1. 程式人生 > >MySQL 檢視使用者授予的許可權

MySQL 檢視使用者授予的許可權

在MySQL中,如何檢視一個使用者被授予了那些許可權呢? 授予使用者的許可權可能分全域性層級許可權、資料庫層級許可權、表層級別許可權、列層級別許可權、子程式層級許可權。具體分類如下:

全域性層級

全域性許可權適用於一個給定伺服器中的所有資料庫。這些許可權儲存在mysql.user表中。GRANT ALL ON *.*和REVOKE ALL ON *.*只授予和撤銷全域性許可權。

資料庫層級

資料庫許可權適用於一個給定資料庫中的所有目標。這些許可權儲存在mysql.db和mysql.host表中。GRANT ALL ON db_name.*和REVOKE ALL ON db_name.*只授予和撤銷資料庫許可權。 

表層級

表許可權適用於一個給定表中的所有列。這些許可權儲存在mysql.tables_priv表中。GRANT ALL ON db_name.tbl_name和REVOKE ALL ON db_name.tbl_name只授予和撤銷表許可權。

列層級

列許可權適用於一個給定表中的單一列。這些許可權儲存在mysql.columns_priv表中。當使用REVOKE時,您必須指定與被授權列相同的列。

子程式層級

CREATE ROUTINE, ALTER ROUTINE, EXECUTE和GRANT許可權適用於已儲存的子程式。這些許可權可以被授予為全域性層級和資料庫層級。而且,除了CREATE ROUTINE外,這些許可權可以被授予為子程式層級,並存儲在mysql.procs_priv表中。

1:那麼我們來建立一個測試賬號test,授予全域性層級的許可權。如下所示: 

mysql> grant select,insert on *.* to [email protected]'%' identified by 'test';

Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;

Query OK, 0 rows affected (0.00 sec)

mysql> 

那麼可以用下面兩種方式查詢授予test的許可權。如下所示:

mysql> show grants for test;

+--------------------------------------------------------------------------------------------------------------+
| Grants for [email protected]%                                                                                            |
+--------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT ON *.* TO 'test'@'%' IDENTIFIED BY PASSWORD '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29' |
+--------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> select * from mysql.user where user='test'\G;
*************************** 1. row ***************************
                  Host: %
                  User: test
              Password: *94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29
           Select_priv: Y
           Insert_priv: Y
           Update_priv: N
           Delete_priv: N
           Create_priv: N
             Drop_priv: N
           Reload_priv: N
         Shutdown_priv: N
          Process_priv: N
             File_priv: N
            Grant_priv: N
       References_priv: N
            Index_priv: N
            Alter_priv: N
          Show_db_priv: N
            Super_priv: N
 Create_tmp_table_priv: N
      Lock_tables_priv: N
          Execute_priv: N
       Repl_slave_priv: N
      Repl_client_priv: N
      Create_view_priv: N
        Show_view_priv: N
   Create_routine_priv: N
    Alter_routine_priv: N
      Create_user_priv: N
            Event_priv: N
          Trigger_priv: N
Create_tablespace_priv: N
              ssl_type: 
            ssl_cipher: 
           x509_issuer: 
          x509_subject: 
         max_questions: 0
           max_updates: 0
       max_connections: 0
  max_user_connections: 0
 plugin: mysql_native_password
 authentication_string: 
      password_expired: N
1 row in set (0.04 sec)
ERROR: 
No query specified
mysql> 

2:那麼我們來建立一個測試賬號test,授予資料庫層級的許可權。如下所示:

mysql> drop user test;

Query OK, 0 rows affected (0.00 sec)
mysql> grant select,insert,update,delete on MyDB.* to [email protected]'%' identified by 'test';
Query OK, 0 rows affected (0.01 sec)
mysql> 
mysql> select * from mysql.user where user='test'\G; --可以看到無任何授權。
mysql> select * from mysql.db where user='test'\G;
*************************** 1. row ***************************
                 Host: %
                   Db: MyDB
                 User: test
          Select_priv: Y
          Insert_priv: Y
          Update_priv: Y
          Delete_priv: Y
          Create_priv: N
            Drop_priv: N
           Grant_priv: N
      References_priv: N
           Index_priv: N
           Alter_priv: N
Create_tmp_table_priv: N
     Lock_tables_priv: N
     Create_view_priv: N
       Show_view_priv: N
  Create_routine_priv: N
   Alter_routine_priv: N
         Execute_priv: N
           Event_priv: N
         Trigger_priv: N
1 row in set (0.04 sec)
ERROR: 
No query specified
mysql> 
mysql> show grants for test;
+-----------------------------------------------------------------------------------------------------+
| Grants for [email protected]%                                                                                   |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'test'@'%' IDENTIFIED BY PASSWORD '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `MyDB`.* TO 'test'@'%'                                      |
+-----------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> 

3:那麼我們來建立一個測試賬號test,授予表層級的許可權。如下所示:

mysql> drop user test;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> grant all on MyDB.kkk to [email protected]'%' identified by 'test';
Query OK, 0 rows affected (0.01 sec)
mysql> 
mysql> show grants for test;
+-----------------------------------------------------------------------------------------------------+
| Grants for [email protected]%                                                                                   |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'test'@'%' IDENTIFIED BY PASSWORD '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29' |
| GRANT ALL PRIVILEGES ON `MyDB`.`kkk` TO 'test'@'%'                                                  |
+-----------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> select * from mysql.tables_priv\G;
*************************** 1. row ***************************
       Host: %
         Db: MyDB
       User: test
 Table_name: kkk
    Grantor: [email protected]
  Timestamp: 0000-00-00 00:00:00
 Table_priv: Select,Insert,Update,Delete,Create,Drop,References,Index,Alter,Create View,Show view,Trigger
Column_priv: 
1 row in set (0.01 sec)
ERROR: 
No query specified
mysql>

4:那麼我們來建立一個測試賬號test,授予列層級的許可權。如下所示:

mysql> drop user test;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> grant select (id, col1) on MyDB.TEST1 to [email protected]'%' identified by 'test';
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> 
mysql> select * from mysql.columns_priv;
+------+------+------+------------+-------------+---------------------+-------------+
| Host | Db   | User | Table_name | Column_name | Timestamp           | Column_priv |
+------+------+------+------------+-------------+---------------------+-------------+
| %    | MyDB | test | TEST1      | id          | 0000-00-00 00:00:00 | Select      |
| %    | MyDB | test | TEST1      | col1        | 0000-00-00 00:00:00 | Select      |
+------+------+------+------------+-------------+---------------------+-------------+
2 rows in set (0.00 sec)
mysql> show grants for test;
+-----------------------------------------------------------------------------------------------------+
| Grants for [email protected]%                                                                                   |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'test'@'%' IDENTIFIED BY PASSWORD '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29' |
| GRANT SELECT (id, col1) ON `MyDB`.`TEST1` TO 'test'@'%'                                             |
+-----------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql>

5:那麼我們來建立一個測試賬號test,授子程式層級的許可權。如下所示:

mysql> DROP PROCEDURE IF EXISTS PRC_TEST;

Query OK, 0 rows affected (0.00 sec)
mysql> DELIMITER //
mysql> CREATE PROCEDURE PRC_TEST()
    -> BEGIN
    ->    SELECT * FROM kkk;
    -> END //
Query OK, 0 rows affected (0.00 sec)
mysql> DELIMITER ;
mysql> grant execute on procedure MyDB.PRC_TEST to [email protected]'%' identified by 'test';
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> 
mysql> show grants for test;
+-----------------------------------------------------------------------------------------------------+
| Grants for [email protected]%                                                                                   |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'test'@'%' IDENTIFIED BY PASSWORD '*94BDCEBE19083CE2A1F959FD02F964C7AF4CFC29' |
| GRANT EXECUTE ON PROCEDURE `MyDB`.`prc_test` TO 'test'@'%'                                          |
+-----------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> select * from mysql.procs_priv where User='test';
+------+------+------+--------------+--------------+----------------+-----------+---------------------+
| Host | Db   | User | Routine_name | Routine_type | Grantor        | Proc_priv | Timestamp           |
+------+------+------+--------------+--------------+----------------+-----------+---------------------+
| %    | MyDB | test | PRC_TEST     | PROCEDURE    | [email protected] | Execute   | 0000-00-00 00:00:00 |
+------+------+------+--------------+--------------+----------------+-----------+---------------------+
1 row in set (0.00 sec)
mysql> 

所以,如果需要檢視使用者被授予的許可權,就需要從這五個層級來檢視被授予的許可權。從上到下或從小到上,逐一檢查各個層級被授予的許可權。