Berikan semua hak istimewa mysql 8

MySQL 8 memperkenalkan pembaruan kinerja dan keamanan. Dirilis pada April 2018, MySQL 8 adalah rilis besar pertama sejak MySQL 5. 7 tahun 2015. Dengan MySQL5. 7 berakhirnya dukungan pada bulan Oktober 2023, sebaiknya mulai perbarui database Anda jika memungkinkan

Buat pengguna baru di MySQL 8

Pertama, buat user baru di MySQL 8 menggunakan perintah CREATE USER seperti itu

CREATE USER 'username'@'localhost' IDENTIFIED BY 'STR0NG!PAssW0rD';

Berikan semua hak istimewa di MySQL 8

Selanjutnya, berikan hak istimewa kepada pengguna di MySQL 8 menggunakan perintah GRANT seperti itu

GRANT ALL ON database-name.* TO 'username'@'localhost';

Untuk memulai, mari soroti fakta bahwa di MySQL 8. 0 tidak mungkin lagi membuat pengguna langsung dari perintah GRANT (

 $ mysql -u user1 -pChangeMe -h localhost
 mysql: [Warning] Using a password on the command line interface can be insecure.
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 347
 Server version: 8.0.13
 Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 Oracle is a registered trademark of Oracle Corporation and/or its
 affiliates. Other names may be trademarks of their respective
 owners.
 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 mysql>

Ini berarti bahwa untuk memberikan beberapa hak istimewa, pengguna harus dibuat terlebih dahulu

Mari buat pengguna 'user1' dengan 'ChangeMe' sebagai kata sandi yang harus diubah oleh pengguna

mysql> create user 'user1' identified by 'ChangeMe' password expire;
Query OK, 0 rows affected (1.35 sec)

Mari kita coba terhubung ke MySQL menggunakan pengguna yang baru dibuat itu

 $ mysql -u user1 -pChangeMe -h localhost
 mysql: [Warning] Using a password on the command line interface can be insecure.
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 347
 Server version: 8.0.13
 Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 Oracle is a registered trademark of Oracle Corporation and/or its
 affiliates. Other names may be trademarks of their respective
 owners.
 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 mysql>

Tidak ada yang istimewa, kami terhubung seperti yang diharapkan… tetapi bukankah saya secara eksplisit telah kedaluwarsa kata sandinya?

Ya saya lakukan, mari kita coba pernyataan apa pun

 mysql> select now();
 ERROR 1820 (HY000): You must reset your password using ALTER USER
 statement before executing this statement.

Kita harus mengubah kata sandi seperti yang diharapkan. Mari kita ubah menjadi 'MySQL8isGreat'

 mysql> set password='MySQL8isGreat';
 Query OK, 0 rows affected (0.34 sec)

Dan sekarang kita dapat menggunakan MySQL dan menjalankan pernyataan apa pun yang boleh kita lakukan (yang memiliki hak istimewa untuk itu)

 mysql> select now();
 +---------------------+
 | now()               |
 +---------------------+
 | 2019-01-10 14:36:05 |
 +---------------------+
 1 row in set (0.00 sec)
 mysql> show databases;
 +--------------------+
 | Database           |
 +--------------------+
 | information_schema |
 +--------------------+
 1 row in set (0.20 sec)

Sepertinya saya tidak memiliki akses ke banyak database…

Hak istimewa default sangat terbatas

 mysql> show grants;
 +-----------------------------------+
 | Grants for user1@%                |
 +-----------------------------------+
 | GRANT USAGE ON . TO user1@% |
 +-----------------------------------+
 1 row in set (0.00 sec)

Sekarang saatnya untuk memberikan lebih banyak hak istimewa kepada pengguna kita… tetapi hak istimewa apa yang tersedia?

Dalam 8. 0. 13, mereka saat ini 46 hak istimewa

Untuk mendaftar semuanya, jalankan saja

 mysql> show privileges; 
 +----------------------------+---------------------------------------+-------------------------------------------------------+
 | Privilege                  | Context                               | Comment                                               |
 +----------------------------+---------------------------------------+-------------------------------------------------------+
 | Alter                      | Tables                                | To alter the table                                    |
 | Alter routine              | Functions,Procedures                  | To alter or drop stored functions/procedures          |
 | Create                     | Databases,Tables,Indexes              | To create new databases and tables                    |
 | Create routine             | Databases                             | To use CREATE FUNCTION/PROCEDURE                      |
 | Create role                | Server Admin                          | To create new roles                                   |
 | Create temporary tables    | Databases                             | To use CREATE TEMPORARY TABLE                         |
 | Create view                | Tables                                | To create new views                                   |
 | Create user                | Server Admin                          | To create new users                                   |
 | Delete                     | Tables                                | To delete existing rows                               |
 | Drop                       | Databases,Tables                      | To drop databases, tables, and views                  |
 | Drop role                  | Server Admin                          | To drop roles                                         |
 | Event                      | Server Admin                          | To create, alter, drop and execute events             |
 | Execute                    | Functions,Procedures                  | To execute stored routines                            |
 | File                       | File access on server                 | To read and write files on the server                 |
 | Grant option               | Databases,Tables,Functions,Procedures | To give to other users those privileges you possess   |
 | Index                      | Tables                                | To create or drop indexes                             |
 | Insert                     | Tables                                | To insert data into tables                            |
 | Lock tables                | Databases                             | To use LOCK TABLES (together with SELECT privilege)   |
 | Process                    | Server Admin                          | To view the plain text of currently executing queries |
 | Proxy                      | Server Admin                          | To make proxy user possible                           |
 | References                 | Databases,Tables                      | To have references on tables                          |
 | Reload                     | Server Admin                          | To reload or refresh tables, logs and privileges      |
 | Replication client         | Server Admin                          | To ask where the slave or master servers are          |
 | Replication slave          | Server Admin                          | To read binary log events from the master             |
 | Select                     | Tables                                | To retrieve rows from table                           |
 | Show databases             | Server Admin                          | To see all databases with SHOW DATABASES              |
 | Show view                  | Tables                                | To see views with SHOW CREATE VIEW                    |
 | Shutdown                   | Server Admin                          | To shut down the server                               |
 | Super                      | Server Admin                          | To use KILL thread, SET GLOBAL, CHANGE MASTER, etc.   |
 | Trigger                    | Tables                                | To use triggers                                       |
 | Create tablespace          | Server Admin                          | To create/alter/drop tablespaces                      |
 | Update                     | Tables                                | To update existing rows                               |
 | Usage                      | Server Admin                          | No privileges - allow connect only                    |
 | XA_RECOVER_ADMIN           | Server Admin                          |                                                       |
 | SET_USER_ID                | Server Admin                          |                                                       |
 | ROLE_ADMIN                 | Server Admin                          |                                                       |
 | RESOURCE_GROUP_USER        | Server Admin                          |                                                       |
 | RESOURCE_GROUP_ADMIN       | Server Admin                          |                                                       |
 | BINLOG_ADMIN               | Server Admin                          |                                                       |
 | SYSTEM_VARIABLES_ADMIN     | Server Admin                          |                                                       |
 | GROUP_REPLICATION_ADMIN    | Server Admin                          |                                                       |
 | CONNECTION_ADMIN           | Server Admin                          |                                                       |
 | REPLICATION_SLAVE_ADMIN    | Server Admin                          |                                                       |
 | ENCRYPTION_KEY_ADMIN       | Server Admin                          |                                                       |
 | BACKUP_ADMIN               | Server Admin                          |                                                       |
 | PERSIST_RO_VARIABLES_ADMIN | Server Admin                          |                                                       |
 +----------------------------+---------------------------------------+-------------------------------------------------------+
 46 rows in set (0.00 sec)

Anda dapat melihat bahwa pengguna baru tidak lagi memiliki akses ke database pengujian
mysql> gunakan tes;
KESALAHAN 1044 (42000). Akses ditolak untuk pengguna 'user1'@'%' ke database 'test'

Izinkan pengguna kami membuat tabel di database

 $ mysql -u user1 -pChangeMe -h localhost
 mysql: [Warning] Using a password on the command line interface can be insecure.
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 347
 Server version: 8.0.13
 Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 Oracle is a registered trademark of Oracle Corporation and/or its
 affiliates. Other names may be trademarks of their respective
 owners.
 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 mysql>

• Mengubah
• Membuat
• Menghapus
• Menjatuhkan
• Indeks
• Menyisipkan
• Pilih
• Memperbarui
• Pemicu
• Mengubah rutinitas
• Ciptakan rutinitas
• Menjalankan
• Buat tabel sementara

 mysql> grant alter,create,delete,drop,index,insert,select,update,trigger,alter routine,
create routine, execute, create temporary tables on user1.* to 'user1';
 Query OK, 0 rows affected (0.23 sec)

TIDAK PERLU MENJALANKAN PRIVILEG FLUSH

Dan di sesi terbuka untuk pengguna1, kita dapat memeriksa hak istimewa yang diberikan

 mysql> show grants\G
 ******************** 1. row ********************
 Grants for user1@%: GRANT USAGE ON . TO user1@%
******************** 2. row ********************
Grants for user1@%: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP,
INDEX, ALTER, CREATE TEMPORARY TABLES, EXECUTE, CREATE ROUTINE, ALTER
ROUTINE, TRIGGER ON user1.* TO user1@%
2 rows in set (0.00 sec)

Sekarang bayangkan kita ingin memiliki banyak pengguna yang akan memiliki akses ke database yang sama (mydatabase), daripada menentukan semua hibah untuk setiap pengguna, mari gunakan peran umum untuk semuanya. Kami akan menyebutnya 'developer_user'

mysql> create ROLE developer_users;
mysql> grant alter,create,delete,drop,index,insert,select,update,trigger,alter
 routine,create routine, execute, create temporary tables 
on mydatabase.* to 'developer_user';
Query OK, 0 rows affected (0.12 sec)

Mari berikan peran kepada pengguna1

 $ mysql -u user1 -pChangeMe -h localhost
 mysql: [Warning] Using a password on the command line interface can be insecure.
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 347
 Server version: 8.0.13
 Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 Oracle is a registered trademark of Oracle Corporation and/or its
 affiliates. Other names may be trademarks of their respective
 owners.
 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 mysql>

Sekarang kembali lagi di sesi user1 dan mari verifikasi

 $ mysql -u user1 -pChangeMe -h localhost
 mysql: [Warning] Using a password on the command line interface can be insecure.
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 347
 Server version: 8.0.13
 Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 Oracle is a registered trademark of Oracle Corporation and/or its
 affiliates. Other names may be trademarks of their respective
 owners.
 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 mysql>

Sekarang kami ingin setiap kali user1 masuk ke MySQL, peran barunya akan ditetapkan

 $ mysql -u user1 -pChangeMe -h localhost
 mysql: [Warning] Using a password on the command line interface can be insecure.
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 347
 Server version: 8.0.13
 Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 Oracle is a registered trademark of Oracle Corporation and/or its
 affiliates. Other names may be trademarks of their respective
 owners.
 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 mysql>

Mari kita buat juga user2 yang memiliki role default

 $ mysql -u user1 -pChangeMe -h localhost
 mysql: [Warning] Using a password on the command line interface can be insecure.
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 347
 Server version: 8.0.13
 Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 Oracle is a registered trademark of Oracle Corporation and/or its
 affiliates. Other names may be trademarks of their respective
 owners.
 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 mysql>

Dan kita bisa langsung mengujinya

 $ mysql -u user1 -pChangeMe -h localhost
 mysql: [Warning] Using a password on the command line interface can be insecure.
 Welcome to the MySQL monitor.  Commands end with ; or \g.
 Your MySQL connection id is 347
 Server version: 8.0.13
 Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
 Oracle is a registered trademark of Oracle Corporation and/or its
 affiliates. Other names may be trademarks of their respective
 owners.
 Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 mysql>

Ringkasan

Singkatnya, sekarang di MySQL 8. 0 Anda tidak dapat membuat pengguna dari GRANT, Anda tidak perlu menjalankan perintah FLUSH PRIVILEGES (ini sudah efektif untuk waktu yang lama, harap lupakan saja. ), Anda dapat menggunakan PERAN dan memiliki lebih banyak opsi pengelolaan kata sandi

Bagaimana cara menunjukkan hak istimewa untuk semua pengguna di MySQL?

Apa semua hak istimewa di MySQL?

Bagaimana cara memberikan hak istimewa kepada pengguna di MySQL?

Apa itu kesalahan 1410 42000 ). di MySQL?