



mysql> create table t1(id1 int primary key,id2 int);
Query OK, 0 rows affected (0.09 sec)

mysql> insert into t1 values(1,1);
Query OK, 1 row affected (0.01 sec)


mysql> create role app_read;
Query OK, 0 rows affected (0.05 sec)

mysql> grant select on yzs.t1 to app_read;
Query OK, 0 rows affected (0.01 sec)


mysql> create user read_user@localhost identified by 'read_user1pass';
Query OK, 0 rows affected (0.02 sec)

mysql> grant app_read to read_user@localhost;
Query OK, 0 rows affected (0.00 sec)


[rdb@localhost ~]$ mysql -uread_user -p'read_user1pass'
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.3-rc-debug-log Source distribution

Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use yzs
ERROR 1044 (42000): Access denied for user 'read_user'@'localhost' to database 'yzs'
mysql> show grants;
| Grants for read_user@localhost |
| GRANT USAGE ON *.* TO `read_user`@`localhost` |
| GRANT `app_read`@`%` TO `read_user`@`localhost` |
2 rows in set (0.00 sec)

mysql> show grants for read_user@localhost using app_read;
| Grants for read_user@localhost |
| GRANT USAGE ON *.* TO `read_user`@`localhost` |
| GRANT SELECT ON `yzs`.`t1` TO `read_user`@`localhost` |
| GRANT `app_read`@`%` TO `read_user`@`localhost` |
3 rows in set (0.00 sec)


mysql> set default role all to  `read_user`@`localhost`;
Query OK, 0 rows affected (0.01 sec)

mysql> use yzs
ERROR 1044 (42000): Access denied for user 'read_user'@'localhost' to database 'yzs'
mysql> exit
[rdb@localhost ~]$ mysql -uread_user -p'read_user1pass'
mysql> use yzs
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> select user();
| user() |
| read_user@localhost |
1 row in set (0.00 sec)

mysql> select *from t1;
| id1 | id2 |
| 1 | 1 |
1 row in set (0.01 sec)


mysql> insert into t1 values(2,2);
ERROR 1142 (42000): INSERT command denied to user 'read_user'@'localhost' for table 't1'
mysql> grant insert on t1 to app_read;
ERROR 1142 (42000): INSERT, GRANT command denied to user 'read_user'@'localhost' for table 't1'
mysql> exit
[rdb@localhost ~]$ mysql -uroot -p'db10$ZTE'
mysql> use yzs
Database changed
mysql> grant insert on t1 to app_read;
Query OK, 0 rows affected (0.03 sec)

mysql> exit
[rdb@localhost ~]$ mysql -uread_user -p'read_user1pass'
mysql> use yzs
Database changed
mysql> insert into t1 values(2,2);
Query OK, 1 row affected (0.00 sec)


[rdb@localhost ~]$ mysql -uroot -p'db10$ZTE'
mysql> use yzs
Database changed
mysql> revoke insert on t1 from app_read;
Query OK, 0 rows affected (0.01 sec)

mysql> exit
[rdb@localhost ~]$ mysql -uread_user -p'read_user1pass'
mysql> use yzs
Database changed
mysql> insert into t1 values(3,3);
ERROR 1142 (42000): INSERT command denied to user 'read_user'@'localhost' for table 't1'
mysql> select current_role();
| current_role() |
| `app_read`@`%` |
1 row in set (0.00 sec)


mysql> show tables like '%role%';
| Tables_in_mysql (%role%) |
| default_roles |
| role_edges |
2 rows in set (0.00 sec)

mysql> select *from default_roles;
| localhost | read_user | % | app_read |
1 row in set (0.00 sec)

mysql> select *from role_edges;
| % | app_read | localhost | read_user | N |
1 row in set (0.00 sec)

