Professional Documents
Culture Documents
user_specification:
user [ identified_option ]
auth_option: {
IDENTIFIED BY 'auth_string'
| IDENTIFIED BY PASSWORD 'hash_string'
| IDENTIFIED WITH auth_plugin
| IDENTIFIED WITH auth_plugin AS 'hash_string'
}
The CREATE USER statement creates new MySQL accounts. An error occurs
if you try to create an account that already exists.
To use CREATE USER, you must have the global CREATE USER privilege or
the INSERT privilege for the mysql database. When the read_only system
variable is enabled, CREATE USER additionally requires the SUPER
privilege.
For each account, CREATE USER creates a new row in the mysql.user table
with no privileges and (as of MySQL 5.5.7) assigns the account an
authentication plugin. Depending on the syntax used, CREATE USER may
also assign the account a password.
If you specify only the user name part of the account name, a host name
part of '%' is used.
o With IDENTIFIED WITH, the server assigns the specified plugin and the
account has no password. If the optional AS 'hash_string' clause is
also given, the string is stored as is in the authentication_string
column (it is assumed to be already hashed in the format required by
the plugin).
o With IDENTIFIED BY, the server assigns no plugin and assigns the
specified password.
o With neither IDENTIFIED WITH nor IDENTIFIED BY, the server assigns no
plugin and the account has no password.
For client connections that use a given account, the server invokes the
authentication plugin assigned to the account and the client must
provide credentials as required by the authentication method that the
plugin implements. If the server cannot find the plugin, either at
account-creation time or connect time, an error occurs.
o Changes to the account password using SET PASSWORD can be made with
PASSWORD(), with old_passwords set to 0 or 1 for 4.1 or pre-4.1
password hashing, respectively, or with OLD_PASSWORD(), which uses
pre-4.1 password hashing regardless of the value of old_passwords.
The server assigns the given authentication plugin to the account but
no password. Clients must provide no password when they connect.
However, an account with no password is insecure. To ensure that an
account uses a specific authentication plugin and has a password with
the corresponding hash format, specify the plugin explicitly with
IDENTIFIED WITH, then use SET PASSWORD to set the password:
o To avoid specifying the cleartext password if you know its hash value
(the value that PASSWORD() would return for the password), specify
the hash value preceded by the keyword PASSWORD:
URL: http://dev.mysql.com/doc/refman/5.5/en/create-user.html
Syntax:
DROP USER user [, user] ...
The DROP USER statement removes one or more MySQL accounts and their
privileges. It removes privilege rows for the account from all grant
tables. An error occurs for accounts that do not exist.
To use DROP USER, you must have the global CREATE USER privilege or the
DELETE privilege for the mysql database. When the read_only system
variable is enabled, DROP USER additionally requires the SUPER
privilege.
If you specify only the user name part of the account name, a host name
part of '%' is used.
URL: http://dev.mysql.com/doc/refman/5.5/en/drop-user.html
Syntax:
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | tsl_option [[AND] tsl_option] ...}]
[WITH {GRANT OPTION | resource_option} ...]
object_type: {
TABLE
| FUNCTION
| PROCEDURE
}
priv_level: {
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
| db_name.routine_name
}
user_specification:
user [ auth_option ]
auth_option: {
IDENTIFIED BY 'auth_string'
| IDENTIFIED BY PASSWORD 'hash_string'
| IDENTIFIED WITH auth_plugin
| IDENTIFIED WITH auth_plugin AS 'hash_string'
}
tsl_option: {
SSL
| X509
| CIPHER 'cipher'
| ISSUER 'issuer'
| SUBJECT 'subject'
}
resource_option: {
| MAX_QUERIES_PER_HOUR count
| MAX_UPDATES_PER_HOUR count
| MAX_CONNECTIONS_PER_HOUR count
| MAX_USER_CONNECTIONS count
}
To use GRANT, you must have the GRANT OPTION privilege, and you must
have the privileges that you are granting. When the read_only system
variable is enabled, GRANT additionally requires the SUPER privilege.
From the mysql program, GRANT responds with Query OK, 0 rows affected
when executed successfully. To determine what privileges result from
the operation, use SHOW GRANTS. See [HELP SHOW GRANTS].
URL: http://dev.mysql.com/doc/refman/5.5/en/grant.html