MYSQL授权先后顺序的测试
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了MYSQL授权先后顺序的测试相关的知识,希望对你有一定的参考价值。
最近实际工作中遇到一个小问题,查看授权,明明已经给一个表授权了create,但是还是报错无create权限。
下面是详细的步骤以及最终的解决方案。
可以看出mysql授权上,有一定的匹配规则。
1、root用户,创建数据库
mysql> create database gw_cgm ;
Query OK, 1 row affected (0.01 sec)
mysql> create database gw_ga ;
Query OK, 1 row affected (0.00 sec)
mysql> create database gw_log01 ;
Query OK, 1 row affected (0.00 sec)
mysql> create database gw_log02 ;
Query OK, 1 row affected (0.00 sec)
2、创建app_ddd用户并授权
先给gw_%的所有表授权
再给gw_cgm设置create、drop的权限
mysql> show grants for [email protected]‘10.%‘;
+-------------------------------------------------------------------------------------------------------------+
| Grants for [email protected]% |
+-------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘app_ddd‘@‘10.%‘ |
| GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON `gw_%`.* TO ‘app_ddd‘@‘10.%‘ |
| GRANT CREATE, DROP ON `gw_cgm`.* TO ‘app_ddd‘@‘10.%‘ |
+-------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)
3、使用app_ddd用户登录mysql
mysql -uapp_ddd
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| gw_cgm |
| gw_log01 |
| gw_log02 |
| gw_ga |
+--------------------+
4、创建一个表,报错,无权限
mysql> use gw_cgm
Database changed
mysql> CREATE TABLE `t5` (`id` int(1) NOT NULL DEFAULT ‘1‘,`name` varchar(5) DEFAULT NULL) ENGINE=InnoDB DEFAULT CHARSET=latin1;
ERROR 1142 (42000): CREATE command denied to user ‘app_ddd‘@‘10.12.200.102‘ for table ‘t5‘
5、切换root用户下
(1)回收app_ddd用户
mysql> REVOKE SELECT, INSERT, UPDATE, DELETE, EXECUTE ON `gw_%`.* FROM ‘app_ddd‘@‘10.%‘;
Query OK, 0 rows affected (0.00 sec)
mysql> REVOKE CREATE, DROP ON `gw_cgm`.* FROM ‘app_ddd‘@‘10.%‘;
Query OK, 0 rows affected (0.00 sec)
(2)重新给app_ddd用户授权,注意这里的授权顺序。
先给gw_cgm授create、drop权限
再给gw_%授权
mysql> GRANT CREATE, DROP ON `gw_cgm`.* TO ‘app_ddd‘@‘10.%‘ ;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON `gw_%`.* TO ‘app_ddd‘@‘10.%‘;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for [email protected]‘10.%‘;
+-------------------------------------------------------------------------------------------------------------+
| Grants for [email protected]% |
+-------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO ‘app_ddd‘@‘10.%‘ |
| GRANT CREATE, DROP ON `gw_cgm`.* TO ‘app_ddd‘@‘10.%‘ |
| GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON `gw_%`.* TO ‘app_ddd‘@‘10.%‘ |
+-------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)
6、使用app_ddd 重新登录
mysql> use gw_cgm
Database changed
mysql> CREATE TABLE `t5` (`id` int(1) NOT NULL DEFAULT ‘1‘,`name` varchar(5) DEFAULT NULL) ENGINE=InnoDB DEFAULT CHARSET=latin1;
Query OK, 0 rows affected (0.13 sec)
通过测试可以看出:先给gw_%授基本权限,后面新增的create权限,mysql并为授权create。
本文出自 “菜鸟地盘” 博客,请务必保留此出处http://yangjingangel.blog.51cto.com/8351501/1745977
以上是关于MYSQL授权先后顺序的测试的主要内容,如果未能解决你的问题,请参考以下文章