查看 MySQL 用戶權(quán)限是數(shù)據(jù)庫(kù)管理和安全審計(jì)的核心操作���。下面為您提供一份從基礎(chǔ)到高級(jí)的完整指南����。
-- 查看當(dāng)前登錄用戶的權(quán)限
SHOW GRANTS FOR CURRENT_USER();
-- 查看指定用戶的權(quán)限(必須指定host)
SHOW GRANTS FOR 'username'@'host';
SHOW GRANTS FOR 'root'@'localhost';
SHOW GRANTS FOR 'app_user'@'%';
+---------------------------------------------------+
| Grants for root@localhost |
+---------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' |
+---------------------------------------------------+
2. 分析全局權(quán)限(數(shù)據(jù)庫(kù)級(jí)別)
-- 查看用戶對(duì)特定數(shù)據(jù)庫(kù)的權(quán)限
WHERE User='username' AND Host='host';
-- 查看所有用戶的數(shù)據(jù)庫(kù)權(quán)限
SELECT * FROM mysql.tables_priv
WHERE User='username' AND Host='host';
SELECT * FROM mysql.columns_priv
WHERE User='username' AND Host='host';
三�����、高級(jí)權(quán)限查詢技巧
WHEN u.Select_priv = 'Y' THEN '全局權(quán)限'
WHEN EXISTS (SELECT 1 FROM mysql.db WHERE db.User = u.User AND db.Host = u.Host) THEN '數(shù)據(jù)庫(kù)權(quán)限'
WHEN u.Select_priv = 'Y' THEN 'SELECT'
WHEN u.Insert_priv = 'Y' THEN ',INSERT'
-- 可以繼續(xù)添加其他權(quán)限字段
SELECT User, Host FROM mysql.user WHERE Super_priv = 'Y';
-- 查找有創(chuàng)建用戶權(quán)限的用戶
SELECT User, Host FROM mysql.user WHERE Create_user_priv = 'Y';
SELECT User, Host FROM mysql.user WHERE File_priv = 'Y';
3. 查看用戶可訪問(wèn)的數(shù)據(jù)庫(kù)
LEFT JOIN mysql.db db ON u.User = db.User AND u.Host = db.Host
WHERE u.User = 'username'
-- 查看數(shù)據(jù)操作權(quán)限
2. 結(jié)構(gòu)操作權(quán)限
-- 查看數(shù)據(jù)庫(kù)結(jié)構(gòu)權(quán)限
Process_priv as 'PROCESS',
CONCAT('\'', user, '\'@\'', host, '\'') as user_host,
IF(Select_priv = 'Y', 'SELECT', '') as select_priv,
IF(Insert_priv = 'Y', 'INSERT', '') as insert_priv,
IF(Update_priv = 'Y', 'UPDATE', '') as update_priv,
IF(Delete_priv = 'Y', 'DELETE', '') as delete_priv,
IF(Create_priv = 'Y', 'CREATE', '') as create_priv,
IF(Drop_priv = 'Y', 'DROP', '') as drop_priv,
IF(Grant_priv = 'Y', 'GRANT', '') as grant_priv,
IF(Super_priv = 'Y', 'SUPER', '') as super_priv
-- 查找有危險(xiǎn)權(quán)限的用戶
IF(Super_priv = 'Y', 'SUPER', NULL),
IF(File_priv = 'Y', 'FILE', NULL),
IF(Process_priv = 'Y', 'PROCESS', NULL),
IF(Shutdown_priv = 'Y', 'SHUTDOWN', NULL)
) as dangerous_privileges
CONCAT('SHOW GRANTS FOR \'', user, '\'@\'', host, '\';') as grant_command
六�����、information_schema 查詢
SELECT * FROM information_schema.SCHEMA_PRIVILEGES
WHERE GRANTEE = "'username'@'host'";
SELECT * FROM information_schema.TABLE_PRIVILEGES
WHERE GRANTEE = "'username'@'host'";
SELECT * FROM information_schema.USER_PRIVILEGES
WHERE GRANTEE = "'username'@'host'";
SELECT 'SELECT' as privilege_type FROM mysql.user WHERE Select_priv = 'Y'
UNION ALL SELECT 'INSERT' FROM mysql.user WHERE Insert_priv = 'Y'
UNION ALL SELECT 'UPDATE' FROM mysql.user WHERE Update_priv = 'Y'
UNION ALL SELECT 'DELETE' FROM mysql.user WHERE Delete_priv = 'Y'
UNION ALL SELECT 'CREATE' FROM mysql.user WHERE Create_priv = 'Y'
ORDER BY user_count DESC;
(Select_priv = 'Y') + (Insert_priv = 'Y') + (Update_priv = 'Y') +
(Delete_priv = 'Y') + (Create_priv = 'Y') + (Drop_priv = 'Y') +
(Reload_priv = 'Y') + (Shutdown_priv = 'Y') + (Process_priv = 'Y') +
(File_priv = 'Y') + (Grant_priv = 'Y') + (References_priv = 'Y') +
(Index_priv = 'Y') + (Alter_priv = 'Y') + (Super_priv = 'Y') +
(Create_tmp_table_priv = 'Y') + (Lock_tables_priv = 'Y') +
(Execute_priv = 'Y') + (Repl_slave_priv = 'Y') + (Repl_client_priv = 'Y') +
(Create_view_priv = 'Y') + (Show_view_priv = 'Y') + (Create_routine_priv = 'Y') +
(Alter_routine_priv = 'Y') + (Create_user_priv = 'Y') + (Event_priv = 'Y') +
(Trigger_priv = 'Y') + (Create_tablespace_priv = 'Y') as total_privileges
ORDER BY total_privileges DESC;
-- 創(chuàng)建權(quán)限審計(jì)視圖
CREATE VIEW user_privileges_audit AS
IF(u.Select_priv = 'Y', 'GLOBAL',
IF(EXISTS(SELECT 1 FROM mysql.db WHERE User = u.User AND Host = u.Host), 'DATABASE', 'RESTRICTED')
DATE(u.password_last_changed) as password_last_changed
SELECT User, Host FROM mysql.user
WHERE authentication_string = '' OR authentication_string IS NULL;
SELECT User, Host FROM mysql.user WHERE Host = '%';
-- 查找權(quán)限過(guò)多的應(yīng)用程序用戶
SELECT User, Host FROM mysql.user
WHERE User NOT IN ('root', 'mysql.sys', 'mysql.session')
-- 檢查最近權(quán)限變更(需要啟用general log)
SELECT * FROM mysql.general_log
WHERE argument_text LIKE '%GRANT%' OR argument_text LIKE '%REVOKE%'
ORDER BY event_time DESC;
| **快速查看用戶權(quán)限** | `SHOW GRANTS FOR 'user'@'host';` |
| **查看所有用戶列表** | `SELECT User, Host FROM mysql.user;` |
| **安全檢查** | `SELECT User, Host FROM mysql.user WHERE Host = '%';` |
| **權(quán)限詳情分析** | 查詢 `mysql.user`, `mysql.db`, `mysql.tables_priv` 表 |
| **生成權(quán)限報(bào)告** | 使用權(quán)限匯總查詢腳本 |
1. `SHOW GRANTS;` - 查看當(dāng)前用戶權(quán)限
2. `SHOW GRANTS FOR 'user'@'host';` - 查看指定用戶權(quán)限
3. `SELECT User, Host FROM mysql.user;` - 查看所有用戶
4. `SELECT * FROM mysql.db WHERE User='user';` - 查看數(shù)據(jù)庫(kù)權(quán)限
5. `SELECT * FROM mysql.user WHERE Super_priv='Y';` - 查找超級(jí)用戶
掌握這些權(quán)限查看方法��,您就能全面掌控 MySQL 的權(quán)限體系��,有效進(jìn)行安全審計(jì)和權(quán)限管理。
另外搭配便捷的80kmMYSQL備份工具��,可定時(shí)備份���、異地備份�,MYSQL導(dǎo)出導(dǎo)入����?杀镜剡B接LINUX里的MYSQL�,簡(jiǎn)單便捷����?梢源蟠蟮靥岣吖ぷ餍枢浮
