Mysql 伺服器通過許可權表來控制用戶對資料庫的訪問,許可權表存放在 mysql 資料庫里, 由 mysql_install_db 腳本初始化。這些許可權表分別 user,db,table_priv,columns_priv、procs_priv 表。
下面我們連上資料庫具體看下
連接到資料庫
用 root 賬號連上資料庫
# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 4
Server version: 5.7.34 MySQL Community Server (GPL)
選擇 mysql 庫
mysql> use mysql
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
查看所有的表:
mysql> show tables;
+---------------------------+
| Tables_in_mysql |
+---------------------------+
| columns_priv |
| db |
| engine_cost |
| event |
| func |
| general_log |
| gtid_executed |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| innodb_index_stats |
| innodb_table_stats |
| ndb_binlog_index |
| plugin |
| proc |
| procs_priv |
| proxies_priv |
| server_cost |
| servers |
| slave_master_info |
| slave_relay_log_info |
| slave_worker_info |
| slow_log |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
| user |
+---------------------------+
31 rows in set (0.00 sec)
查看 user 表【針對所有資料庫】
user 表中的許可權是針對所有資料庫的
mysql> select * from user where User='cbuser'G
*************************** 1. row ***************************
Host: %
User: cbuser
Select_priv: N
Insert_priv: N
Update_priv: N
Delete_priv: N
Create_priv: N
Drop_priv: N
Reload_priv: N
Shutdown_priv: N
Process_priv: N
File_priv: N
Grant_priv: N
References_priv: N
Index_priv: N
Alter_priv: N
Show_db_priv: N
Super_priv: N
Create_tmp_table_priv: N
Lock_tables_priv: N
Execute_priv: N
Repl_slave_priv: N
Repl_client_priv: N
Create_view_priv: N
Show_view_priv: N
Create_routine_priv: N
Alter_routine_priv: N
Create_user_priv: N
Event_priv: N
Trigger_priv: N
Create_tablespace_priv: N
ssl_type:
ssl_cipher:
x509_issuer:
x509_subject:
max_questions: 0
max_updates: 0
max_connections: 0
max_user_connections: 0
plugin: mysql_native_password
authentication_string: *2AACE7DA3A0240BE8B1F302E0FE2C69705E39B24
password_expired: N
password_last_changed: 2021-07-01 01:50:44
password_lifetime: NULL
account_locked: N
1 row in set (0.00 sec)
查看 db 表【只針對指定的資料庫】
db 表中的許可權只針對指定的資料庫
mysql> select * from dbG
。。。略
*************************** 3. row ***************************
Host: %
Db: cookbook
User: cbuser
Select_priv: Y
Insert_priv: Y
Update_priv: Y
Delete_priv: Y
Create_priv: Y
Drop_priv: Y
Grant_priv: N
References_priv: Y
Index_priv: Y
Alter_priv: Y
Create_tmp_table_priv: Y
Lock_tables_priv: Y
Create_view_priv: Y
Show_view_priv: Y
Create_routine_priv: Y
Alter_routine_priv: Y
Execute_priv: Y
Event_priv: Y
Trigger_priv: Y
3 rows in set (0.00 sec)
如果希望用戶只對某個資料庫有操作許可權,可以先將 user 表中對應的許可權設置為 N,然後在 db 表中設置對應資料庫的操作許可權。
可以看到 cbuser 這個用戶在 user 表中是各個設為 N,在 db 表中設置為 Y。
查看 tables_priv 表【針對錶的許可權】
tables_priv 表用來對單個表進行許可權設置
mysql> select * from tables_privG
*************************** 1. row ***************************
Host: localhost
Db: mysql
User: mysql.session
Table_name: user
Grantor: boot@connecting host
Timestamp: 0000-00-00 00:00:00
Table_priv: Select
Column_priv:
*************************** 2. row ***************************
Host: localhost
Db: sys
User: mysql.sys
Table_name: sys_config
Grantor: root@localhost
Timestamp: 2021-07-01 01:50:39
Table_priv: Select
Column_priv:
2 rows in set (0.00 sec)
看下錶結構:
mysql> show create table tables_privG
*************************** 1. row ***************************
Table: tables_priv
Create Table: CREATE TABLE `tables_priv` (
`Host` char(60) COLLATE utf8_bin NOT NULL DEFAULT '',
`Db` char(64) COLLATE utf8_bin NOT NULL DEFAULT '',
`User` char(32) COLLATE utf8_bin NOT NULL DEFAULT '',
`Table_name` char(64) COLLATE utf8_bin NOT NULL DEFAULT '',
`Grantor` char(93) COLLATE utf8_bin NOT NULL DEFAULT '',
`Timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`Table_priv` set('Select','Insert','Update','Delete','Create','Drop','Grant','References','Index','Alter','Create View','Show view','Trigger') CHARACTER SET utf8 NOT NULL DEFAULT '',
`Column_priv` set('Select','Insert','Update','References') CHARACTER SET utf8 NOT NULL DEFAULT '',
PRIMARY KEY (`Host`,`Db`,`User`,`Table_name`),
KEY `Grantor` (`Grantor`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Table privileges'
1 row in set (0.00 sec)
欄位具體說明如下:
- Host,主機
- Db,資料庫名
- User,用戶名
- Table_name, 表名
- Grantor,修改該記錄的用戶,grant 美 [ɡrænt] 英 [ɡrɑːnt]
- Timestamp,修改該記錄的時間
- Table_priv,表示對錶的操作許可權 【包括 ‘Select’,’Insert’,’Update’,’Delete’,’Create’,’Drop’,’Grant’,’References’,’Index’,’Alter’,’Create View’,’Show view’,’Trigger’】
- Column_priv,表示對表中的列的操作許可權【包括 Column_priv】
查看 columns_priv 表【針對列的許可權】
columns_priv 表用來對單個數據列進行許可權設置
mysql> select * from columns_privG
Empty set (0.00 sec)
mysql> show create table columns_privG
*************************** 1. row ***************************
Table: columns_priv
Create Table: CREATE TABLE `columns_priv` (
`Host` char(60) COLLATE utf8_bin NOT NULL DEFAULT '',
`Db` char(64) COLLATE utf8_bin NOT NULL DEFAULT '',
`User` char(32) COLLATE utf8_bin NOT NULL DEFAULT '',
`Table_name` char(64) COLLATE utf8_bin NOT NULL DEFAULT '',
`Column_name` char(64) COLLATE utf8_bin NOT NULL DEFAULT '',
`Timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
`Column_priv` set('Select','Insert','Update','References') CHARACTER SET utf8 NOT NULL DEFAULT '',
PRIMARY KEY (`Host`,`Db`,`User`,`Table_name`,`Column_name`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Column privileges'
1 row in set (0.00 sec)
欄位具體說明如下:
- Column_name,數據列名稱,用來指定對哪些數據列具有操作許可權
- Timestamp,修改該記錄的時間
- Column_priv,表示對表中的列的操作許可權【包括 ‘Select’,’Insert’,’Update’,’References’】
查看 procs_priv 表【針對存儲過程和存儲函數】
procs_priv 表可以對存儲過程和存儲函數進行許可權設置
mysql> select * from procs_privG
Empty set (0.00 sec)
mysql> show create table procs_privG
*************************** 1. row ***************************
Table: procs_priv
Create Table: CREATE TABLE `procs_priv` (
`Host` char(60) COLLATE utf8_bin NOT NULL DEFAULT '',
`Db` char(64) COLLATE utf8_bin NOT NULL DEFAULT '',
`User` char(32) COLLATE utf8_bin NOT NULL DEFAULT '',
`Routine_name` char(64) CHARACTER SET utf8 NOT NULL DEFAULT '',
`Routine_type` enum('FUNCTION','PROCEDURE') COLLATE utf8_bin NOT NULL,
`Grantor` char(93) COLLATE utf8_bin NOT NULL DEFAULT '',
`Proc_priv` set('Execute','Alter Routine','Grant') CHARACTER SET utf8 NOT NULL DEFAULT '',
`Timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
PRIMARY KEY (`Host`,`Db`,`User`,`Routine_name`,`Routine_type`),
KEY `Grantor` (`Grantor`)
) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Procedure privileges'
1 row in set (0.00 sec)
routine
美[.ru'tin]英[.ruː'tiːn]
n.常規;常式;例行程序;正常順序
adj.常規的;例行公事的;日常的;平常的
欄位具體說明如下:
- Routine_name,表示存儲過程或函數的名稱
- Routine_type,表示存儲過程或函數的類型,Routine_type 欄位有兩個值,分別是 FUNCTION 和 PROCEDURE。FUNCTION 表示這是一個函數;PROCEDURE 表示這是一個 存儲過程。
- Grantor,插入或修改該記錄的用戶
- Proc_priv,表示擁有的許可權,包括 Execute、Alter Routine、Grant 3 種
原創文章,作者:投稿專員,如若轉載,請註明出處:https://www.506064.com/zh-tw/n/276250.html
微信掃一掃 
支付寶掃一掃 