Lab D - Mysql Users: Objective: Management of Users Accounts
Lab D - Mysql Users: Objective: Management of Users Accounts
Page 1 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
-The above command trims of “User” table and lists only user names.
-List of MySQL user information, including user permission information and all users data, type the
following command and press Enter:
Page 2 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
-Try this other variations about queries from mysql.user and compare the difference.
OptionA:
OptionB:
OptionC:
¿What can you view in the Result of Option A? ¿What is the format of the Output?
¿What can you view in the Result of Option B? ¿What is the format of the Output?
¿What can you view in the Result of Option C? ¿What is the format of the Output?
Page 3 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
The CREATE USER statement creates new MySQL accounts. An error occurs if you try to create an account
that already exists.
To use CREATE USER, you must have the global CREATE USER privilege, or the INSERT privilege for the
mysql system database. When the read_only system variable is enabled, CREATE USER additionally
requires the SUPER privilege.
For each account, CREATE USER creates a new row in the mysql.user system table with no privileges and
assigns the account an authentication plugin. Depending on the syntax used, CREATE USER may also assign
the account a password.
An account when first created has no privileges. To assign privileges, use the GRANT statement.
To specify a password for an account at account-creation time, use IDENTIFIED BY with the literal cleartext
password value, Type the following command and Press Enter (Replace the USER for your NAME):
Page 4 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
The server assigns an authentication plugin to the account implicitly, as described previously, and assigns
the given password. Clients must provide the given password when they connect. (DON’t Close the actual
MySQL Session)
Now, probe your user account by open a new MySQL Console. Open a Command Line Session or CMD.
Type the access for your user, with the following command and press Enter (in the NAME use the Value
configured previously and the server-name-here put localhost):
Page 5 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Page 6 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
You will receive an ERROR message for Access denied, because the user need privileges by GRANT.
Review the existence for user in the server, in your MySQL Console Type:
You will review the user with your NAME in the mysql.user table.
Page 7 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
→GRANT.
Now, you will provide permissions to your user, in the MySQL Console Type (replace the NAME with your
User value):
mysql> GRANT ALL ON *.* TO 'NAME'@'localhost'; (NOTE *.* it’s the same permissions like a root user)
Now test again your access in the Command Line Windows Console, Repeat the Command (in the NAME
use the Value configured previously and the server-name-here put localhost):
>mysql -u NAME -h server-name-here -p mysql
Now, you can access to MySQL Server with your User Name.
Page 8 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Review the GRANT privileges in your user, type the command and press Enter:
NOTE that the NAME of your user is CASE SENSITIVE, then victor ≠ VICTOR.
→REVOKE.
The REVOKE statement enables system administrators to revoke privileges from MySQL accounts.
When the read_only system variable is enabled, REVOKE requires the SUPER privilege in addition to any
other required privileges described in the following discussion.Exit from your user created.
Open a MySQL Console using root user and Type the following command:
Page 9 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Now try to access using the user that you have created, Open a Command Line Windows console and Type
the following command:
You can notice that the user loss any permission assigned before by GRANT.
Disconnect the actual session and Type Exit then press Enter.
Page 10 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Return to your MySQL Console and Assign full permissions to your user again, type the following command
and press Enter:
mysql> GRANT ALL ON *.* TO 'VICTOR'@'localhost';
Probably you need to wait 5 min aprox to MySQL refresh the User Account permission.
Now probe with your user, Open a Windows Command Line and connect with your user account, Type
the following command and press Enter:
>mysql -u VICTOR -h localhost -p mysql
>Use sakila;
>SELECT user FROM mysql.user;
Page 11 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Disconnect the actual session and Type Exit then press Enter.
Return to MySQL Console and Revoke a SELECT permission from that user, Type the following command
and press Enter:
mysql> REVOKE SELECT ON *.* FROM ‘VICTOR’@’localhost’;
Now try to access using the user that you have created, Open a Command Line Windows console and
Type the following command:
>mysql -u VICTOR -h localhost -p
>Use sakila;
>SELECT * FROM rental;
>SELECT User FROM mysql.user;
Page 12 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Disconnect the actual session and Type Exit then press Enter.
→RENAME USER.
The RENAME USER statement renames existing MySQL accounts. An error occurs for old accounts that do
not exist or new accounts that already exist.
To use RENAME USER, you must have the global CREATE USER privilege, or the UPDATE privilege for the
mysql system database. When the read_only system variable is enabled, RENAME USER additionally
requires the SUPER privilege.
Return to your MySQL Session and Type the following command, then press Enter:
NOTE: In your case you will change the values like you choice it. For the example:
Page 13 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Now Open a Windows Command Line, and use the user with changes, in this case:
>mysql -u VIBLA -h localhost -p
Disconnect the actual session and Type Exit then press Enter.
→SET PASSWORD.
The SET PASSWORD statement assigns a password to a MySQL user account, specified as either a cleartext
(unencrypted) or encrypted value.
Open your MySQL Console and connect with root user, then type the following command:
mysql> SET PASSWORD FOR VIBLA = PASSWORD(‘123456’);
Page 14 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Then Open a Windows Command Line Session, type the following command and use the actual password
value (123456):
>mysql -u VIBLA -h localhost -p
NOTE:
You can change the password it depends of name of user, the format can be:
mysql> SET PASSWORD FOR VIBLA = PASSWORD(‘123456’);
mysql> SET PASSWORD FOR ‘VICTOR’@’localhost’ = PASSWORD(‘123456’);
→DROP USER.
The DROP USER statement removes one or more MySQL accounts and their privileges. It removes privilege
rows for the account from all grant tables. An error occurs for accounts that do not exist.
To use DROP USER, you must have the global CREATE USER privilege, or the DELETE privilege for the mysql
system database. When the read_only system variable is enabled, DROP USER additionally requires the
SUPER privilege.
For this we must to create 3 new users and assign FULL privileges:
USER Privileges
USERTEST_A FULL *.*
USERTEST_B FULL *.*
USERTEST_C FULL *.*
Page 15 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Open a MySQL Console and login with root user account, then type the following commands:
Then list your MySQL Users, type the following command and press Enter:
mysql> SELECT User FROM mysql.user;
Page 16 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Then DROP the USERTEST_A, type the following command and Press Enter:
mysql> DROP USER ‘USERTEST_A’@’localhost’;
Review that User isn’t on your user list any more. Type the following command and press Enter:
Page 17 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Then DROP this two Users USERTEST_A and USERTEST_B in the same line, type the following command
and Press Enter:
mysql> DROP USER ‘USERTEST_B’@’localhost’, ‘USERTEST_C’@’localhost’;
Review that this two Users isn’t on your user list any more. Type the following command and press Enter:
Page 18 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
USER Restriction
USER1 Only access to Sakila database.
USER2 Only access to table “payment” and SELECT request in Sakila database.
USER3 Access FULL but with MAX Queries per hour iqual to 10.
Open a MySQL Session with root user. Type the following commands and probe the restrictions.
Check the result for any command, Query OK. That’s validate the execution.
Page 19 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Now. Connect with USER 1 and validate the restrictions. Open a Command Line Windows Console and
Type the Credentials for USER 1.
Note that you can access to Sakila Database and all tables in the Database schema.
Page 20 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Note that you can’t access to mysql.user Database Table. The RESTRICTION IS VALID.
Disconnect the actual session and Type Exit then press Enter.
Now. Connect with USER 2 and validate the restrictions. Open a Command Line Windows Console and
Type the Credentials for USER 2.
Page 21 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Note that you can only access to payment table. The RESTRICTION IS VALID.
Disconnect the actual session and Type Exit then press Enter.
Now. Connect with USER 3 and validate the restrictions. Open a Command Line Windows Console and
Type the Credentials for USER 3.
Page 22 of 23
COURSE: MySQL Server Administration
LAB D – MYSQL USERS
Now test the restriction, Type the command: (REPEAT THE SENTENCE MORE THAN 10 Times)
Note that when you exceed the 10 times you can’t execute another SELECT request in the same hour
range, you need to wait 1 hour to use another SELECT sentence.
The RESTRICTION IS VALID.
Disconnect the actual session and Type Exit then press Enter.
Task 4: Discussion.
Answer this questions:
2.What command you will use to display the list from users?
5.What attribute you will use if you need to restrict the number of query’s with time range for user?
Page 23 of 23