MySQL account names consist of a user name and a host name, which enables creation of distinct accounts for users with the same user name who connect from different hosts. This section describes the syntax for account names, including special values and wildcard rules.MySQL帐户名由用户名和主机名组成,这使得能够为从不同主机连接的具有相同用户名的用户创建不同的帐户。本节介绍帐户名的语法,包括特殊值和通配符规则。
In most respects, account names are similar to MySQL role names, with some differences described at Section 6.2.5, “Specifying Role Names”.在大多数方面,帐户名与MySQL角色名相似,但在第6.2.5节,“指定角色名”中描述了一些差异。
Account names appear in SQL statements such as 帐户名出现在SQL语句中,如CREATE USER, GRANT, and SET PASSWORD and follow these rules:CREATE USER、GRANT和SET PASSWORD,并遵循以下规则:
Account name syntax is 帐户名语法为'.user_name'@'host_name''user_name'@'host_name'。
The @' part is optional. host_name'@'host_name'部分是可选的。An account name consisting only of a user name is equivalent to 仅由用户名组成的帐户名等效于'. user_name'@'%''user_name'@'%'。For example, 例如,'me' is equivalent to 'me'@'%'.'me'相当于'me'@'%'。
The user name and host name need not be quoted if they are legal as unquoted identifiers. 如果用户名和主机名作为未加引号的标识符是合法的,则不需要加引号。Quotes must be used if a 如果user_name string contains special characters (such as space or -), or a host_name string contains special characters or wildcard characters (such as . or %). user_name字符串包含特殊字符(如空格或-),或者host_name字符串包含特定字符或通配符(如.或%),则必须使用引号。For example, in the account name 例如,在帐户名'test-user'@'%.com', both the user name and host name parts require quotes.'test-user'@'%.com'中,用户名和主机名部分都需要引号。
Quote user names and host names as identifiers or as strings, using either backticks (使用回引号(`), single quotation marks ('), or double quotation marks ("). `)、单引号(')或双引号(")将用户名和主机名作为标识符或字符串引用。For string-quoting and identifier-quoting guidelines, see Section 9.1.1, “String Literals”, and Section 9.2, “Schema Object Names”.有关字符串引用和标识符引用指南,请参阅第9.1.1节,“字符串文字”和第9.2节,“模式对象名称”。
The user name and host name parts, if quoted, must be quoted separately. 用户名和主机名部分(如果引用)必须单独引用。That is, write 也就是说,写'me'@'localhost', not 'me@localhost'. 'me'@'localhost',而不是'me@localhost'。The latter is actually equivalent to 后者实际上相当于'me@localhost'@'%'.'me@localhost'@'%'.
A reference to the 对CURRENT_USER or CURRENT_USER() function is equivalent to specifying the current client's user name and host name literally.CURRENT_USER或CURRENT_USER()函数的引用相当于按字面意思指定当前客户端的用户名和主机名。
MySQL stores account names in grant tables in the MySQL将帐户名存储在mysql system database using separate columns for the user name and host name parts:mysql系统数据库的授权表中,用户名和主机名部分使用单独的列:
The user table contains one row for each account. user表包含每个帐户的一行。The User and Host columns store the user name and host name. User和Host列存储用户名和主机名。This table also indicates which global privileges the account has.此表还显示了帐户具有哪些全局权限。
Other grant tables indicate privileges an account has for databases and objects within databases. 其他授权表表示帐户对数据库和数据库中对象的权限。These tables have 这些表有User and Host columns to store the account name. User和Host列来存储帐户名。Each row in these tables associates with the account in the 这些表中的每一行都与user table that has the same User and Host values.user表中具有相同user和Host值的帐户相关联。
For access-checking purposes, comparisons of User values are case-sensitive. Comparisons of Host values are not case-sensitive.出于访问检查的目的,用户值的比较区分大小写。Host值的比较不区分大小写。
For additional detail about the properties of user names and host names as stored in the grant tables, such as maximum length, see Grant Table Scope Column Properties.有关存储在授权表中的用户名和主机名的属性(如最大长度)的更多详细信息,请参阅授权表作用域列属性。
User names and host names have certain special values or wildcard conventions, as described following.用户名和主机名具有某些特殊值或通配符约定,如下所述。
The user name part of an account name is either a nonblank value that literally matches the user name for incoming connection attempts, or a blank value (the empty string) that matches any user name. 帐户名的用户名部分要么是与传入连接尝试的用户名字面匹配的非空值,要么是与任何用户名匹配的空值(空字符串)。An account with a blank user name is an anonymous user. To specify an anonymous user in SQL statements, use a quoted empty user name part, such as 用户名为空的帐户是匿名用户。若要在SQL语句中指定匿名用户,请使用引号括起来的空用户名部分,例如''@'localhost'.''@'localhost'。
The host name part of an account name can take many forms, and wildcards are permitted:帐户名的主机名部分可以采用多种形式,并且允许使用通配符:
A host value can be a host name or an IP address (IPv4 or IPv6). 主机值可以是主机名或IP地址(IPv4或IPv6)。The name 名称'localhost' indicates the local host. 'localhost'表示本地主机。The IP address IP地址'127.0.0.1' indicates the IPv4 loopback interface. The IP address '::1' indicates the IPv6 loopback interface.'127.0.0.1'表示IPv4环回接口。IP地址“'::1'”表示IPv6环回接口。
The 主机名或IP地址值中允许使用% and _ wildcard characters are permitted in host name or IP address values. %和_通配符。These have the same meaning as for pattern-matching operations performed with the 这些与使用LIKE operator. LIKE运算符执行的模式匹配操作具有相同的含义。For example, a host value of 例如,主机值'%' matches any host name, whereas a value of '%.mysql.com' matches any host in the mysql.com domain. '%'匹配任何主机名,而值'%.mysql.com'匹配mysql.com域中的任何主机。'198.51.100.%' matches any host in the 198.51.100 class C network.'198.51.100.%'与198.51.100 C类网络中的任何主机匹配。
Because IP wildcard values are permitted in host values (for example, 由于主机值中允许使用IP通配符值(例如,'198.51.100.%' to match every host on a subnet), someone could try to exploit this capability by naming a host 198.51.100.somewhere.com. '198.51.100.%'以匹配子网上的每个主机),因此有人可能会通过将主机命名为198.51.100.somewhere.com来尝试利用此功能。To foil such attempts, MySQL does not perform matching on host names that start with digits and a dot. 为了阻止这种尝试,MySQL不会对以数字和点开头的主机名进行匹配。For example, if a host is named 例如,如果主机名为1.2.example.com, its name never matches the host part of account names. 1.2.example.com,则其名称永远不会与帐户名的主机部分匹配。An IP wildcard value can match only IP addresses, not host names.IP通配符值只能匹配IP地址,不能匹配主机名。
For a host value specified as an IPv4 address, a netmask can be given to indicate how many address bits to use for the network number. Netmask notation cannot be used for IPv6 addresses.对于指定为IPv4地址的主机值,可以给出一个网掩码来指示网络号要使用多少地址位。网络掩码表示法不能用于IPv6地址。
The syntax is 语法为host_ip/netmaskhost_ip/netmask。例如:
CREATE USER 'david'@'198.51.100.0/255.255.255.0';
This enables 这使david to connect from any client host having an IP address client_ip for which the following condition is true:david能够从具有以下条件为真的IP地址client_ip的任何客户端主机进行连接:
client_ip&netmask=host_ip
That is, for the 也就是说,对于刚才显示的CREATE USER statement just shown:CREATE USER语句:
client_ip & 255.255.255.0 = 198.51.100.0IP addresses that satisfy this condition range from 满足此条件的IP地址范围为198.51.100.0 to 198.51.100.255.198.51.100.0到198.51.100.255。
A netmask typically begins with bits set to 1, followed by bits set to 0. Examples:网络掩码通常以设置为1的位开始,然后是设置为0的位。示例:
198.0.0.0/255.0.0.0: Any host on the 198 class A network:198 A类网络上的任何主机
198.51.0.0/255.255.0.0: Any host on the 198.51 class B network:198.51 B类网络上的任何主机
198.51.100.0/255.255.255.0: Any host on the 198.51.100 class C network:198.51.100 C类网络上的任何主机
198.51.100.1: Only the host with this specific IP address:只有具有此特定IP地址的主机
As of MySQL 8.0.23, a host value specified as an IPv4 address can be written using CIDR notation, such as 从MySQL 8.0.23开始,可以使用CIDR表示法写入指定为IPv4地址的主机值,例如198.51.100.44/24.198.51.100.44/24。
The server performs matching of host values in account names against the client host using the value returned by the system DNS resolver for the client host name or IP address. 服务器使用系统DNS解析器为客户端主机名或IP地址返回的值,将帐户名中的主机值与客户端主机进行匹配。Except in the case that the account host value is specified using netmask notation, the server performs this comparison as a string match, even for an account host value given as an IP address. 除了使用网掩码表示法指定帐户主机值的情况外,服务器还会将此比较作为字符串匹配来执行,即使对于作为IP地址给出的帐户主机值也是如此。This means that you should specify account host values in the same format used by DNS. Here are examples of problems to watch out for:这意味着您应该以DNS使用的相同格式指定帐户主机值。以下是需要注意的问题示例:
Suppose that a host on the local network has a fully qualified name of 假设本地网络上的主机具有host1.example.com. host1.example.com的完全限定名。If DNS returns name lookups for this host as 如果DNS返回此主机的名称查找作为host1.example.com, use that name in account host values. host1.example.com,请在帐户主机值中使用该名称。If DNS returns just 如果DNS只返回host1, use host1 instead.host1,请改用host1。
If DNS returns the IP address for a given host as 如果DNS返回给定主机的IP地址为198.51.100.2, that matches an account host value of 198.51.100.2 but not 198.051.100.2. 198.51.100.2,则与帐户主机值198.51.100.2匹配,但不匹配198.051.100.2。Similarly, it matches an account host pattern like 类似地,它匹配帐户主机模式,如198.51.100.% but not 198.051.100.%.198.51.100.%,但不匹配198.051.100.%。
To avoid problems like these, it is advisable to check the format in which your DNS returns host names and addresses. Use values in the same format in MySQL account names.为了避免此类问题,建议检查DNS返回主机名和地址的格式。在MySQL帐户名中使用相同格式的值。