The Ultimate Guide to High Availability with MariaDB

GRANT

You are viewing an old version of this article. View the current version here.

Contents

  1. 语法
  2. 描述
    1. 账户名称
    2. 隐式账户创建

语法

GRANT
    priv_type [(column_list)]
      [, priv_type [(column_list)]] ...
    ON [object_type] priv_level
    TO user_specification [ user_options ...]

user_specification:
  username [authentication_option]
  | PUBLIC
authentication_option:
  IDENTIFIED BY 'password' 
  | IDENTIFIED BY PASSWORD 'password_hash'
  | IDENTIFIED {VIA|WITH} authentication_rule [OR authentication_rule  ...]

authentication_rule:
    authentication_plugin
  | authentication_plugin {USING|AS} 'authentication_string'
  | authentication_plugin {USING|AS} PASSWORD('password')

GRANT PROXY ON username
    TO user_specification [, user_specification ...]
    [WITH GRANT OPTION]

GRANT rolename TO grantee [, grantee ...]
    [WITH ADMIN OPTION]

grantee:
    rolename
    username [authentication_option]

user_options:
    [REQUIRE {NONE | tls_option [[AND] tls_option] ...}]
    [WITH with_option [with_option] ...]

object_type:
    TABLE
  | FUNCTION
  | PROCEDURE
  | PACKAGE

priv_level:
    *
  | *.*
  | db_name.*
  | db_name.tbl_name
  | tbl_name
  | db_name.routine_name

with_option:
    GRANT OPTION
  | resource_option

resource_option:
  MAX_QUERIES_PER_HOUR count
  | MAX_UPDATES_PER_HOUR count
  | MAX_CONNECTIONS_PER_HOUR count
  | MAX_USER_CONNECTIONS count
  | MAX_STATEMENT_TIME time

tls_option:
  SSL 
  | X509
  | CIPHER 'cipher'
  | ISSUER 'issuer'
  | SUBJECT 'subject'

描述

GRANT 语句允许您授予账户特权或角色。要使用GRANT,您必须拥有GRANT OPTION特权,并且您必须拥有您正在授予的特权。

使用REVOKE语句撤销使用GRANT语句授予的特权。

使用SHOW GRANTS语句确定账户拥有哪些特权。

账户名称

对于GRANT语句,账户名称是指与CREATE USER语句相同的方式中的username参数。有关指定账户名称的详细信息,请参阅CREATE USER页面上的账户名称

隐式账户创建

GRANT语句还允许您在某些情况下隐式创建账户。

如果该账户尚不存在,则GRANT可以隐式创建它。要使用GRANT隐式创建账户,需要用户具有与使用CREATE USER语句显式创建账户所需的相同特权。

如果设置了NO_AUTO_CREATE_USERSQL_MODE,则只有在指定了身份验证信息或使用CREATE USER语句时才能创建账户。如果未提供身份验证信息,则当指定的账户不存在时,GRANT将产生错误,例如:

show variables like '%sql_mode%' ;
+---------------+--------------------------------------------+
| Variable_name | Value                                      |
+---------------+--------------------------------------------+
| sql_mode      | NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION |
+---------------+--------------------------------------------+

GRANT USAGE ON *.* TO 'user123'@'%' IDENTIFIED BY '';
ERROR 1133 (28000): Can't find any matching row in the user table

GRANT USAGE ON *.* TO 'user123'@'%' 
  IDENTIFIED VIA PAM using 'mariadb' require ssl ;
Query OK, 0 rows affected (0.00 sec)
 
select host, user from mysql.user where user='user123' ;

+------+----------+
| host | user     |
+------+----------+
| %    | user123 |
+------+----------+

Comments

Comments loading...
Content reproduced on this site is the property of its respective owners, and this content is not reviewed in advance by MariaDB. The views, information and opinions expressed by this content do not necessarily represent those of MariaDB or any other party.