SQLAdmin权限管理实操指南
一 概念与总体原则
二 在主流数据库中的实施步骤
mysql -u root -pCREATE USER 'sqladmin'@'localhost' IDENTIFIED BY 'StrongPass!23'; GRANT ALL PRIVILEGES ON *.* TO 'sqladmin'@'localhost' WITH GRANT OPTION; FLUSH PRIVILEGES;GRANT SELECT, INSERT, UPDATE, DELETE ON mydb.* TO 'appuser'@'%';REVOKE ALL PRIVILEGES ON mydb.* FROM 'appuser'@'%'; SHOW GRANTS FOR 'appuser'@'%';sudo -u postgres psqlCREATE USER sqladmin WITH PASSWORD 'StrongPass!23'; ALTER ROLE sqladmin WITH CREATEDB CREATEROLE INHERIT LOGIN;GRANT ALL PRIVILEGES ON DATABASE mydb TO sqladmin;GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO sqladmin; GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO sqladmin;REVOKE ALL PRIVILEGES ON DATABASE mydb FROM sqladmin;CREATE LOGIN sqladmin WITH PASSWORD = 'StrongPass!23'; ALTER SERVER ROLE sysadmin ADD MEMBER sqladmin;(生产慎用 sysadmin)三 图形化工具与界面操作
四 安全加固与运维要点
journalctl -u mysqld -f 或 journalctl -u postgresql -f 实时查看服务日志;定期审计高权账号与异常语句。mysqldump -u root -p mydb > mydb.sql 备份,mysql -u root -p mydb < mydb.sql 恢复。五 快速命令清单
CREATE USER 'sqladmin'@'localhost' IDENTIFIED BY 'P@ssw0rd'; GRANT ALL PRIVILEGES ON *.* TO 'sqladmin'@'localhost' WITH GRANT OPTION; FLUSH PRIVILEGES;GRANT SELECT, INSERT, UPDATE, DELETE ON sales.* TO 'sales_rw'@'%';REVOKE ALL PRIVILEGES ON sales.* FROM 'sales_rw'@'%'; SHOW GRANTS FOR 'sales_rw'@'%';CREATE USER sqladmin WITH PASSWORD 'P@ssw0rd'; ALTER ROLE sqladmin WITH CREATEDB CREATEROLE INHERIT LOGIN;GRANT ALL PRIVILEGES ON DATABASE sales TO sqladmin; GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO sqladmin; GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO sqladmin;REVOKE ALL PRIVILEGES ON DATABASE sales FROM sqladmin;CREATE LOGIN sqladmin WITH PASSWORD = 'P@ssw0rd'; ALTER SERVER ROLE sysadmin ADD MEMBER sqladmin;USE sales; CREATE USER sqladmin FOR LOGIN sqladmin; ALTER ROLE db_owner ADD MEMBER sqladmin;(只读/只写可用 db_datareader/db_datawriter)
