关于mysql.db和数据库层权限

1# 数据库层权限记录位置
表级别的权限记录在mysql.tables_priv表中。

([email protected])[mysql]> ([email protected])[mysql]> desc tables_priv;
+-------------+-----------------------------------------------------------------------------------------------------------------------------------+------+-----+-------------------+-----------------------------+
| Field       | Type                                                                                                                              | Null | Key | Default           | Extra                       |
+-------------+-----------------------------------------------------------------------------------------------------------------------------------+------+-----+-------------------+-----------------------------+
| Host        | char(60)                                                                                                                          | NO   | PRI |                   |                             |
| Db          | char(64)                                                                                                                          | NO   | PRI |                   |                             |
| User        | char(16)                                                                                                                          | NO   | PRI |                   |                             |
| Table_name  | char(64)                                                                                                                          | NO   | PRI |                   |                             |
| Grantor     | char(77)                                                                                                                          | NO   | MUL |                   |                             |
| Timestamp   | timestamp                                                                                                                         | NO   |     | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP |
| Table_priv  | set(‘Select‘,‘Insert‘,‘Update‘,‘Delete‘,‘Create‘,‘Drop‘,‘Grant‘,‘References‘,‘Index‘,‘Alter‘,‘Create View‘,‘Show view‘,‘Trigger‘) | NO   |     |                   |                             |
| Column_priv | set(‘Select‘,‘Insert‘,‘Update‘,‘References‘)                                                                                      | NO   |     |                   |                             |
+-------------+-----------------------------------------------------------------------------------------------------------------------------------+------+-----+-------------------+-----------------------------+
8 rows in set (0.00 sec)

然而关于数据库层面的权限记录在mysql.db表中

([email protected])[mysql]> desc db;
+-----------------------+---------------+------+-----+---------+-------+
| Field                 | Type          | Null | Key | Default | Extra |
+-----------------------+---------------+------+-----+---------+-------+
| Host                  | char(60)      | NO   | PRI |         |       |
| Db                    | char(64)      | NO   | PRI |         |       |
| User                  | char(16)      | NO   | PRI |         |       |
| Select_priv           | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Insert_priv           | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Update_priv           | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Delete_priv           | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Create_priv           | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Drop_priv             | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Grant_priv            | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| References_priv       | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Index_priv            | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Alter_priv            | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Create_tmp_table_priv | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Lock_tables_priv      | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Create_view_priv      | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Show_view_priv        | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Create_routine_priv   | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Alter_routine_priv    | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Execute_priv          | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Event_priv            | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
| Trigger_priv          | enum(‘N‘,‘Y‘) | NO   |     | N       |       |
+-----------------------+---------------+------+-----+---------+-------+
22 rows in set (0.00 sec)

([email protected])[mysql]> select * from db\G
*************************** 1. row ***************************
                 Host: %
                   Db: sample
                 User: test1
          Select_priv: Y
          Insert_priv: N
          Update_priv: N
          Delete_priv: N
          Create_priv: Y
            Drop_priv: N
           Grant_priv: N
      References_priv: N
           Index_priv: N
           Alter_priv: N
Create_tmp_table_priv: N
     Lock_tables_priv: N
     Create_view_priv: N
       Show_view_priv: N
  Create_routine_priv: N
   Alter_routine_priv: N
         Execute_priv: N
           Event_priv: N
         Trigger_priv: N
1 row in set (0.00 sec)

这条对应的grant语句是:

([email protected])[mysql]> show grants for test1;
+------------------------------------------------------------------------------------------------------+
| Grants for [email protected]%                                                                                   |
+------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘test1‘@‘%‘ IDENTIFIED BY PASSWORD ‘*CFA887C680E792C2DCF622D56FB809E3F8BE63CC‘ |
| GRANT SELECT, CREATE ON `sample`.* TO ‘test1‘@‘%‘                                                    |
| GRANT ALL PRIVILEGES ON `sample`.`smp` TO ‘test1‘@‘%‘                                                |
| GRANT SELECT ON `mysql`.`user` TO ‘test1‘@‘%‘                                                        |
+------------------------------------------------------------------------------------------------------+
4 rows in set (0.00 sec)

第二条:
GRANT SELECT, CREATE ON sample.* TO ‘test1‘@‘%‘

尝试再增加权限:

([email protected])[mysql]> grant all privileges on sample.* to test1;
Query OK, 0 rows affected (0.00 sec)

([email protected])[mysql]>
([email protected])[mysql]>
([email protected])[mysql]> select * from db\G
*************************** 1. row ***************************
                 Host: %
                   Db: sample
                 User: test1
          Select_priv: Y
          Insert_priv: Y
          Update_priv: Y
          Delete_priv: Y
          Create_priv: Y
            Drop_priv: Y
           Grant_priv: N
      References_priv: Y
           Index_priv: Y
           Alter_priv: Y
Create_tmp_table_priv: Y
     Lock_tables_priv: Y
     Create_view_priv: Y
       Show_view_priv: Y
  Create_routine_priv: Y
   Alter_routine_priv: Y
         Execute_priv: Y
           Event_priv: Y
         Trigger_priv: Y
1 row in set (0.00 sec)

授予all privileges权限。注意点是grant option并不包含在all privileges里面。可以用with子句


([email protected])[mysql]> grant all privileges on sample.* to test1 with grant option;
Query OK, 0 rows affected (0.00 sec)

([email protected])[mysql]> select * from db\G
*************************** 1. row ***************************
                 Host: %
                   Db: sample
                 User: test1
          Select_priv: Y
          Insert_priv: Y
          Update_priv: Y
          Delete_priv: Y
          Create_priv: Y
            Drop_priv: Y
           Grant_priv: Y
      References_priv: Y
           Index_priv: Y
           Alter_priv: Y
Create_tmp_table_priv: Y
     Lock_tables_priv: Y
     Create_view_priv: Y
       Show_view_priv: Y
  Create_routine_priv: Y
   Alter_routine_priv: Y
         Execute_priv: Y
           Event_priv: Y
         Trigger_priv: Y
1 row in set (0.00 sec)

回收all privileges权限, 错误写法,revoke并不能带with grant option来回收grant option

([email protected])[mysql]> revoke all privileges on sample.* from test1 with grant option;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘grant option‘ at line 1
([email protected])[mysql]> 

这样写还是不对:

revoke all privileges, grant option  on sample.* from test1;
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘on sample.* from test1‘ at line 1

分开写就可以了:

([email protected])[mysql]> revoke all privileges on sample.* from test1;
Query OK, 0 rows affected (0.00 sec)

([email protected])[mysql]> revoke grant option on sample.* from test1;
Query OK, 0 rows affected (0.00 sec)

([email protected])[mysql]> 

grant option在授予的时候是用with子句,回收的时候需要单独回收。

2#一般用户可访问的数据库:
在test1用户下,查看可以访问的数据库:

([email protected])[(none)]> show databases
    -> ;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| sample             |
+--------------------+
3 rows in set (0.00 sec)

([email protected])[(none)]>
([email protected])[(none)]>
([email protected])[(none)]>
([email protected])[(none)]> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed

([email protected])[mysql]> show tables;
+-----------------+
| Tables_in_mysql |
+-----------------+
| user            |
+-----------------+
1 row in set (0.00 sec)

([email protected])[mysql]> show grants;
+---------------------------------------------------------------------+
| Grants for [email protected]%                                                  |
+---------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘test1‘@‘%‘ IDENTIFIED BY PASSWORD <secret>   |
| GRANT ALL PRIVILEGES ON `sample`.* TO ‘test1‘@‘%‘ WITH GRANT OPTION |
| GRANT ALL PRIVILEGES ON `sample`.`smp` TO ‘test1‘@‘%‘               |
| GRANT SELECT ON `mysql`.`user` TO ‘test1‘@‘%‘                       |
+---------------------------------------------------------------------+
4 rows in set (0.00 sec)-----------------------------------------------------------------+
| Grants for [email protected]%                                                |
+-------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘test1‘@‘%‘ IDENTIFIED BY PASSWORD <secret> |
| GRANT ALL PRIVILEGES ON `sample`.`smp` TO ‘test1‘@‘%‘             |
| GRANT SELECT ON `mysql`.`user` TO ‘test1‘@‘%‘                     |
+-------------------------------------------------------------------+
3 rows in set (0.00 sec)

([email protected])[mysql]> 

sample数据库是被授予的all privileges

原文地址:http://blog.51cto.com/accole/2166927

时间: 2024-11-09 15:10:33

关于mysql.db和数据库层权限的相关文章

mysql添加用户和用户权限

Mysql添加用户使用可以对mysql数据库用户表有操作权限的用户名登陆mysqlinsert into user(Host,User,Password) values('%','name','password');如果work用户没有登陆权限,则killall mysqldshare/mysql/mysql.server startgrant all on *.* to [email protected]'%' identified by "password"; MySQL赋予用户权

Mysql 数据库的权限问题

之前一直对Mysql数据库的权限没太理解 root用户具有最高的权限,也就是超级用户,root用户可以看到数据库中的所有的内容,而其它用户只能对经过root用户授权过的数据库进行操作,如果想在其它用户中创建新的数据库       而对root用户不可见,是不行的,而将其它用户的权限设置成: grant all on *.* to 'my_user'@'localhost'; 这时,其它用户的权限相当于root 用户,没有实际意义. revoke all on *.* from 'my_user'

mysql用户及数据库的创建及权限的更改

创建数据库 create database discuz default character set utf8 collate utf8_general_ci; 创建用户 create user 'discuz'@'localhost' identified by 'discuz'; 更改用户访问数据库的权限 grant all on discuz.* to 'discuz'@'localhost'; 更改非本机使用数据库用户连接数据库的权限的更改 update mysql.user set h

在myeclipse中配置DB Driver(数据库用MySql),并在myeclipse执行sql语句操作

在myeclipse中配置DB Driver(数据库用MySql),并在myeclipse执行sql语句操作 MyEclipse6.5    ,  mysq驱动jar包为mysql-connector-java-5.1.8-bin.jar 在MyEclipse中添加hibernate支持时需要用到DB Driver所以需要配置 首先选择window-->Open Perspective-->Other 出现下图:选择MyEclipse Database Explore. 点击OK后出现如下画面

MySQL数据库远程访问权限如何打开(两种方法)

MySQL数据库远程访问权限如何打开(两种方法) 下载GPL版本安装 MySQL Community Edition(GPL) Community (GPL) Downloads 在我们使用mysql数据库时,有时我们的程序与数据库不在同一机器上,这时我们需要远程访问数据库.缺省状态下,mysql的用户没有远程访问的权限. 下面介绍两种方法,解决这一问题. 1.改表法 可能是你的帐号不允许从远程登陆,只能在localhost.这个时候只要在localhost的那台电脑,登入mysql后,更改 "

Mysql添加远程访问数据库权限

@font-face {  font-family: "宋体";}@font-face {  font-family: "Cambria Math";}@font-face {  font-family: "@宋体";}@font-face {  font-family: "Calibri";}@font-face {  font-family: "Helvetica Neue";}p.MsoNormal,

MySQL 查看用户授予的权限

  在MySQL中,如何查看一个用户被授予了那些权限呢? 授予用户的权限可能分全局层级权限.数据库层级权限.表层级别权限.列层级别权限.子程序层级权限.具体分类如下: 全局层级 全局权限适用于一个给定服务器中的所有数据库.这些权限存储在mysql.user表中.GRANT ALL ON *.*和REVOKE ALL ON *.*只授予和撤销全局权限.   数据库层级 数据库权限适用于一个给定数据库中的所有目标.这些权限存储在mysql.db和mysql.host表中.GRANT ALL ON d

使用Amoeba 实现MySQL DB 读写分离

Amoeba(变形虫)项目是一个开源框架,于2008年开始发布一款 Amoeba for Mysql软件: 这个软件致力于MySQL的分布式数据库前端代理层,它主要在应用层访问MySQL的时候充当SQL路由功能,专注于分布式数据库代理层(Database Proxy)开发:位于 Client.DB Server(s)之间,对客户端透明: =================================================================== 1 简介 2 准备 2.

MySQL DB 主从复制之SSL

需求架构 准备工作 主从服务器时间同步 # 主从服务器同时配置crontab任务,与NTP服务器同步时间即可 */5 * * * * ntpdate 172.16.0.1 &>/dev/null 部署配置 主库配置 vi /etc/my.cnf server-id = 1 # 在复制架构中,需保持全局唯一 log-bin = mysql-bin # 默认在数据目录下 sync_binlog = 1 # 设置mariadb每次在提交事务前会将二进制日志同步到磁盘,保证服务器崩溃时不会丢失事件