溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
這篇文章給大家介紹深入淺析MySQL8中的ROLE特性,內容非常詳細,感興趣的小伙伴們可以參考借鑒,希望對大家能有所幫助。
mysql-8.0.x所權限抽象了出來用ROLE來表示,當你為ROLE增加新的權限的時候,與這個ROLE關聯的所有用戶的權限也就一并變化了;針對上面提到的場景在mysql-8.0.x下只要一條SQL就解決了。
【機智的MySQL開發】
MySQL引進ROLE用了一個非常機智的做法,既然ROLE是一堆權限的象征,這東西在MySQL里面本來就有呀!它就是USER呀。
1): 創建角色
create role devgroup;
查看mysql.user表真會被MySQL的機智給嚇到
select user,host from mysql.user; +------------------+-----------+ | user | host | +------------------+-----------+ | devgroup | % | | backup | 127.0.0.1 | | mysql.sys | localhost | | root | localhost | +------------------+-----------+
說好的role事實上只是一個user呀!
2): 給角色賦權
grant all on tempdb.* to devgroup; Query OK, 0 rows affected (0.07 sec)
和操作用戶比起來是一樣一樣的!
3):創建用戶并把角色的權限賦給它
create user tom@'127.0.0.1' identified by '123456'; Query OK, 0 rows affected (0.09 sec) grant devgroup to tom@'127.0.0.1'; Query OK, 0 rows affected (0.09 sec)
4):測試剛創建的用戶是否可以登錄
mysql -h227.0.0.1 -P3306 -utom -p123456 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 16 Server version: 8.0.13 MySQL Community Server - GPL Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show grants; +-------------------------------------------+ | Grants for tom@127.0.0.1 | +-------------------------------------------+ | GRANT USAGE ON *.* TO `tom`@`127.0.0.1` | | GRANT `devgroup`@`%` TO `tom`@`127.0.0.1` | +-------------------------------------------+ 2 rows in set (0.00 sec)
【角色和用戶只是一個硬幣的兩面】
如果你還是覺得“角色”和“用戶”是兩個不一樣的東西、那我只能是出大招了
1): root@127.0.0.1 用戶當成角色賦給剛才的tom用戶
grant root@'127.0.0.1' to tom@'127.0.0.1'; Query OK, 0 rows affected (0.04 sec)
2):用戶tom用戶檢察一下自己的權限
show grants; +--------------------------------------------------------------+ | Grants for tom@127.0.0.1 | +--------------------------------------------------------------+ | GRANT USAGE ON *.* TO `tom`@`127.0.0.1` | | GRANT `devgroup`@`%`,`root`@`127.0.0.1` TO `tom`@`127.0.0.1` | +--------------------------------------------------------------+ 2 rows in set (0.00 sec)
可以看到root@127.0.0.1的權限已經被套上去了、既然都是root用戶的權限了我們來刪除一個tempdb庫看一下吧!
3): 刪庫
drop database tempdb; ERROR 1044 (42000): Access denied for user 'tom'@'127.0.0.1' to database 'tempdb'
看起來沒有權限刪除這個庫呀!事實上是MySQL-8默認并不會激活role,關于是否激活role是由activate_all_roles_on_login這個參數控制的
4): 開啟activate_all_roles_on_login
set @@global.activate_all_roles_on_login=1; Query OK, 0 rows affected (0.00 sec)
5): 重新登錄一次tom再試著刪除一下tempdb庫
mysql -h227.0.0.1 -P3306 -utom -p123456 mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 18 Server version: 8.0.13 MySQL Community Server - GPL Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> use tempdb; Database changed mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | | sys | | tempdb | +--------------------+ 5 rows in set (0.01 sec) mysql> drop database tempdb; Query OK, 0 rows affected (0.09 sec)
關于深入淺析MySQL8中的ROLE特性就分享到這里了,希望以上內容可以對大家有一定的幫助,可以學到更多知識。如果覺得文章不錯,可以把它分享出去讓更多的人看到。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
