MySQL 授予普通用戶PROCESS權限

 

 

在MySQL中如何給普通用戶授予查看全部用戶線程/鏈接的權限，固然,默認狀況下show processlist是能夠查看當前用戶的線程/鏈接的。

 

 

mysql> grant process on MyDB.* to test;

ERROR 1221 (HY000): Incorrect usage of DB GRANT and GLOBAL PRIVILEGES

 

第一次授予這樣的權限，錯誤緣由是process權限是一個全局權限，不能夠指定在某一個庫上（我的測試庫爲MyDB），因此，把受權語句更改成以下便可：

 

mysql> grant process on *.* to test;

Query OK, 0 rows affected (0.01 sec)

 

mysql> flush privileges;

Query OK, 0 rows affected (0.01 sec)

 

 

 

若是不給擁有授予PROESS權限 ，show processlist命令只能看到當前用戶的線程，而授予了PROCESS權限後，使用show  processlist就能看到全部用戶的線程。官方文檔的介紹以下：

 

SHOW PROCESSLIST shows you which threads are running. You can also get this information from the INFORMATION_SCHEMA PROCESSLIST table or the mysqladmin processlist command. If you have the PROCESS privilege, you can see all threads. Otherwise, you can see only your own threads (that is, threads associated with the MySQL account that you are using). If you do not use the FULL keyword, only the first 100 characters of each statement are shown in the Info field.

 

 

咱們先建立下面帳號test2,而後測試以下：

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> grant select,insert,update,delete on MyDB.* to test2@'%' identified by 'test2';

Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.01 sec)

 

 

 

mysql> select user();

+-----------------+

| user()          |

+-----------------+

| test2@localhost |

+-----------------+

1 row in set (0.00 sec)

mysql> show processlist;

+----+-------+-----------+------+---------+------+-------+------------------+

| Id | User  | Host      | db   | Command | Time | State | Info             |

+----+-------+-----------+------+---------+------+-------+------------------+

| 25 | test2 | localhost | NULL | Query   |    0 | init  | show processlist |

+----+-------+-----------+------+---------+------+-------+------------------+

1 row in set (0.00 sec)

mysql> show full processlist;

+----+-------+-----------+------+---------+------+-------+-----------------------+

| Id | User  | Host      | db   | Command | Time | State | Info                  |

+----+-------+-----------+------+---------+------+-------+-----------------------+

| 25 | test2 | localhost | NULL | Query   |    0 | init  | show full processlist |

+----+-------+-----------+------+---------+------+-------+-----------------------+

1 row in set (0.01 sec)

mysql> 

 

 

 

 

 

而後咱們給用戶test2授予process權限, 以下所示,再測試show processlist 就能看到全部用戶的線程/鏈接信息（若是是以前已經創建鏈接的會話，必須退出從新登陸，不然依然只能看到當前用戶的線程。）

 

mysql> grant process on *.* to test2;

Query OK, 0 rows affected (0.00 sec)

 

mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)

 

mysql> show processlist;

+----+-------+-----------+------+---------+------+-------+------------------+

| Id | User  | Host      | db   | Command | Time | State | Info             |

+----+-------+-----------+------+---------+------+-------+------------------+

| 19 | root  | localhost | NULL | Sleep   |   16 |       | NULL             |

| 22 | test  | localhost | MyDB | Sleep   |  738 |       | NULL             |

| 24 | test  | localhost | NULL | Sleep   |  692 |       | NULL             |

| 25 | test2 | localhost | NULL | Sleep   |  531 |       | NULL             |

| 27 | test2 | localhost | NULL | Query   |    0 | init  | show processlist |

+----+-------+-----------+------+---------+------+-------+------------------+

5 rows in set (0.00 sec)

mysql> 

 

 

The PROCESS privilege pertains to display of information about the threads executing within the server (that is, information about the statements being executed by sessions). The privilege enables use of SHOW PROCESSLIST or mysqladmin processlist to see threads belonging to other accounts; you can always see your own threads. The PROCESS privilege also enables use of SHOW ENGINE.

 

 

如上官方文檔所說，若是給用戶授予了PROCESS權限， 那麼用戶就擁有了使用SHOW ENGINES命令的權限，以下所示：

 

 

mysql> select user();

+----------------+

| user()         |

+----------------+

| test@localhost |

+----------------+

1 row in set (0.00 sec)

mysql> show engines;

+--------------------+---------+----------------------------------------------------------------+--------------+------+------------+

| Engine             | Support | Comment                                                        | Transactions | XA   | Savepoints |

+--------------------+---------+----------------------------------------------------------------+--------------+------+------------+

| MRG_MYISAM         | YES     | Collection of identical MyISAM tables                          | NO           | NO   | NO         |

| CSV                | YES     | CSV storage engine                                             | NO           | NO   | NO         |

| MyISAM             | YES     | MyISAM storage engine                                          | NO           | NO   | NO         |

| BLACKHOLE          | YES     | /dev/null storage engine (anything you write to it disappears) | NO           | NO   | NO         |

| MEMORY             | YES     | Hash based, stored in memory, useful for temporary tables      | NO           | NO   | NO         |

| InnoDB             | DEFAULT | Supports transactions, row-level locking, and foreign keys     | YES          | YES  | YES        |

| ARCHIVE            | YES     | Archive storage engine                                         | NO           | NO   | NO         |

| PERFORMANCE_SCHEMA | YES     | Performance Schema                                             | NO           | NO   | NO         |

| FEDERATED          | NO      | Federated MySQL storage engine                                 | NULL         | NULL | NULL       |

+--------------------+---------+----------------------------------------------------------------+--------------+------+------------+

9 rows in set (0.00 sec)

mysql>