你的位置:首页 > 数据库

[数据库]MySQL的数据控制语言DCL


我们使用DDL的"CREATE USER"语句创建用户,新的SQL用户不允许访问属于其他SQL用户的表,也不能立即创建自己的表,它必须被授权。可以授予的权限包括以下几组:

1.列权限:和表中的一个具体列相关

2.表权限:和一个具体数据表中所有数据相关

3.数据库权限:和一个具体数据库中所有数据表相关

4.用户权限:和MySQL所有的数据库相关

可以使用SHOW GRANTS命令查看当前用户的权限。

SHOW GRANTS;/显示当前用户权限SHOW GRANTS FOR 'pinnsvin'@'localhost';/显示指定用户权限SHOW GRANTS FOR CURRENT_USER();/显示当前用户权限

1.GRANT授权语句

语法:

GRANT  priv_type [(column_list)]   [, priv_type [(column_list)]] ...  ON [object_type] priv_level  TO user_specification [, user_specification] ...  [REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]  [WITH {GRANT OPTION | resource_option} ...]/代理GRANT PROXY ON user_specification  TO user_specification [, user_specification] ...  [WITH GRANT OPTION]/联级授权,选了此项,该用户有权将自己的权限授予自己创建的子用户/授权目标对象类型object_type: {  TABLE | FUNCTION | PROCEDURE}/授权目标priv_level: {  * | *.* | db_name.* | db_name.tbl_name | tbl_name | db_name.routine_name}/授权用户user_specification:  user [ auth_option ]auth_option: {  IDENTIFIED BY 'auth_string'  | IDENTIFIED BY PASSWORD 'hash_string' | IDENTIFIED WITH auth_plugin | IDENTIFIED WITH auth_plugin AS 'hash_string'}/SSL设置ssl_option: {  SSL | X509 | CIPHER 'cipher' | ISSUER 'issuer' | SUBJECT 'subject'}resource_option: { | MAX_QUERIES_PER_HOUR count /允许用户每小时执行的查询语句数量 | MAX_UPDATES_PER_HOUR count /允许用户每小时执行更新语句数量 | MAX_CONNECTIONS_PER_HOUR count /允许用户每小时连接的次数 | MAX_USER_CONNECTIONS count /允许用户同时连接服务器的数量}

实例:

/先要创建一个用户,创建了一个名为jeffrey,登录主机为localhost,密码为mypass的用户CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';/授予了用户jeffrey@localhost对数据库db1下所有数据表所有操作权限GRANT ALL ON db1.* TO 'jeffrey'@'localhost';/授予了用户'jeffrey'@'localhost'对数据库db2下invoice数据表的查询权限GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';/USAGE意指无权限,用户jeffrey@localhost 在一个小时内只有90次查询权限GRANT USAGE ON *.* TO 'jeffrey'@'localhost' WITH MAX_QUERIES_PER_HOUR 90;

2.REVOKE撤销授权语句

语法:

REVOKE  priv_type [(column_list)]   [, priv_type [(column_list)]] ...  ON [object_type] priv_level  FROM user [, user] ...REVOKE ALL PRIVILEGES, GRANT OPTION  FROM user [, user] .../授权代理REVOKE PROXY ON user  FROM user [, user] ...

实例:
/撤回了用户jeffrey@localhost对数据库db1下所有数据表所有操作权限REVOKE ALL ON db1.* FROM 'jeffrey'@'localhost';/撤回了用户'jeffrey'@'localhost'对数据库db2下invoice数据表的查询权限REVOKE SELECT ON db2.invoice FROM 'jeffrey'@'localhost';