MySQL权限管理grant:
权限说明:
Table 6.2 Permissible Privileges for GRANT and REVOKE
Privilege | Grant Table Column | Context |
---|---|---|
ALL [PRIVILEGES] | Synonym for “all privileges” | Server administration |
ALTER | Alter_priv |
Tables |
ALTER ROUTINE | Alter_routine_priv |
Stored routines |
CREATE | Create_priv |
Databases, tables, or indexes |
CREATE ROUTINE | Create_routine_priv |
Stored routines |
CREATE TABLESPACE | Create_tablespace_priv |
Server administration |
CREATE TEMPORARY TABLES | Create_tmp_table_priv |
Tables |
CREATE USER | Create_user_priv |
Server administration |
CREATE VIEW | Create_view_priv |
Views |
DELETE | Delete_priv |
Tables |
DROP | Drop_priv |
Databases, tables, or views |
EVENT | Event_priv |
Databases |
EXECUTE | Execute_priv |
Stored routines |
FILE | File_priv |
File access on server host |
GRANT OPTION | Grant_priv |
Databases, tables, or stored routines |
INDEX | Index_priv |
Tables |
INSERT | Insert_priv |
Tables or columns |
LOCK TABLES | Lock_tables_priv |
Databases |
PROCESS | Process_priv |
Server administration |
PROXY | See proxies_priv table |
Server administration |
REFERENCES | References_priv |
Databases or tables |
RELOAD | Reload_priv |
Server administration |
REPLICATION CLIENT | Repl_client_priv |
Server administration |
REPLICATION SLAVE | Repl_slave_priv |
Server administration |
SELECT | Select_priv |
Tables or columns |
SHOW DATABASES | Show_db_priv |
Server administration |
SHOW VIEW | Show_view_priv |
Views |
SHUTDOWN | Shutdown_priv |
Server administration |
SUPER | Super_priv |
Server administration |
TRIGGER | Trigger_priv |
Tables |
UPDATE | Update_priv |
Tables or columns |
USAGE | Synonym for “no privileges” | Server administration |
说明:
USAGE:无权限,只有登录数据库,只可以使用test和test_*数据库。
ALL: 所有权限。
以下权限为指定权限。
select/update/delete/supper/replication slave/reload ...
with grant option: 选项表示允许把自己的权限授予其他用户或者从其他用户收回自己的权限。
默认情况下,分配权限时如果没有指定with grant option,代表这个用户不能下发权限给其他用户,但是这个权限不能超过自己的权限。
权限的保存位置:(了解):
mysql.user 所有mysql用户的账号和密码,以及用户对全库全表权限(*.*)
mysql.db 非mysql库的授权都保存在此(db.*)
mysql.table_priv 某库某表的授权(db.table)
mysql.columns_priv 某库某表某列的授权(db.table.col1)
mysql.procs_priv 某库存储过程的
给用户授权:
基本语法:
mysql> grant 权限1,权限2 on 库.表 to 用户@主机
mysql> grant 权限(列1,列2,...) on 库.表 to 用户@主机
库.表表示方法:*.*代表所有数据库的所有数据表,db_itheima.*代表db_itheima数据库中的所有数据表,db_itheima.tb_admin,代表db_itheima数据库中的tb_admin表
*:通配符。
案例:给tom账号分配db_db3库的查询(select)权限:
mysql> grant select on db_db3.* to 'tom'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql>
mysql> show grants;
+---------------------------------------------------------------------+
| Grants for root@localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for 'tom'@'localhost';
+-------------------------------------------------+
| Grants for tom@localhost |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO 'tom'@'localhost' |
| GRANT SELECT ON `db_db3`.* TO 'tom'@'localhost' |
+-------------------------------------------------+
2 rows in set (0.00 sec)
案例:给tom账号分配db_db3数据表的权限(要求只能更改age权限。)
该案例是具体到某个列。
mysql> grant update(age) on db_db3.tb_student to 'tom'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for 'tom'@'localhost';
+------------------------------------------------------------------+
| Grants for tom@localhost |
+------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tom'@'localhost' |
| GRANT SELECT ON `db_db3`.* TO 'tom'@'localhost' |
| GRANT UPDATE (age) ON `db_db3`.`tb_student` TO 'tom'@'localhost' |
+------------------------------------------------------------------+
3 rows in set (0.00 sec)