如何确保“anil”无法从任何名为“%desk%”的计算机运行命令?
mysql> show grants for anil;
+------------------------------------------------------------------------------------+
| Grants for anil@% |
+------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'anil'@'%' |
| GRANT SELECT, CREATE TEMPORARY TABLES, LOCK TABLES ON `production`.* TO 'anil'@'%' |
+------------------------------------------------------------------------------------+
mysql> revoke all privileges, grant option from 'anil'@'%desk%';
ERROR 1269 (HY000): Can't revoke all privileges for one or more of the requested users
mysql> revoke usage on *.* from 'anil'@'%desk%';
ERROR 1141 (42000): There is no such grant defined for user 'anil' on host '%desk%'
mysql> revoke SELECT, CREATE TEMPORARY TABLES, LOCK TABLES ON `production`.* from 'anil'@'%desk%';
ERROR 1141 (42000): There is no such grant defined for user 'anil' on host '%desk%'
最佳答案
MySQL 只允许您授予权限,它没有能力授予除特定主机之外的所有权限,或者以这种方式根据主机名拒绝权限你正在尝试。实现此目的的唯一方法是仅向用户授予可接受主机名的权限。 REVOKE
命令仅删除之前GRANT
授予的权限。
如果您的网络恰好分为子域 [即:*.desk.company.tld 和 *.serv.company.tld],您应该能够向 'anil'@'%.serv 授予权限.company.tld'
或类似的子网:'anil'@'192.168.1.%'
。
关于mysql - 如何限制来自特定主机的查询,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/14324979/