mysql回收用戶權限

1.建立test1用戶

select password('test1');
+-------------------------------------------+
| password('test1')                         |
+-------------------------------------------+
| *06C0BF5B64ECE2F648B5F048A71903906BA08E5C |
+-------------------------------------------+
create user 'test1'@'localhost' identified by password '*06C0BF5B64ECE2F648B5F048A71903906BA08E5C';

這裏create user中密碼使用普通字符串時,則不須要password關鍵字,當使用password()函數加密以後的字符串時,則須要有password關鍵字mysql

2.受權

grant select,create,delete on pmx.* to 'test1'@'localhost' with grant option;

grant後面能夠不用設置密碼,由於在create user中已經設置好了。爲數據庫pmx下的全部表受權,用戶的權限信息保存在mysql.db表中。sql

3.收回權限

revoke select,create,delete,grant option on pmx.*  from 'test1'@'localhost';

或者數據庫

revoke all privileges,grant option from 'test1'@'localhost';

或者ide

revoke all privileges on pmx.*  from 'test1'@'localhost';
revoke grant option on pmx.* from 'test1'@'localhost';

4. 授予什麼權限就回收什麼權限

4.1 函數

grant select on *.* to 'test1'@'localhost' with grant option;

授予全局權限,權限信息保存在mysql.user表中加密

select * from mysql.user where user='test1'\G;
*************************** 1. row ***************************
                  Host: localhost
                  User: test1
              Password: *06C0BF5B64ECE2F648B5F048A71903906BA08E5C
           Select_priv: Y
           Insert_priv: N
           Update_priv: N
           Delete_priv: N
           Create_priv: N
             Drop_priv: N
           Reload_priv: N
         Shutdown_priv: N
          Process_priv: N
             File_priv: N
            Grant_priv: Y
       References_priv: N
            Index_priv: N
            Alter_priv: N
          Show_db_priv: N
            Super_priv: N
 Create_tmp_table_priv: N
      Lock_tables_priv: N
          Execute_priv: N
       Repl_slave_priv: N
      Repl_client_priv: N
      Create_view_priv: N
        Show_view_priv: N
   Create_routine_priv: N
    Alter_routine_priv: N
      Create_user_priv: N
            Event_priv: N
          Trigger_priv: N
Create_tablespace_priv: N
              ssl_type: 
            ssl_cipher: 
           x509_issuer: 
          x509_subject: 
         max_questions: 0
           max_updates: 0
       max_connections: 0
  max_user_connections: 0
                plugin: mysql_native_password
 authentication_string: 
      password_expired: N
1 row in set (0.00 sec)

4.2spa

grant select on pmx.* to 'test1'@'localhost' with grant option;

授予數據庫權限,權限信息保存在mysql.db表中code

select * from mysql.db\G;
*************************** 1. row ***************************
                 Host: localhost
                   Db: pmx
                 User: test1
          Select_priv: Y
          Insert_priv: N
          Update_priv: N
          Delete_priv: N
          Create_priv: N
            Drop_priv: N
           Grant_priv: Y
      References_priv: N
           Index_priv: N
           Alter_priv: N
Create_tmp_table_priv: N
     Lock_tables_priv: N
     Create_view_priv: N
       Show_view_priv: N
  Create_routine_priv: N
   Alter_routine_priv: N
         Execute_priv: N
           Event_priv: N
         Trigger_priv: N
1 rows in set (0.00 sec)

 4.3blog

grant select on pmx.score to 'test1'@'localhost' with grant option;

授予某張表權限,權限信息保存在mysql.tables_priv表中ip

select * from mysql.tables_priv;
+-----------+-----+-------+------------+----------------+---------------------+--------------+-------------+
| Host      | Db  | User  | Table_name | Grantor        | Timestamp           | Table_priv   | Column_priv |
+-----------+-----+-------+------------+----------------+---------------------+--------------+-------------+
| localhost | pmx | test1 | score      | root@localhost | 0000-00-00 00:00:00 | Select,Grant |             |
+-----------+-----+-------+------------+----------------+---------------------+--------------+-------------+

4.4

grant select(grade) on pmx.score to 'test1'@'localhost' with grant option;

授予某個字段的權限,權限信息保存在mysql.columns_priv表中

select * from mysql.columns_priv;
+-----------+-----+-------+------------+-------------+---------------------+-------------+
| Host      | Db  | User  | Table_name | Column_name | Timestamp           | Column_priv |
+-----------+-----+-------+------------+-------------+---------------------+-------------+
| localhost | pmx | test1 | score      | grade       | 0000-00-00 00:00:00 | Select      |
+-----------+-----+-------+------------+-------------+---------------------+-------------+

 

當使用

revoke all privileges on *.* from 'test1'@'localhost';

 回收的只是全局的權限,test1用戶其餘的權限,好比對pmx數據庫的權限,對score表的權限,對某個字段的權限仍然持有。 因此爲了回收用戶的全部權限,使用

revoke all privileges,grant option from 'test1'@'localhost';

這是條固定語法,all privileges和grant option必須都有 

相關文章
相關標籤/搜索