一般都知道MySQL创建用户和赋权限是用
- GRANT ... ON *.* TO 'myname'@'%.mydomain.com' IDENTIFIED BY 'mypass';
- GRANT ... ON mydatabase.* TO 'myname'@'%.mydomain.com' IDENTIFIED BY 'mypass';
撤销权限是用
- REVOKE ... FROM 'myname';
今天遇到一个情况,数据库games,只允许用户myname对players表的id和name这两个字段有SELECT权限,在查阅了MySQL的参考手册后,发现GRANT和REVOKE命令是可以针对不同字段来设置权限的,完整的命令应该是:
- GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ...
- ON [object_type] {tbl_name | * | *.* | db_name.*}
- TO user [IDENTIFIED BY [PASSWORD] 'password']
- [, user [IDENTIFIED BY [PASSWORD] 'password']] ...
- [REQUIRE
- NONE |
- [{SSL| X509}]
- [CIPHER 'cipher' [AND]]
- [ISSUER 'issuer' [AND]]
- [SUBJECT 'subject']]
- [WITH with_option [with_option] ...]
- object_type =
- TABLE
- | FUNCTION
- | PROCEDURE
- with_option =
- GRANT OPTION
- | MAX_QUERIES_PER_HOUR count
- | MAX_UPDATES_PER_HOUR count
- | MAX_CONNECTIONS_PER_HOUR count
- | MAX_USER_CONNECTIONS count
- REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ...
- ON [object_type] {tbl_name | * | *.* | db_name.*}
- FROM user [, user] ...
- REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] ...
我的情况赋权限应该是:
- GRANT SELECT (id, name) ON games.players TO 'myname'@'%.mydomain.com';
- FLUSH PRIVILEGES;
参考文档:
http://dev.mysql.com/doc/refman/5.1/zh/sql-syntax.html#drop-user
