【MySQL 8.0】权限管理

原创

dbprofessional 2023-08-25 10:17:53 博主文章分类：MySQL ©著作权

文章标签 mysql 文章分类 MySQL 数据库

©著作权归作者所有：来自51CTO博客作者dbprofessional的原创作品，请联系作者获取转载授权，否则将追究法律责任

权限级别分为全局，库，表，列四个层次，在指定级别授予的权限也必须在指定的级别撤销权限

授予列的权限
(root@node01) > grant select (c_phone) on tpcc10.customer to 'tpcc'@'%';
Query OK, 0 rows affected (0.03 sec)

撤销授予的列权限
(root@node01) > revoke select (c_phone) on tpcc10.customer from 'tpcc'@'%';
Query OK, 0 rows affected (0.03 sec)

授予表的权限
(root@node01) > grant all on tpcc10.customer to 'tpcc'@'%';
Query OK, 0 rows affected (0.01 sec)

撤销授予的表权限
(root@node01) > revoke all on tpcc10.customer from 'tpcc'@'%';
Query OK, 0 rows affected (0.01 sec)

授予库的权限
(root@node01) > grant all on tpcc10.* to 'tpcc'@'%';
Query OK, 0 rows affected (0.02 sec)

撤销授予的库权限
(root@node01) > revoke all on tpcc10.* from 'tpcc'@'%'; 
Query OK, 0 rows affected (0.02 sec)

授予全局权限
(root@node01) > grant all on *.* to 'tpcc'@'%';
Query OK, 0 rows affected (0.02 sec)

撤销授予的全局权限
(root@node01) > revoke all on *.* from 'tpcc'@'%';
Query OK, 0 rows affected (0.01 sec)

部分权限回收
(root@node01) > grant select on *.* to tpcc@'%';
Query OK, 0 rows affected (0.05 sec)

(root@node01) > show grants for tpcc@'%';
+-----------------------------------+
| Grants for tpcc@%                 |
+-----------------------------------+
| GRANT SELECT ON *.* TO `tpcc`@`%` |
+-----------------------------------+
1 row in set (0.00 sec)

(root@node01) > revoke select on mysql.* from tpcc@'%';
ERROR 1141 (42000): There is no such grant defined for user 'tpcc' on host '%'

(root@node01) > set global partial_revokes=on;
Query OK, 0 rows affected (0.00 sec)

(root@node01) > revoke select on mysql.* from tpcc@'%';
Query OK, 0 rows affected (0.14 sec)

(root@node01) > show grants for tpcc@'%';
+--------------------------------------------+
| Grants for tpcc@%                          |
+--------------------------------------------+
| GRANT SELECT ON *.* TO `tpcc`@`%`          |
| REVOKE SELECT ON `mysql`.* FROM `tpcc`@`%` |
+--------------------------------------------+
2 rows in set (0.00 sec)

(root@node01) > select user_attributes from mysql.user where user='tpcc' and host='%';
+---------------------------------------------------------------------+
| user_attributes                                                     |
+---------------------------------------------------------------------+
| {"Restrictions": [{"Database": "mysql", "Privileges": ["SELECT"]}]} |
+---------------------------------------------------------------------+
1 row in set (0.00 sec)

(root@node01) > grant select on mysql.* to tpcc@'%';
Query OK, 0 rows affected (0.00 sec)

(root@node01) > show grants for tpcc@'%';
+-----------------------------------+
| Grants for tpcc@%                 |
+-----------------------------------+
| GRANT SELECT ON *.* TO `tpcc`@`%` |
+-----------------------------------+
1 row in set (0.00 sec)