我正在运行一些测试,试图看看是否可以创建一个用户,该用户只能访问数据库中的1或2个表.有人知道这是怎么做到的吗?我下面的代码失败了:
GRANT SELECT ON testdb.fruits, testdb.sports TO joe@localhost IDENTIFIED BY 'pass';
错误表明我的语法有错误.
我正在运行一些测试,试图看看是否可以创建一个用户,该用户只能访问数据库中的1或2个表.有人知道这是怎么做到的吗?我下面的代码失败了:
GRANT SELECT ON testdb.fruits, testdb.sports TO joe@localhost IDENTIFIED BY 'pass';
错误表明我的语法有错误.
将它们作为两个单独的GRANT条语句运行:
GRANT SELECT ON testdb.fruits TO joe@localhost IDENTIFIED BY 'pass';
GRANT SELECT ON testdb.sports TO joe@localhost IDENTIFIED BY 'pass';
The MySQL GRANT syntax只允许一个对象位于priv_level位置:,但它可以使用*作为通配符:
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
[WITH with_option ...]
object_type:
TABLE
| FUNCTION
| PROCEDURE
priv_level:
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
| db_name.routine_name
The part below does not appear to work on MySQL 5.5.How to "subtract" privileges in MySQL个地址说明了原因.
To grant SELECT on all tables then selectively revoke, you could do:
GRANT SELECT ON testdb.* TO joe@localhost IDENTIFIED BY 'pass';
REVOKE ALL PRIVILEGES ON testdb.tblname FROM joe@localhost;
不过,这似乎是一种奇怪的方法,我认为我会单独授予,而不是单独撤销.