Rechercher dans le manuel MySQL
6.3.2 Adding User Accounts
To create MySQL accounts, use the account-management statements
intended for creating accounts and establishing their privileges,
such as CREATE USER
and
GRANT
. These statements cause the
server to make appropriate modifications to the underlying grant
tables. All such statements are described in
Section 13.7.1, “Account Management Statements”.
Direct modification of grant tables using statements such as
INSERT
,
UPDATE
, or
DELETE
is discouraged and done at
your own risk. The server is free to ignore rows that become
malformed as a result of such modifications.
For any operation that modifies a grant table, the server checks whether the table has the expected structure and produces an error if not. mysql_upgrade must be run to update the tables to the expected structure.
Another option for creating accounts is to use the GUI tool
MySQL Workbench. Also, several third-party programs offer capabilities
for MySQL account administration. phpMyAdmin
is
one such program.
The following examples show how to use the
mysql client program to set up new accounts.
These examples assume that privileges have been set up according
to the defaults described in Section 2.10.4, “Securing the Initial MySQL Account”.
This means that to make changes, you must connect to the MySQL
server as the MySQL root
user, which has the
CREATE USER
privilege.
First, use the mysql program to connect to the
server as the MySQL root
user:
shell> mysql --user=root mysql
If you have assigned a password to the root
account, you must also supply a --password
or
-p
option.
After connecting to the server as root
, you can
add new accounts. The following example uses
CREATE USER
and
GRANT
statements to set up four
accounts:
The accounts created by those statements have the following properties:
Two accounts have a user name of
finley
. Both are superuser accounts with full privileges to do anything. The'finley'@'localhost'
account can be used only when connecting from the local host. The'finley'@'%'
account uses the'%'
wildcard for the host part, so it can be used to connect from any host.The
'finley'@'localhost'
account is necessary if there is an anonymous-user account forlocalhost
. Without the'finley'@'localhost'
account, that anonymous-user account takes precedence whenfinley
connects from the local host andfinley
is treated as an anonymous user. The reason for this is that the anonymous-user account has a more specificHost
column value than the'finley'@'%'
account and thus comes earlier in theuser
table sort order. (user
table sorting is discussed in Section 6.2.6, “Access Control, Stage 1: Connection Verification”.)The
'admin'@'localhost'
account can be used only byadmin
to connect from the local host. It is granted theRELOAD
andPROCESS
administrative privileges. These privileges enable theadmin
user to execute the mysqladmin reload, mysqladmin refresh, and mysqladmin flush-xxx
commands, as well as mysqladmin processlist . No privileges are granted for accessing any databases. You could add such privileges usingGRANT
statements.The
'dummy'@'localhost'
account has no password (which is insecure and not recommended). This account can be used only to connect from the local host. No privileges are granted. It is assumed that you will grant specific privileges to the account usingGRANT
statements.
To see the privileges for an account, use
SHOW GRANTS
:
- +-----------------------------------------------------+
- | Grants for admin@localhost |
- +-----------------------------------------------------+
- +-----------------------------------------------------+
To see nonprivilege properties for an account, use
SHOW CREATE USER
:
The next examples create three accounts and grant them access to
specific databases. Each of them has a user name of
custom
and password of
password
:
The three accounts can be used as follows:
The first account can access the
bankaccount
database, but only from the local host.The second account can access the
expenses
database, but only from the hosthost47.example.com
.The third account can access the
customer
database, from any host in theexample.com
domain. This account has access from all machines in the domain due to use of the%
wildcard character in the host part of the account name.
Traduction non disponible
Le manuel MySQL n'est pas encore traduit en français sur l'infobrol. Seule la version anglaise est disponible pour l'instant.
Document créé le 26/06/2006, dernière modification le 26/10/2018
Source du document imprimé : https://www.gaudry.be/mysql-rf-adding-users.html
L'infobrol est un site personnel dont le contenu n'engage que moi. Le texte est mis à disposition sous licence CreativeCommons(BY-NC-SA). Plus d'info sur les conditions d'utilisation et sur l'auteur.
Références
Ces références et liens indiquent des documents consultés lors de la rédaction de cette page, ou qui peuvent apporter un complément d'information, mais les auteurs de ces sources ne peuvent être tenus responsables du contenu de cette page.
L'auteur de ce site est seul responsable de la manière dont sont présentés ici les différents concepts, et des libertés qui sont prises avec les ouvrages de référence. N'oubliez pas que vous devez croiser les informations de sources multiples afin de diminuer les risques d'erreurs.