角色
- 创建角色
- 给角色赋予权限
- 删除权限
- 给用户赋予角色
- 激活角色
- 撤销用户权限
创建角色
mysql> create role boss;
Query OK, 0 rows affected (0.01 sec)mysql> create role manager;
Query OK, 0 rows affected (0.01 sec)
给角色赋予权限
manager角色拥有查询sales表的权限
mysql> grant select on `study-test01`.sales to manager@'%';
Query OK, 0 rows affected (0.01 sec)mysql> show grants for manager;
+---------------------------------------------------------+
| Grants for manager@% |
+---------------------------------------------------------+
| GRANT USAGE ON *.* TO `manager`@`%` |
| GRANT SELECT ON `study-test01`.`sales` TO `manager`@`%` |
+---------------------------------------------------------+
2 rows in set (0.00 sec)usage 表示连接并登录数据库的权限,这个是MySQL默认的权限。只要是root创建的用户和角色都有。
删除权限
mysql> drop role tmp_role@'localhost';
Query OK, 0 rows affected (0.01 sec)给用户赋予角色
mysql> create user sam;
Query OK, 0 rows affected (0.01 sec)mysql> select user, host, grant_priv from mysql.user;
+------------------+-----------+------------+
| user | host | grant_priv |
+------------------+-----------+------------+
| boss | % | N |
| manager | % | N |
| sam | % | N |
| mysql.infoschema | localhost | N |
| mysql.session | localhost | N |
| mysql.sys | localhost | N |
| root | localhost | Y |
+------------------+-----------+------------+
7 rows in set (0.00 sec)mysql> show grants for sam;
+---------------------------------+
| Grants for sam@% |
+---------------------------------+
| GRANT USAGE ON *.* TO `sam`@`%` |
+---------------------------------+
1 row in set (0.00 sec)mysql> grant manager to sam@'%';
Query OK, 0 rows affected (0.00 sec)mysql> show grants for sam;
+----------------------------------+
| Grants for sam@% |
+----------------------------------+
| GRANT USAGE ON *.* TO `sam`@`%` |
| GRANT `manager`@`%` TO `sam`@`%` |
+----------------------------------+
2 rows in set (0.00 sec)mysql> alter user sam identified by '123';
Query OK, 0 rows affected (0.01 sec)给用户赋予了角色,还需要手动激活角色。用户才能拥有角色对应的权限。
激活角色
手动激活用户的角色
mysql> SET DEFAULT ROLE ALL TO sam@'%';
Query OK, 0 rows affected (0.01 sec)永久激活
mysql> show variables like 'activate_all_roles_on_login';
+-----------------------------+-------+
| Variable_name | Value |
+-----------------------------+-------+
| activate_all_roles_on_login | OFF |
+-----------------------------+-------+
1 row in set (0.00 sec)SET GLOBAL activate_all_roles_on_login=ON;这样给用户赋予角色了,就有了对应的权限了。
使用用户sam操作数据库。
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| study-test01 |
+--------------------+
2 rows in set (0.01 sec)mysql> use `study-test01`;
Database changed
mysql> show tables;
+------------------------+
| Tables_in_study-test01 |
+------------------------+
| sales |
+------------------------+
1 row in set (0.00 sec)mysql> select * from sales;
+----+-----------+--------------+-------------+
| id | city | county | sales_value |
+----+-----------+--------------+-------------+
| 1 | 北京市 | 朝阳区 | 10 |
| 2 | 北京市 | 海定区 | 20 |
| 3 | 上海市 | 浦东新区 | 30 |
| 4 | 上海市 | 徐汇区 | 40 |
+----+-----------+--------------+-------------+
4 rows in set (0.00 sec)mysql> delete from sales where id = 1;
ERROR 1142 (42000): DELETE command denied to user 'sam'@'localhost' for table 'sales'
mysql> update sales set city = 'hh' where id = 1;
ERROR 1142 (42000): UPDATE command denied to user 'sam'@'localhost' for table 'sales'
mysql> insert into sales values (1, 'a', 'b', 99);
ERROR 1142 (42000): INSERT command denied to user 'sam'@'localhost' for table 'sales'可以看到sam只有查询sales表的权限。
撤销用户权限
REVOKE boss FROM user;
:mongoose验证规则拿到错误信息)
:集合关联)
函数)
:用户的增删改查操作1)
:用户的增删改查操作2)
:用户的增删改查操作3增加)
:用户的增删改查操作4修改)