods. NULL represents an unknown value and does not equal any value, including itself. Therefore, be careful when querying, counting, and connecting tables to avoid missing data or logical errors. Rational use of functions and constraints can effectively reduce interference caused by NULL.
Establishing secure remote connections to a MySQL server
Jul 04, 2025 am 01:44 AM
TosecurelyconnecttoaremoteMySQLserver,useSSHtunneling,configureMySQLforremoteaccess,setfirewallrules,andconsiderSSLencryption.First,establishanSSHtunnelwithssh-L3307:localhost:3306user@remote-server-Nandconnectviamysql-h127.0.0.1-P3307.Second,editMyS
Analyzing the MySQL Slow Query Log to Find Performance Bottlenecks
Jul 04, 2025 am 02:46 AM
Turn on MySQL slow query logs and analyze locationable performance issues. 1. Edit the configuration file or dynamically set slow_query_log and long_query_time; 2. The log contains key fields such as Query_time, Lock_time, Rows_examined to assist in judging efficiency bottlenecks; 3. Use mysqldumpslow or pt-query-digest tools to efficiently analyze logs; 4. Optimization suggestions include adding indexes, avoiding SELECT*, splitting complex queries, etc. For example, adding an index to user_id can significantly reduce the number of scanned rows and improve query efficiency.
Aggregating data with GROUP BY and HAVING clauses in MySQL
Jul 05, 2025 am 02:42 AM
GROUPBY is used to group data by field and perform aggregation operations, and HAVING is used to filter the results after grouping. For example, using GROUPBYcustomer_id can calculate the total consumption amount of each customer; using HAVING can filter out customers with a total consumption of more than 1,000. The non-aggregated fields after SELECT must appear in GROUPBY, and HAVING can be conditionally filtered using an alias or original expressions. Common techniques include counting the number of each group, grouping multiple fields, and filtering with multiple conditions.
Managing Transactions and Locking Behavior in MySQL
Jul 04, 2025 am 02:24 AM
MySQL transactions and lock mechanisms are key to concurrent control and performance tuning. 1. When using transactions, be sure to explicitly turn on and keep the transactions short to avoid resource occupation and undolog bloating due to long transactions; 2. Locking operations include shared locks and exclusive locks, SELECT...FORUPDATE plus X locks, SELECT...LOCKINSHAREMODE plus S locks, write operations automatically locks, and indexes should be used to reduce the lock granularity; 3. The isolation level is repetitively readable by default, suitable for most scenarios, and modifications should be cautious; 4. Deadlock inspection can analyze the details of the latest deadlock through the SHOWENGINEINNODBSTATUS command, and the optimization methods include unified execution order, increase indexes, and introduce queue systems.
Paginating Results with LIMIT and OFFSET in MySQL
Jul 05, 2025 am 02:41 AM
MySQL paging is commonly implemented using LIMIT and OFFSET, but its performance is poor under large data volume. 1. LIMIT controls the number of each page, OFFSET controls the starting position, and the syntax is LIMITNOFFSETM; 2. Performance problems are caused by excessive records and discarding OFFSET scans, resulting in low efficiency; 3. Optimization suggestions include using cursor paging, index acceleration, and lazy loading; 4. Cursor paging locates the starting point of the next page through the unique value of the last record of the previous page, avoiding OFFSET, which is suitable for "next page" operation, and is not suitable for random jumps.
