A brief discussion on MySQL user permission table

MySQL will automatically create a database named mysql when it is installed. The mysql database stores user permission tables. After the user logs in, MySQL will grant corresponding permissions to each user based on the contents of these permission tables.

The user table is the most important permission table in MySQL, which is used to record account information allowed to connect to the server. It should be noted that all permissions enabled in the user table are global and apply to all databases.

The fields in the user table can be roughly divided into four categories, namely user column, permission column, security column and resource control column. The following mainly introduces the meaning of these fields.

User Column

The user column stores the information that the user needs to enter when connecting to the MySQL database. It should be noted that MySQL 5.7 version no longer uses Password as the password field, but has changed to authentication_string.

The user list for MySQL 5.7 is shown in Table 1.

Field Name	Field Type	Is it empty?	default value	illustrate
Host	char(60)	NO	none	Hostname
User	char(32)	NO	none	username
authentication_string	text	YES	none	password

Table 1: User column of the user table

When a user logs in, the MySQL database system will allow the user to log in only if these three fields match at the same time. When creating a new user, the values of these three fields are also set. When you modify a user's password, you are actually modifying the value of the authentication_string field in the user table. Therefore, these 3 fields determine whether the user can log in.

Permission column

The fields in the permission column determine the user's permissions and are used to describe the operations that are allowed on data and databases globally.

Permissions are roughly divided into two categories, namely advanced management permissions and ordinary permissions:

Advanced management permissions mainly manage the database, such as permissions to shut down services, super permissions, and load users;
Ordinary permissions mainly operate the database, such as query permissions, modification permissions, etc.

The permission columns of the user table include Select_priv, Insert_priv and other fields ending with priv. The data type of these field values is ENUM, and the possible values are only Y and N: Y means that the user has the corresponding permission, and N means that the user does not have the corresponding permission. From a security perspective, the default values of these fields are all N.

Field Name	Field Type	Is it empty?	default value	illustrate
Select_priv	enum('N','Y')	NO	N	Is it possible to query data through the SELECT command?
Insert_priv	enum('N','Y')	NO	N	Is it possible to insert data through the INSERT command?
Update_priv	enum('N','Y')	NO	N	Is it possible to modify existing data through the UPDATE command?
Delete_priv	enum('N','Y')	NO	N	Is it possible to delete existing data through the DELETE command?
Create_priv	enum('N','Y')	NO	N	Is it possible to create new databases and tables?
Drop_priv	enum('N','Y')	NO	N	Is it possible to delete existing databases and tables?
Reload_priv	enum('N','Y')	NO	N	Is it possible to execute specific commands that flush and reload the various internal caches used by MySQL, including logs, permissions, hosts, queries, and tables?
Shutdown_priv	enum('N','Y')	NO	N	Is it possible to shut down the MySQL server? Be very cautious when giving this privilege to any user other than the root account.
Process_priv	enum('N','Y')	NO	N	Is it possible to view other users' processes through the SHOW PROCESSLIST command?
File_priv	enum('N','Y')	NO	N	Is it possible to execute SELECT INTO OUTFILE and LOAD DATA INFILE commands?
Grant_priv	enum('N','Y')	NO	N	Can I grant my permissions to other users?
References_priv	enum('N','Y')	NO	N	Is it possible to create a foreign key constraint?
Index_priv	enum('N','Y')	NO	N	Is it possible to add, delete, and query the index?
Alter_priv	enum('N','Y')	NO	N	Is it possible to rename and modify the table structure?
Show_db_priv	enum('N','Y')	NO	N	Is it possible to view the names of all databases on the server, including those for which the user has sufficient access permissions?
Super_priv	enum('N','Y')	NO	N	Is it possible to perform some powerful management functions, such as deleting user processes through the KILL command; using the SET GLOBAL command to modify global MySQL variables, and executing various commands related to replication and logging? (Super authority)
Create_tmp_table_priv	enum('N','Y')	NO	N	Is it possible to create a temporary table?
Lock_tables_priv	enum('N','Y')	NO	N	Is it possible to block access/modification to a table using the LOCK TABLES command
Execute_priv	enum('N','Y')	NO	N	Can the stored procedure be executed?
Repl_slave_priv	enum('N','Y')	NO	N	Can I read binary log files used to maintain a replicated database environment?
Repl_client_priv	enum('N','Y')	NO	N	Is it possible to determine the location of replication slave and master servers
Create_view_priv	enum('N','Y')	NO	N	Is it possible to create a view?
Show_view_priv	enum('N','Y')	NO	N	Is it possible to view the view
Create_routine_priv	enum('N','Y')	NO	N	Can I modify or discard stored procedures and functions?
Alter_routine_priv	enum('N','Y')	NO	N	Can I modify or delete stored functions and functions?
Create_user_priv	enum('N','Y')	NO	N	Is it possible to execute the CREATE USER command, which is used to create a new MySQL account?
Event_priv	enum('N','Y')	NO	N	Can create, modify, and delete events?
Trigger_priv	enum('N','Y')	NO	N	Is it possible to create and delete triggers?
Create_tablespace_priv	enum('N','Y')	NO	N	Can a tablespace be created?

Table 2: Permission columns of the user table

If you want to modify permissions, you can use the GRANT statement to grant some permissions to the user, or you can set permissions by updating the user table through the UPDATE statement.

Security Column

The security column is mainly used to determine whether the user can log in successfully. The security column in the user table is shown in Table 3:

Field Name	Field Type	Is it empty?	default value	illustrate
ssl_type	enum('','ANY','X509','SPECIFIED')	NO		Support SSL standard encrypted security fields
ssl_cipher	blob	NO		Support SSL standard encrypted security fields
x509_issuer	blob	NO		Support x509 standard fields
x509_subject	blob	NO		Support x509 standard fields
plugin	char(64)	NO	mysql_native_password	Introduce plugins for password verification when users connect, plugin to create external/proxy users
password_expired	enum('N','Y')	NO	N	Whether the password has expired (N: not expired, y: expired)
password_last_changed	timestamp	YES		Record the time when the password was last modified
password_lifetime	smallint(5) unsigned	YES		Set the validity period of the password in days
account_locked	enum('N','Y')	NO	N	Whether the user is locked out (Y for locked out, N for unlocked)

Table 3: Security columns of the user table

Note: Even if password_expired is "Y", the user can log in to MySQL using the password, but is not allowed to do anything.

Usually the standard distribution does not support SSL. Readers can use the SHOW VARIABLES LIKE "have_openssl" statement to check whether it has SSL function. If the value of have_openssl is DISABLED, SSL encryption is not supported.

Resource Control Column

The fields in the resource control column are used to limit the resources used by users. The resource control column in the user table is shown in Table 4.

Field Name	Field Type	Is it empty?	illustrate
max_questions	int(11) unsigned	NO	Specifies the number of query operations allowed per hour
max_updates	int(11) unsigned	NO	Specifies the number of update operations allowed per hour
max_connections	int(11) unsigned	NO	Specifies the number of connection operations allowed per hour
max_user_connections	int(11) unsigned	NO	Specifies the number of simultaneous connections allowed

Table 4: Resource control columns of the user table

The default value for the above fields is 0, which means there is no limit. If the number of user queries or connections exceeds the resource control limit within an hour, the user will be locked out and can only perform the corresponding operation here until the next hour. You can use the GRANT statement to update the values of these fields.

This is the end of this article about the MySQL user permission table. For more information about the MySQL user permission table, please search for previous articles on 123WORDPRESS.COM or continue to browse the following related articles. I hope you will support 123WORDPRESS.COM in the future!

You may also be interested in:

Implementation of Mysql User Rights Management
Detailed explanation of MySQL user rights management
MySQL permission control details analysis
MySQL permission control detailed explanation
Detailed tutorial on how to create a user in mysql and grant user permissions
Mysql modify stored procedure related permissions issue
How to set remote access permissions in MySQL 8.0
MySQL permissions and database design case study

<<: Solution to the problem of web page flash animation not displaying

>>: HTML css js implements Tab page sample code

Detailed explanation of several methods of JS array dimensionality reduction

A brief discussion on MySQL user permission table

User Column

Permission column

Security Column

Resource Control Column

Detailed explanation of several methods of JS array dimensionality reduction

Record a slow query event caused by a misjudgment of the online MySQL optimizer

Example of making a butterfly flapping its wings with pure CSS3

Specific use of MySQL internal temporary tables

CSS3 text animation effects

How to use CSS attribute value regular matching selector (tips)

Specific use of Linux dirname command

Detailed explanation of how to deploy and install the Chinese version of Redash in Docker

Detailed tutorial on how to install mysql8.0 using Linux yum command

React dva implementation code

Recommend

JSONP cross-domain simulation Baidu search

In-depth interpretation of /etc/fstab file in Linux system

MySQL cross-table query and cross-table update

Solution to the system abnormality (unable to boot) caused by upgrading glibc in Centos7

JavaScript implements the pot-beating game of Gray Wolf

How to create, start, and stop a Docker container

Vue imports Echarts to realize line scatter chart

Detailed explanation of the use of Vue mixin

Javascript design pattern prototype mode details

Solve the problem of being unable to ping the external network after installing Centos7 in VMware

JavaScript in-depth analysis of the direction of this and how to modify the direction

The correspondence between Tomcat and JDK versions and the features of each Tomcat version

Records of using ssh commands on Windows 8

Details about the like operator in MySQL

HTML table markup tutorial (22): row border color attribute BORDERCOLORLIGHT