【总结】:
| drop user |
会将该用户的信息全部删掉 |
| delete |
只会清除user表,其他的比如db表中的信息还是存在。如果delete后,再创建一个最小权限的用户,那么他会重用以前的权限。 |
今天才测试出这个问题,看来以后不能简单的delete用户收回权限了,最简单的方法就是drop user user_name;就好了
【测试delete from mysql.user】
mysql> delete from mysql.user where user='xxx';
Query OK, 1 row affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'xxx'@'10.0.0.1';
ERROR 1141 (42000): There is no such grant defined for user 'xxx' on host '10.0.0.1'
mysql> grant select,update,insert on xxx.* to 'xxx'@'10.0.0.1';
Query OK, 0 rows affected (0.00 sec)
只给了xxx库的一些权限,但是发现却有以前yyy和zzz库的权限,显然这么删除user的权限是不严谨的!
mysql> show grants for 'xxx'@'10.0.0.1';
+------------------------------------------------------------------------------------------------+
| Grants for [email protected] |
+------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'xxx'@'10.0.0.1' |
| GRANT SELECT, INSERT, UPDATE ON `xxx`.* TO 'xxx'@'10.0.0.1' |
| GRANT SELECT, INSERT, UPDATE ON `yyy`.* TO 'xxx'@'10.0.0.1' |
| GRANT SELECT, INSERT, UPDATE ON `zzz`.* TO 'xxx'@'10.0.0.1' |
+------------------------------------------------------------------------------------------------+
4 rows in set (0.00 sec)
【测试drop user】
mysql> DROP USER xxx@'10.0.0.1';
Query OK, 0 rows affected (0.00 sec)
mysql> grant select,update,insert on xxx.* to xxx@'10.0.0.1';
Query OK, 0 rows affected (0.00 sec)
此时看到的结果就对了
mysql> show grants for xxx@'10.0.0.1';
+-------------------------------------------------------------------------------------------+
| Grants for [email protected] |
+-------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'xxx'@'10.0.0.1' |
| GRANT SELECT, INSERT, UPDATE ON `xxx`.* TO 'xxx'@'10.0.0.1' |
+-------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)