📅  最后修改于: 2020-11-17 05:25:32             🧑  作者: Mango
MySQL具有向数据库的管理员和用户提供许多控制选项的功能。我们已经学习了如何在MySQL服务器中使用CREATE USER语句创建新用户。现在,我们将学习对用户帐户的授予特权。 MySQL提供GRANT语句来授予用户帐户访问权限。
grant语句使系统管理员可以向MySQL用户帐户分配特权和角色,以便他们可以在需要时使用对数据库的分配权限。
以下是使用GRANT语句的基本语法:
GRANT privilege_name(s)
ON object
TO user_account_name;
在以上语法中,我们可以具有以下参数:
Parameter Name | Descriptions |
---|---|
privilege_name(s) | It specifies the access rights or grant privilege to user accounts. If we want to give multiple privileges, then use a comma operator to separate them. |
object | It determines the privilege level on which the access rights are being granted. It means granting privilege to the table; then the object should be the name of the table. |
user_account_name | It determines the account name of the user to whom the access rights would be granted. |
MySQL支持以下特权级别:
Privilege Level | Syntax | Descriptions |
---|---|---|
Global | GRANT ALL ON *.* TO john@localhost; |
It applies to all databases on MySQL server. We need to use *.* syntax for applying global privileges. Here, the user can query data from all databases and tables of the current server. |
Database | GRANT ALL ON mydb.* TO john@localhost; |
It applies to all objects in the current database. We need to use the db_name.* syntax for applying this privilege. Here, a user can query data from all tables in the given database. |
Table | GRANT DELETE ON mydb.employees TO john@localhsot; |
It applies on all columns in a specified table. We need to use db_name.table_name syntax for assigning this privilege. Here, a user can query data from the given table of the specified database. |
Column | GRANT SELECT (col1), INSERT (col1, col2), UPDATE (col2) ON mydb.mytable TO john@localhost; |
It applies on a single column of a table. Here, we must have to specify the column(s) name enclosed with parenthesis for each privilege. The user can select one column, insert values in two columns, and update only one column in the given table. |
Stored Routine | GRANT EXECUTE ON PROCEDURE mydb.myprocedure TO john@localhost; |
It applies to stored routines (procedure and functions). It contains CREATE ROUTINE, ALTER ROUTINE, EXECUTE, and GRANT OPTION privileges. Here, a user can execute the stored procedure in the current database. |
Proxy | GRANT PROXY ON root TO peter@localhost; |
It enables one user to be a proxy for other users. |
让我们通过示例了解GRANT特权。首先,我们需要使用以下语句创建一个名为“ john @ localhost”的新用户:
mysql> CREATE USER john@localhost IDENTIFIED BY 'jtp12345';
接下来,执行SHOW GRANT语句,使用以下查询检查分配给john @ localhost的特权:
mysql> SHOW GRANTS FOR john@localhost;
它将给出以下输出。在这里,USAGE表示用户可以登录数据库但没有任何特权。
如果要将当前服务器中所有数据库的所有特权分配给john @ localhost,请执行以下语句:
mysql> GRANT ALL ON mystudentdb.* TO john@localhost;
再次执行SHOW GRANT语句以验证特权。成功执行后,我们将获得以下输出。在这里,所有特权都被分配给当前服务器中的所有数据库john @ localhost。
这里,授予特权适用于用户可以在当前MySQL数据库中执行存储过程的过程和功能。 EXECUTE特权提供执行函数和过程的能力。
让我们通过示例了解它。假设我们有一个函数calculatesalary,并且想要向用户john授予EXECUTE特权,请运行以下查询:
mysql> GRANT EXECUTE ON FUNCTION calculatesalary TO john@localhost;
如果需要向所有用户提供EXECUTE特权,则必须运行以下命令:
mysql> GRANT EXECUTE ON FUNCTION calculatesalary TO *@localhost;
我们可以从下面的列表中选择可以应用特权的访问权限。