MySQL学习笔记17

MySQL权限管理grant：

权限说明：

Table 6.2 Permissible Privileges for GRANT and REVOKE

Privilege	Grant Table Column	Context
ALL [PRIVILEGES]	Synonym for “all privileges”	Server administration
ALTER	Alter_priv	Tables
ALTER ROUTINE	Alter_routine_priv	Stored routines
CREATE	Create_priv	Databases, tables, or indexes
CREATE ROUTINE	Create_routine_priv	Stored routines
CREATE TABLESPACE	Create_tablespace_priv	Server administration
CREATE TEMPORARY TABLES	Create_tmp_table_priv	Tables
CREATE USER	Create_user_priv	Server administration
CREATE VIEW	Create_view_priv	Views
DELETE	Delete_priv	Tables
DROP	Drop_priv	Databases, tables, or views
EVENT	Event_priv	Databases
EXECUTE	Execute_priv	Stored routines
FILE	File_priv	File access on server host
GRANT OPTION	Grant_priv	Databases, tables, or stored routines
INDEX	Index_priv	Tables
INSERT	Insert_priv	Tables or columns
LOCK TABLES	Lock_tables_priv	Databases
PROCESS	Process_priv	Server administration
PROXY	See proxies_priv table	Server administration
REFERENCES	References_priv	Databases or tables
RELOAD	Reload_priv	Server administration
REPLICATION CLIENT	Repl_client_priv	Server administration
REPLICATION SLAVE	Repl_slave_priv	Server administration
SELECT	Select_priv	Tables or columns
SHOW DATABASES	Show_db_priv	Server administration
SHOW VIEW	Show_view_priv	Views
SHUTDOWN	Shutdown_priv	Server administration
SUPER	Super_priv	Server administration
TRIGGER	Trigger_priv	Tables
UPDATE	Update_priv	Tables or columns
USAGE	Synonym for “no privileges”	Server administration

说明：

USAGE：无权限，只有登录数据库，只可以使用test和test_*数据库。

ALL： 所有权限。

以下权限为指定权限。

select/update/delete/supper/replication slave/reload ...

with grant option: 选项表示允许把自己的权限授予其他用户或者从其他用户收回自己的权限。

默认情况下，分配权限时如果没有指定with grant option，代表这个用户不能下发权限给其他用户，但是这个权限不能超过自己的权限。

权限的保存位置：（了解）：

mysql.user                所有mysql用户的账号和密码，以及用户对全库全表权限（*.*）
mysql.db                非mysql库的授权都保存在此(db.*)
mysql.table_priv        某库某表的授权(db.table)
mysql.columns_priv        某库某表某列的授权(db.table.col1)
mysql.procs_priv        某库存储过程的

给用户授权：

基本语法：

mysql> grant 权限1,权限2 on 库.表 to 用户@主机
mysql> grant 权限(列1,列2,...) on 库.表 to 用户@主机

库.表表示方法：*.*代表所有数据库的所有数据表，db_itheima.*代表db_itheima数据库中的所有数据表，db_itheima.tb_admin，代表db_itheima数据库中的tb_admin表

*：通配符。

案例：给tom账号分配db_db3库的查询（select）权限：

mysql> grant select on db_db3.* to 'tom'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql>
mysql> show grants;
+---------------------------------------------------------------------+
| Grants for root@localhost                                           |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION        |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for 'tom'@'localhost';
+-------------------------------------------------+
| Grants for tom@localhost                        |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO 'tom'@'localhost'         |
| GRANT SELECT ON `db_db3`.* TO 'tom'@'localhost' |
+-------------------------------------------------+
2 rows in set (0.00 sec)

案例：给tom账号分配db_db3数据表的权限（要求只能更改age权限。）

该案例是具体到某个列。

mysql> grant update(age) on db_db3.tb_student to 'tom'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)


mysql> show grants for 'tom'@'localhost';
+------------------------------------------------------------------+
| Grants for tom@localhost                                         |
+------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tom'@'localhost'                          |
| GRANT SELECT ON `db_db3`.* TO 'tom'@'localhost'                  |
| GRANT UPDATE (age) ON `db_db3`.`tb_student` TO 'tom'@'localhost' |
+------------------------------------------------------------------+
3 rows in set (0.00 sec)