mysql> SHOW GRANTS \G
*************************** 1. row ***************************
Grants for root@localhost: GRANT ALL PRIVILEGES ON *.* TO ‘root‘@‘localhost‘ IDE
NTIFIED BY PASSWORD ‘*11B9ACA21786F766739D0EB1483C5F64212B81AC‘ WITH GRANT OPTIO
N
*************************** 2. row ***************************
Grants for root@localhost: GRANT PROXY ON ‘‘@‘‘ TO ‘root‘@‘localhost‘ WITH GRANT
OPTION
2 rows in set (0.00 sec)
*************************** 1. row ***************************
Grants for root@localhost: GRANT ALL PRIVILEGES ON *.* TO ‘root‘@‘localhost‘ IDE
NTIFIED BY PASSWORD ‘*11B9ACA21786F766739D0EB1483C5F64212B81AC‘ WITH GRANT OPTIO
N
*************************** 2. row ***************************
Grants for root@localhost: GRANT PROXY ON ‘‘@‘‘ TO ‘root‘@‘localhost‘ WITH GRANT
OPTION
2 rows in set (0.00 sec)
如果当前账号拥有ALL权限,可用最简单的新增用户并授权:
grant all on *.* to `root`@`%` identified by ‘123456‘ with grant option;
mysql> GRANT ALL ON *.* TO ‘gechong‘@‘localhost‘ IDENTIFIED BY ‘ge0513.mysql‘ WI
TH GRANT OPTION;
Query OK, 0 rows affected (0.03 sec)
TH GRANT OPTION;
Query OK, 0 rows affected (0.03 sec)
mysql> SELECT USER,HOST FROM mysql.user;
+---------+-----------+
| USER | HOST |
+---------+-----------+
| root | 127.0.0.1 |
| gechong | localhost |
| root | localhost |
+---------+-----------+
3 rows in set (0.00 sec)
其中with grant option表示新增的该账号是否有grant权限,即是否可以通过其创建新账号。
非常不建议给用户开放全部权限,最好给新用户仅开放所需要的相关权限。一般给开发人员SELECT,UPDATE,DELETE,INSERT,CREATE,EXECUTE权限并且只在某些网段内访问
例如:
mysql> GRANT INSERT,UPDATE,DELETE,SELECT,CREATE,EXECUTE ON *.* TO ‘kaifaA‘@‘10.1
2.%.%‘ IDENTIFIED BY ‘kaifaA.mysql‘;
Query OK, 0 rows affected (0.00 sec)
Query OK, 0 rows affected (0.00 sec)
用户gechong就只有6个权限并且只可以在10.1.*.*网段内使用。