mysql.db数据库层权限该如何设置
admin
2023-04-23 12:22:58
0次
本文主要给大家简单讲讲mysql.db数据库层权限该如何设置,相关专业术语大家可以上网查查或者找一些相关书籍补充一下,这里就不涉猎了,我们就直奔主题吧,希望mysql.db数据库层权限该如何设置这篇文章可以给大家带来一些实际帮助。
1# 数据库层权限记录位置
表级别的权限记录在mysql.tables_priv表中。
(root@localhost)[mysql]> (root@localhost)[mysql]> desc tables_priv;
+-------------+-----------------------------------------------------------------------------------------------------------------------------------+------+-----+-------------------+-----------------------------+
| Field | Type | Null | Key | Default | Extra |
+-------------+-----------------------------------------------------------------------------------------------------------------------------------+------+-----+-------------------+-----------------------------+
| Host | char(60) | NO | PRI | | |
| Db | char(64) | NO | PRI | | |
| User | char(16) | NO | PRI | | |
| Table_name | char(64) | NO | PRI | | |
| Grantor | char(77) | NO | MUL | | |
| Timestamp | timestamp | NO | | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP |
| Table_priv | set('Select','Insert','Update','Delete','Create','Drop','Grant','References','Index','Alter','Create View','Show view','Trigger') | NO | | | |
| Column_priv | set('Select','Insert','Update','References') | NO | | | |
+-------------+-----------------------------------------------------------------------------------------------------------------------------------+------+-----+-------------------+-----------------------------+
8 rows in set (0.00 sec)然而关于数据库层面的权限记录在mysql.db表中
(root@localhost)[mysql]> desc db;
+-----------------------+---------------+------+-----+---------+-------+
| Field | Type | Null | Key | Default | Extra |
+-----------------------+---------------+------+-----+---------+-------+
| Host | char(60) | NO | PRI | | |
| Db | char(64) | NO | PRI | | |
| User | char(16) | NO | PRI | | |
| Select_priv | enum('N','Y') | NO | | N | |
| Insert_priv | enum('N','Y') | NO | | N | |
| Update_priv | enum('N','Y') | NO | | N | |
| Delete_priv | enum('N','Y') | NO | | N | |
| Create_priv | enum('N','Y') | NO | | N | |
| Drop_priv | enum('N','Y') | NO | | N | |
| Grant_priv | enum('N','Y') | NO | | N | |
| References_priv | enum('N','Y') | NO | | N | |
| Index_priv | enum('N','Y') | NO | | N | |
| Alter_priv | enum('N','Y') | NO | | N | |
| Create_tmp_table_priv | enum('N','Y') | NO | | N | |
| Lock_tables_priv | enum('N','Y') | NO | | N | |
| Create_view_priv | enum('N','Y') | NO | | N | |
| Show_view_priv | enum('N','Y') | NO | | N | |
| Create_routine_priv | enum('N','Y') | NO | | N | |
| Alter_routine_priv | enum('N','Y') | NO | | N | |
| Execute_priv | enum('N','Y') | NO | | N | |
| Event_priv | enum('N','Y') | NO | | N | |
| Trigger_priv | enum('N','Y') | NO | | N | |
+-----------------------+---------------+------+-----+---------+-------+
22 rows in set (0.00 sec)
(root@localhost)[mysql]> select * from db\G
*************************** 1. row ***************************
Host: %
Db: sample
User: test1
Select_priv: Y
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: Y
Drop_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Execute_priv: N
Event_priv: N
Trigger_priv: N
1 row in set (0.00 sec)这条对应的grant语句是:
(root@localhost)[mysql]> show grants for test1; +------------------------------------------------------------------------------------------------------+ | Grants for test1@% | +------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'test1'@'%' IDENTIFIED BY PASSWORD '*CFA887C680E792C2DCF622D56FB809E3F8BE63CC' | | GRANT SELECT, CREATE ON `sample`.* TO 'test1'@'%' | | GRANT ALL PRIVILEGES ON `sample`.`smp` TO 'test1'@'%' | | GRANT SELECT ON `mysql`.`user` TO 'test1'@'%' | +------------------------------------------------------------------------------------------------------+ 4 rows in set (0.00 sec)
第二条:
GRANT SELECT, CREATE ON sample.* TO 'test1'@'%'
尝试再增加权限:
(root@localhost)[mysql]> grant all privileges on sample.* to test1; Query OK, 0 rows affected (0.00 sec) (root@localhost)[mysql]> (root@localhost)[mysql]> (root@localhost)[mysql]> select * from db\G *************************** 1. row *************************** Host: % Db: sample User: test1 Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Grant_priv: N References_priv: Y Index_priv: Y Alter_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Execute_priv: Y Event_priv: Y Trigger_priv: Y 1 row in set (0.00 sec)
授予all privileges权限。注意点是grant option并不包含在all privileges里面。可以用with子句
(root@localhost)[mysql]> grant all privileges on sample.* to test1 with grant option; Query OK, 0 rows affected (0.00 sec) (root@localhost)[mysql]> select * from db\G *************************** 1. row *************************** Host: % Db: sample User: test1 Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Grant_priv: Y References_priv: Y Index_priv: Y Alter_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Execute_priv: Y Event_priv: Y Trigger_priv: Y 1 row in set (0.00 sec)
回收all privileges权限, 错误写法,revoke并不能带with grant option来回收grant option
(root@localhost)[mysql]> revoke all privileges on sample.* from test1 with grant option; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'grant option' at line 1 (root@localhost)[mysql]>
这样写还是不对:
revoke all privileges, grant option on sample.* from test1; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'on sample.* from test1' at line 1
分开写就可以了:
(root@localhost)[mysql]> revoke all privileges on sample.* from test1; Query OK, 0 rows affected (0.00 sec) (root@localhost)[mysql]> revoke grant option on sample.* from test1; Query OK, 0 rows affected (0.00 sec) (root@localhost)[mysql]>
grant option在授予的时候是用with子句,回收的时候需要单独回收。
2#一般用户可访问的数据库:
在test1用户下,查看可以访问的数据库:
(test1@localhost)[(none)]> show databases -> ; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | sample | +--------------------+ 3 rows in set (0.00 sec) (test1@localhost)[(none)]> (test1@localhost)[(none)]> (test1@localhost)[(none)]> (test1@localhost)[(none)]> use mysql; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed (test1@localhost)[mysql]> show tables; +-----------------+ | Tables_in_mysql | +-----------------+ | user | #由于只有user表上被授予了select权限,所以show tables只能看到一个表 +-----------------+ 1 row in set (0.00 sec) (test1@localhost)[mysql]> show grants; +---------------------------------------------------------------------+ | Grants for test1@% | +---------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'test1'@'%' IDENTIFIED BY PASSWORD| | GRANT ALL PRIVILEGES ON `sample`.* TO 'test1'@'%' WITH GRANT OPTION | | GRANT ALL PRIVILEGES ON `sample`.`smp` TO 'test1'@'%' | | GRANT SELECT ON `mysql`.`user` TO 'test1'@'%' | +---------------------------------------------------------------------+ 4 rows in set (0.00 sec)-----------------------------------------------------------------+ | Grants for test1@% | +-------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'test1'@'%' IDENTIFIED BY PASSWORD | | GRANT ALL PRIVILEGES ON `sample`.`smp` TO 'test1'@'%' | | GRANT SELECT ON `mysql`.`user` TO 'test1'@'%' | +-------------------------------------------------------------------+ 3 rows in set (0.00 sec) (test1@localhost)[mysql]>
sample数据库是被授予的all privileges,所以全库的表对象都是可用呗test1用户访问。至于mysql,只有user表上有一个select权限,所以也被归类在可用访问的数据库之列,但是实际上用show tables只能看到一个表。
3# 数据库层权限的从无到有,给一个用户授予权限后,db表的变化:
a# 建立一个新的数据库sample2
(root@localhost)[(none)]> create database sample2; Query OK, 1 row affected (0.00 sec)
这个时候查看用户test1所拥有的数据库权限,是只有sample数据库。MYSQL数据库并不显示。
(root@localhost)[mysql]> select * from db\G *************************** 1. row *************************** Host: % Db: sample User: test1 Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Grant_priv: Y References_priv: Y Index_priv: Y Alter_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Execute_priv: Y Event_priv: Y Trigger_priv: Y 1 row in set (0.00 sec) (root@localhost)[mysql]> #这个时候test1用户去尝试访问sample2数据库也是失败的: (test1@localhost)[sample]> use sample2 ERROR 1044 (42000): Access denied for user 'test1'@'%' to database 'sample2' (test1@localhost)[sample]>
运行授权语句,对test1受援sample2的select权限,这个时候mysql.db数据库中出现了2行数据,多了一行关于sample2的记录:
(root@localhost)[mysql]> select * from db\G *************************** 1. row *************************** Host: % Db: sample2 User: test1 Select_priv: Y Insert_priv: N Update_priv: N Delete_priv: N Create_priv: N Drop_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Execute_priv: N Event_priv: N Trigger_priv: N *************************** 2. row *************************** Host: % Db: sample User: test1 Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Grant_priv: Y References_priv: Y Index_priv: Y Alter_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Execute_priv: Y Event_priv: Y Trigger_priv: Y 2 rows in set (0.00 sec)
从记录可用看到test1用户对sample2数据库拥有select权限。也就是访问权限,表示里面的对象都具有。但是里面是没有表的。
(test1@localhost)[(none)]> use sample2; Database changed (test1@localhost)[sample2]> show tables; Empty set (0.00 sec)
#并且test1用户可用select出smp表的数据。 (test1@localhost)[sample2]> select * from smp; +------+------+ | id | name | +------+------+ | 1 | aaa | +------+------+ 1 row in set (0.00 sec) # 然而test1用户并不显示的拥有任在sample2上的表权限。所谓的权限的继承。 (test1@localhost)[information_schema]> select * from TABLE_PRIVILEGES where TABLE_SCHEMA='sample2'; Empty set (0.00 sec)
#奇怪,并没有给表smp授权select,受援的是select on sample2.*。尝试单独对表收回select 权限:
(root@localhost)[sample2]> revoke select on sample2.smp from test1; ERROR 1147 (42000): There is no such grant defined for user 'test1' on host '%' on table 'smp' #以失败告终。显示的revoke并不能收回隐式继承来的权限。 (test1@localhost)[sample2]> show tables; +-------------------+ | Tables_in_sample2 | +-------------------+ | smp | +-------------------+ 1 row in set (0.00 sec)
mysql.db数据库层权限该如何设置就先给大家讲到这里,对于其它相关问题大家想要了解的可以持续关注我们的行业资讯。我们的板块内容每天都会捕捉一些行业新闻及专业知识分享给大家的。
上一篇:Mysql数据库备份恢复讲析
下一篇:MySQL数据库如何实现备份还原
相关内容
热门资讯
“台独”顽固分子沈伯洋参选台北...
【环球时报特约记者 陈立非】台湾今年年底举行“九合一”选举,国民党很早就确定由现任台北市市长蒋万安争...
伊拉克和巴基斯坦据称已分别同伊...
总台记者当地时间5月12日获悉,伊拉克和巴基斯坦已分别同伊朗签订协议,以从海湾地区运输石油和液化天然...
京沪高铁“涨价”,调价背后有何...
昨天(11日),京沪高铁发布公告称,决定对京沪高速线、合蚌高速线动车组列车公布票价进行优化调整,时速...
第三方样品A厂家生产支架样品测...
第三方样品A厂家生产支架样品测试实验报告 一、检测范围 本次检测对象为A厂家生产的XX型医用金属...
伊朗德黑兰地区发生4.6级地震
总台记者获悉,当地时间5月12日23时47分左右,伊朗德黑兰地区发生4.6级地震。震中位于德黑兰省和...
被科威特指控“武装渗透”布比延...
新华社科威特城/德黑兰5月12日电(记者尹炣 陈霄)科威特政府12日指认,伊朗伊斯兰革命卫队多名武装...
酒吧办护士制服派对被指低俗,当...
据媒体报道,5月12日国际护士节,浙江衢州有网友发帖称,当地APK·ELITE CLUB酒吧举办所谓...
珠海冠宇获得发明专利授权:“一...
证券之星消息,根据天眼查APP数据显示珠海冠宇(688772)新获得一项发明专利授权,专利名为“一种...
大华申请数据写入方法专利,提高...
国家知识产权局信息显示,浙江大华技术股份有限公司申请一项名为“数据写入方法、电子设备及计算机可读存储...
现在,赖清德更焦虑了
执笔/月半刀&宝刀刀&胡一刀5月13日,美国总统特朗普将开启访华行程。外界高度关注此次会晤中双方将如...