MySQL学习笔记17

MySQL权限管理grant:

权限说明:

Table 6.2 Permissible Privileges for GRANT and REVOKE

Privilege Grant Table Column Context
ALL [PRIVILEGES] Synonym for “all privileges” Server administration
ALTER Alter_priv Tables
ALTER ROUTINE Alter_routine_priv Stored routines
CREATE Create_priv Databases, tables, or indexes
CREATE ROUTINE Create_routine_priv Stored routines
CREATE TABLESPACE Create_tablespace_priv Server administration
CREATE TEMPORARY TABLES Create_tmp_table_priv Tables
CREATE USER Create_user_priv Server administration
CREATE VIEW Create_view_priv Views
DELETE Delete_priv Tables
DROP Drop_priv Databases, tables, or views
EVENT Event_priv Databases
EXECUTE Execute_priv Stored routines
FILE File_priv File access on server host
GRANT OPTION Grant_priv Databases, tables, or stored routines
INDEX Index_priv Tables
INSERT Insert_priv Tables or columns
LOCK TABLES Lock_tables_priv Databases
PROCESS Process_priv Server administration
PROXY See proxies_priv table Server administration
REFERENCES References_priv Databases or tables
RELOAD Reload_priv Server administration
REPLICATION CLIENT Repl_client_priv Server administration
REPLICATION SLAVE Repl_slave_priv Server administration
SELECT Select_priv Tables or columns
SHOW DATABASES Show_db_priv Server administration
SHOW VIEW Show_view_priv Views
SHUTDOWN Shutdown_priv Server administration
SUPER Super_priv Server administration
TRIGGER Trigger_priv Tables
UPDATE Update_priv Tables or columns
USAGE Synonym for “no privileges” Server administration

说明:

USAGE:无权限,只有登录数据库,只可以使用test和test_*数据库。

ALL: 所有权限。

以下权限为指定权限。

select/update/delete/supper/replication slave/reload ...

with grant option: 选项表示允许把自己的权限授予其他用户或者从其他用户收回自己的权限。

默认情况下,分配权限时如果没有指定with grant option,代表这个用户不能下发权限给其他用户,但是这个权限不能超过自己的权限。

权限的保存位置:(了解):

mysql.user                所有mysql用户的账号和密码,以及用户对全库全表权限(*.*)
mysql.db                非mysql库的授权都保存在此(db.*)
mysql.table_priv        某库某表的授权(db.table)
mysql.columns_priv        某库某表某列的授权(db.table.col1)
mysql.procs_priv        某库存储过程的

给用户授权:

基本语法:

mysql> grant 权限1,权限2 on 库.表 to 用户@主机
mysql> grant 权限(列1,列2,...) on 库.表 to 用户@主机

库.表表示方法:*.*代表所有数据库的所有数据表,db_itheima.*代表db_itheima数据库中的所有数据表,db_itheima.tb_admin,代表db_itheima数据库中的tb_admin表

*:通配符。

案例:给tom账号分配db_db3库的查询(select)权限:

mysql> grant select on db_db3.* to 'tom'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql>
mysql> show grants;
+---------------------------------------------------------------------+
| Grants for root@localhost                                           |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION        |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)

mysql> show grants for 'tom'@'localhost';
+-------------------------------------------------+
| Grants for tom@localhost                        |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO 'tom'@'localhost'         |
| GRANT SELECT ON `db_db3`.* TO 'tom'@'localhost' |
+-------------------------------------------------+
2 rows in set (0.00 sec)

案例:给tom账号分配db_db3数据表的权限(要求只能更改age权限。)

该案例是具体到某个列。

mysql> grant update(age) on db_db3.tb_student to 'tom'@'localhost';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)


mysql> show grants for 'tom'@'localhost';
+------------------------------------------------------------------+
| Grants for tom@localhost                                         |
+------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'tom'@'localhost'                          |
| GRANT SELECT ON `db_db3`.* TO 'tom'@'localhost'                  |
| GRANT UPDATE (age) ON `db_db3`.`tb_student` TO 'tom'@'localhost' |
+------------------------------------------------------------------+
3 rows in set (0.00 sec)

你可能感兴趣的:(MySQL,mysql)