我想授予用户select,insert,update,delete对prod数据库中几个表的权限。但是,我发现将每个授权语句写出每个表很耗时。是否可以使用通配符?
有 300 个表,用户只需要访问其中的 18 个。用户需要访问的表以“vs_”为前缀。
我可以做grant select,insert,update,delete on prod.vs_\*吗?我知道prod.\*是可能的,但不确定表的前缀。
不,表名的通配符只能是*,并且不允许其他字符或模式。
您可以生成所需的 18 条 GRANT 语句:
SELECT CONCAT('GRANT SELECT,INSERT,UPDATE,DELETE ON prod.`', TABLE_NAME, '` TO ...;')
FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_SCHEMA = 'prod' AND TABLE_NAME LIKE 'vs\_%';
捕获该查询的输出,然后将其作为一系列语句运行。
您可能需要使用 INFORMATION_SCHEMA 来帮助您对所有 vs 表进行 GRANTS。
我将为edwards每个家庭成员创建一个包含 3 个表的数据库
DROP DATABASE IF EXISTS edwards;
CREATE DATABASE edwards;
USE edwards
CREATE TABLE rolando_tb1
(id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, num INT NOT NULL) ENGINE=MyISAM;
CREATE TABLE rolando_tb2 LIKE rolando_tb1;
CREATE TABLE rolando_tb3 LIKE rolando_tb1;
CREATE TABLE pamela_tb1 LIKE rolando_tb1;
CREATE TABLE pamela_tb2 LIKE rolando_tb1;
CREATE TABLE pamela_tb3 LIKE rolando_tb1;
CREATE TABLE dominique_tb1 LIKE rolando_tb1;
CREATE TABLE dominique_tb2 LIKE rolando_tb1;
CREATE TABLE dominique_tb3 LIKE rolando_tb1;
CREATE TABLE diamond_tb1 LIKE rolando_tb1;
CREATE TABLE diamond_tb2 LIKE rolando_tb1;
CREATE TABLE diamond_tb3 LIKE rolando_tb1;
SHOW TABLES;
下面是执行的命令
mysql> DROP DATABASE IF EXISTS edwards;
Query OK, 12 rows affected (0.08 sec)
mysql> CREATE DATABASE edwards;
Query OK, 1 row affected (0.00 sec)
mysql> USE edwards
Database changed
mysql> CREATE TABLE rolando_tb1
-> (id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, num INT NOT NULL) ENGINE=MyISAM;
Query OK, 0 rows affected (0.04 sec)
mysql> CREATE TABLE rolando_tb2 LIKE rolando_tb1;
Query OK, 0 rows affected (0.06 sec)
mysql> CREATE TABLE rolando_tb3 LIKE rolando_tb1;
Query OK, 0 rows affected (0.06 sec)
mysql> CREATE TABLE pamela_tb1 LIKE rolando_tb1;
Query OK, 0 rows affected (0.04 sec)
mysql> CREATE TABLE pamela_tb2 LIKE rolando_tb1;
Query OK, 0 rows affected (0.04 sec)
mysql> CREATE TABLE pamela_tb3 LIKE rolando_tb1;
Query OK, 0 rows affected (0.05 sec)
mysql> CREATE TABLE dominique_tb1 LIKE rolando_tb1;
Query OK, 0 rows affected (0.05 sec)
mysql> CREATE TABLE dominique_tb2 LIKE rolando_tb1;
Query OK, 0 rows affected (0.04 sec)
mysql> CREATE TABLE dominique_tb3 LIKE rolando_tb1;
Query OK, 0 rows affected (0.06 sec)
mysql> CREATE TABLE diamond_tb1 LIKE rolando_tb1;
Query OK, 0 rows affected (0.05 sec)
mysql> CREATE TABLE diamond_tb2 LIKE rolando_tb1;
Query OK, 0 rows affected (0.06 sec)
mysql> CREATE TABLE diamond_tb3 LIKE rolando_tb1;
Query OK, 0 rows affected (0.04 sec)
mysql> SHOW TABLES;
+-------------------+
| Tables_in_edwards |
+-------------------+
| diamond_tb1 |
| diamond_tb2 |
| diamond_tb3 |
| dominique_tb1 |
| dominique_tb2 |
| dominique_tb3 |
| pamela_tb1 |
| pamela_tb2 |
| pamela_tb3 |
| rolando_tb1 |
| rolando_tb2 |
| rolando_tb3 |
+-------------------+
12 rows in set (0.00 sec)
mysql>
让我们创建一个使用pam@localhost密码调用的用途pam
mysql> GRANT USAGE ON *.* TO pam@localhost IDENTIFIED BY 'pam';
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW GRANTS FOR pam@localhost;
+------------------------------------------------------------------------------------------------------------+
| Grants for pam@localhost |
+------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'pam'@'localhost' IDENTIFIED BY PASSWORD '*F925CA006C127B610C43AB06E16F92EF8712F90B' |
+------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql>
使用 INFORMATION_SCHEMA(@BillKarwin 因更快和更简洁而获得 +1),让我们为以 pamela_
使用这个查询
SELECT CONCAT('GRANT SELECT,INSERT ON ',db,'.',tb,' TO pam@localhost;') grant_command
FROM (SELECT table_schema db,table_name tb FROM information_schema.tables
WHERE table_schema='edwards' AND table_name LIKE 'pamela\_%') A;
这是输出
mysql> SELECT CONCAT('GRANT SELECT,INSERT ON ',db,'.',tb,' TO pam@localhost;') grant_command
-> FROM (SELECT table_schema db,table_name tb FROM information_schema.tables
-> WHERE table_schema='edwards' AND table_name LIKE 'pamela\_%') A;
+-------------------------------------------------------------+
| grant_command |
+-------------------------------------------------------------+
| GRANT SELECT,INSERT ON edwards.pamela_tb1 TO pam@localhost; |
| GRANT SELECT,INSERT ON edwards.pamela_tb2 TO pam@localhost; |
| GRANT SELECT,INSERT ON edwards.pamela_tb3 TO pam@localhost; |
+-------------------------------------------------------------+
3 rows in set (0.00 sec)
mysql>
我会复制并粘贴它们。然后我将展示赠款
mysql> GRANT SELECT,INSERT ON edwards.pamela_tb1 TO pam@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT SELECT,INSERT ON edwards.pamela_tb2 TO pam@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT SELECT,INSERT ON edwards.pamela_tb3 TO pam@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW GRANTS FOR pam@localhost;
+------------------------------------------------------------------------------------------------------------+
| Grants for pam@localhost |
+------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'pam'@'localhost' IDENTIFIED BY PASSWORD '*F925CA006C127B610C43AB06E16F92EF8712F90B' |
| GRANT SELECT, INSERT ON `edwards`.`pamela_tb1` TO 'pam'@'localhost' |
| GRANT SELECT, INSERT ON `edwards`.`pamela_tb3` TO 'pam'@'localhost' |
| GRANT SELECT, INSERT ON `edwards`.`pamela_tb2` TO 'pam'@'localhost' |
+------------------------------------------------------------------------------------------------------------+
4 rows in set (0.00 sec)
mysql>
C:\windows\system32>mysql -upam -ppam
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.6.15 MySQL Community Server (GPL)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show grants;
+------------------------------------------------------------------------------------------------------------+
| Grants for pam@localhost |
+------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'pam'@'localhost' IDENTIFIED BY PASSWORD '*F925CA006C127B610C43AB06E16F92EF8712F90B' |
| GRANT SELECT, INSERT ON `edwards`.`pamela_tb1` TO 'pam'@'localhost' |
| GRANT SELECT, INSERT ON `edwards`.`pamela_tb3` TO 'pam'@'localhost' |
| GRANT SELECT, INSERT ON `edwards`.`pamela_tb2` TO 'pam'@'localhost' |
+------------------------------------------------------------------------------------------------------------+
4 rows in set (0.00 sec)
mysql> use edwards
Database changed
mysql> select * from pamela_tb2;
Empty set (0.01 sec)
mysql> select * from rolando_tb1;
ERROR 1142 (42000): SELECT command denied to user 'pam'@'localhost' for table 'rolando_tb1'
mysql> select * from pamela_tb3;
Empty set (0.01 sec)
mysql> insert into pamela_db1 (num) values (11),(22),(33);
ERROR 1142 (42000): INSERT command denied to user 'pam'@'localhost' for table 'pamela_db1'
mysql> insert into pamela_tb1 (num) values (11),(22),(33);
Query OK, 3 rows affected (0.01 sec)
Records: 3 Duplicates: 0 Warnings: 0
mysql> insert into rolando_tb1 (num) values (11),(22),(33);
ERROR 1142 (42000): INSERT command denied to user 'pam'@'localhost' for table 'rolando_tb1'
mysql> select * from pamela_tb1;
+----+-----+
| id | num |
+----+-----+
| 1 | 11 |
| 2 | 22 |
| 3 | 33 |
+----+-----+
3 rows in set (0.00 sec)
mysql> delete from pamela_tb1 where id = 2;
ERROR 1142 (42000): DELETE command denied to user 'pam'@'localhost' for table 'pamela_tb1'
mysql>
看起来它适用于具有 SELECT 和 INSERT 的 pam
就您而言,@BillKarwin 已经在他的回答中说明了该怎么做。
如果您喜欢我的回答,请接受比尔的回答,因为这里在我之前提出了这个概念。
| 归档时间: |
|
| 查看次数: |
4678 次 |
| 最近记录: |