角色

• 創建角色
• 給角色賦予權限
• 刪除權限
• 給用戶賦予角色
• 激活角色
• 撤銷用戶權限

創建角色

mysql> create role boss; Query OK, 0 rows affected (0.01 sec)mysql> create role manager; Query OK, 0 rows affected (0.01 sec)

給角色賦予權限

manager角色擁有查詢sales表的權限

mysql> grant select on `study-test01`.sales to manager@'%'; Query OK, 0 rows affected (0.01 sec)mysql> show grants for manager; +---------------------------------------------------------+ | Grants for manager@% | +---------------------------------------------------------+ | GRANT USAGE ON *.* TO `manager`@`%` | | GRANT SELECT ON `study-test01`.`sales` TO `manager`@`%` | +---------------------------------------------------------+ 2 rows in set (0.00 sec)

usage 表示連接并登錄數據庫的權限，這個是MySQL默認的權限。只要是root創建的用戶和角色都有。

刪除權限

mysql> drop role tmp_role@'localhost'; Query OK, 0 rows affected (0.01 sec)

給用戶賦予角色

mysql> create user sam; Query OK, 0 rows affected (0.01 sec)mysql> select user, host, grant_priv from mysql.user; +------------------+-----------+------------+ | user | host | grant_priv | +------------------+-----------+------------+ | boss | % | N | | manager | % | N | | sam | % | N | | mysql.infoschema | localhost | N | | mysql.session | localhost | N | | mysql.sys | localhost | N | | root | localhost | Y | +------------------+-----------+------------+ 7 rows in set (0.00 sec)mysql> show grants for sam; +---------------------------------+ | Grants for sam@% | +---------------------------------+ | GRANT USAGE ON *.* TO `sam`@`%` | +---------------------------------+ 1 row in set (0.00 sec)mysql> grant manager to sam@'%'; Query OK, 0 rows affected (0.00 sec)mysql> show grants for sam; +----------------------------------+ | Grants for sam@% | +----------------------------------+ | GRANT USAGE ON *.* TO `sam`@`%` | | GRANT `manager`@`%` TO `sam`@`%` | +----------------------------------+ 2 rows in set (0.00 sec)mysql> alter user sam identified by '123'; Query OK, 0 rows affected (0.01 sec)

給用戶賦予了角色，還需要手動激活角色。用戶才能擁有角色對應的權限。

激活角色

手動激活用戶的角色

mysql> SET DEFAULT ROLE ALL TO sam@'%'; Query OK, 0 rows affected (0.01 sec)

永久激活

mysql> show variables like 'activate_all_roles_on_login'; +-----------------------------+-------+ | Variable_name | Value | +-----------------------------+-------+ | activate_all_roles_on_login | OFF | +-----------------------------+-------+ 1 row in set (0.00 sec)SET GLOBAL activate_all_roles_on_login=ON;

這樣給用戶賦予角色了，就有了對應的權限了。

使用用戶sam操作數據庫。

mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | study-test01 | +--------------------+ 2 rows in set (0.01 sec)mysql> use `study-test01`; Database changed mysql> show tables; +------------------------+ | Tables_in_study-test01 | +------------------------+ | sales | +------------------------+ 1 row in set (0.00 sec)mysql> select * from sales; +----+-----------+--------------+-------------+ | id | city | county | sales_value | +----+-----------+--------------+-------------+ | 1 | 北京市 | 朝陽區 | 10 | | 2 | 北京市 | 海定區 | 20 | | 3 | 上海市 | 浦東新區 | 30 | | 4 | 上海市 | 徐匯區 | 40 | +----+-----------+--------------+-------------+ 4 rows in set (0.00 sec)mysql> delete from sales where id = 1; ERROR 1142 (42000): DELETE command denied to user 'sam'@'localhost' for table 'sales' mysql> update sales set city = 'hh' where id = 1; ERROR 1142 (42000): UPDATE command denied to user 'sam'@'localhost' for table 'sales' mysql> insert into sales values (1, 'a', 'b', 99); ERROR 1142 (42000): INSERT command denied to user 'sam'@'localhost' for table 'sales'

可以看到sam只有查詢sales表的權限。

撤銷用戶權限

REVOKE boss FROM user;

總結

以上是生活随笔為你收集整理的MySQL8权限，角色的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。