我创建了一个过程,该过程将准备一个语句来向具有密码的用户授予权限。我创建此过程是为了避免向管理员用户授予显式 GRANT 权限,而是让他们使用完全符合我期望他们执行的操作的过程。
流程如下:
CREATE PROCEDURE grantPermission (perm VARCHAR(30), target VARCHAR(30), id VARCHAR(8), host VARCHAR(45), passwd VARCHAR(45))
BEGIN
SET @setPermissionCmd = CONCAT('GRANT ', perm, ' ON ', target, ' TO ''', id, '''@''', host, ''' IDENTIFIED BY ''', passwd, ''';');
PREPARE setPermissionStmt FROM @setPermissionCmd;
EXECUTE setPermissionStmt;
DEALLOCATE PREPARE setPermissionStmt;
FLUSH PRIVILEGES;
END
当我CALL
此过程时,收到错误代码 1142,我无权GRANT
。这里有两个问题。第一,我以 root
身份执行此操作,它应该拥有所有权限(我没有剥夺任何权限,而 root
是创建该过程的人)。第二,拥有执行该过程的权限应该意味着有权执行其中的任何操作。
最佳答案
我的测试:
$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.5.35-1ubuntu1 (Ubuntu)
Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use test;
Database changed
mysql> CREATE TABLE `tableTest`(`id` INT UNSIGNED);
Query OK, 0 rows affected (0.00 sec)
mysql> CREATE USER 'userTest'@'localhost' IDENTIFIED BY 'mypass';
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW GRANTS FOR 'userTest'@'localhost';
+-----------------------------------------------------------------------------------------------------------------+
| Grants for userTest@localhost |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'userTest'@'localhost' IDENTIFIED BY PASSWORD '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4' |
+-----------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> DELIMITER //
mysql> DROP PROCEDURE IF EXISTS `grantPermission`//
Query OK, 0 rows affected, 1 warning (0.00 sec)
mysql> CREATE PROCEDURE `grantPermission` (`perm` VARCHAR(30),
-> `target` VARCHAR(30),
-> `id` VARCHAR(8),
-> `host` VARCHAR(45),
-> `passwd` VARCHAR(45))
-> BEGIN
-> SET @`setPermissionCmd` = CONCAT(
-> 'GRANT ', `perm`, ' ON `', `target`, '`
> TO ''', `id`, '''@''', `host`, '''
> IDENTIFIED BY ''', `passwd`, ''';');
-> PREPARE `setPermissionStmt` FROM @`setPermissionCmd`;
-> EXECUTE `setPermissionStmt`;
-> DEALLOCATE PREPARE `setPermissionStmt`;
-> FLUSH PRIVILEGES;
-> END//
Query OK, 0 rows affected (0.00 sec)
mysql> DELIMITER ;
mysql> CALL `grantPermission`('SELECT', 'tableTest', 'userTest', 'localhost', 'mypass');
Query OK, 0 rows affected (0.00 sec)
mysql> SHOW GRANTS FOR 'userTest'@'localhost';
+-----------------------------------------------------------------------------------------------------------------+
| Grants for userTest@localhost |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'userTest'@'localhost' IDENTIFIED BY PASSWORD '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4' |
| GRANT SELECT ON `test`.`tableTest` TO 'userTest'@'localhost' |
+-----------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
关于mysql - 允许在程序中授予权限吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/29077402/