一般都知道MySQL創建用戶和賦權限是用
- GRANT ... ON *.* TO 'myname'@'%.mydomain.com' IDENTIFIED BY 'mypass';
- GRANT ... ON mydatabase.* TO 'myname'@'%.mydomain.com' IDENTIFIED BY 'mypass';
撤銷權限是用
- REVOKE ... FROM 'myname';
今天遇到一個情況,數據庫games,只允許用戶myname對players表的id和name這兩個字段有SELECT權限,在查閱了MySQL的參考手冊後,發現GRANT和REVOKE命令是可以針對不同字段來設置權限的,完整的命令應該是:
- GRANT priv_type [(column_list)] [, priv_type [(column_list)]] ...
- ON [object_type] {tbl_name | * | *.* | db_name.*}
- TO user [IDENTIFIED BY [PASSWORD] 'password']
- [, user [IDENTIFIED BY [PASSWORD] 'password']] ...
- [REQUIRE
- NONE |
- [{SSL| X509}]
- [CIPHER 'cipher' [AND]]
- [ISSUER 'issuer' [AND]]
- [SUBJECT 'subject']]
- [WITH with_option [with_option] ...]
- object_type =
- TABLE
- | FUNCTION
- | PROCEDURE
- with_option =
- GRANT OPTION
- | MAX_QUERIES_PER_HOUR count
- | MAX_UPDATES_PER_HOUR count
- | MAX_CONNECTIONS_PER_HOUR count
- | MAX_USER_CONNECTIONS count
- REVOKE priv_type [(column_list)] [, priv_type [(column_list)]] ...
- ON [object_type] {tbl_name | * | *.* | db_name.*}
- FROM user [, user] ...
- REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] ...
我的情況賦權限應該是:
- GRANT SELECT (id, name) ON games.players TO 'myname'@'%.mydomain.com';
- FLUSH PRIVILEGES;
參考文檔:
http://dev.mysql.com/doc/refman/5.1/zh/sql-syntax.html#drop-user