2022-08-18 学习笔记 day41-sql语言-DCL

DCL—数据控制语言

1. DCL命令

1.1 grant

  使用grant命令，要求授权用户必须拥有grant权限，那么什么是用户权限？如何查询权限？

用户权限

查看用户权限

下面我们以root@localhost这个用户为例

1. 查看用户权限语句(查看grant语句)

   mysql> SHOW GRANTS FOR 'root'@'localhost';
   +---------------------------------------------------------------------+
   | Grants for root@localhost                                           |
   +---------------------------------------------------------------------+
   | GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' WITH GRANT OPTION |
   | GRANT PROXY ON ''@'' TO 'root'@'localhost' WITH GRANT OPTION        |
   +---------------------------------------------------------------------+
   2 rows in set (0.00 sec)
   1
   2
   3
   4
   5
   6
   7
   8

2. 查看所有权限(查看用户权限表)

   mysql> SELECT * FROM mysql.USER WHERE user='root' AND host='localhost'\G;
   *************************** 1. row ***************************
                     Host: localhost
                     User: root
              Select_priv: Y
              Insert_priv: Y
              Update_priv: Y
              Delete_priv: Y
              Create_priv: Y
                Drop_priv: Y
              Reload_priv: Y
            Shutdown_priv: Y
             Process_priv: Y
                File_priv: Y
               Grant_priv: Y
          References_priv: Y
               Index_priv: Y
               Alter_priv: Y
             Show_db_priv: Y
               Super_priv: Y
    Create_tmp_table_priv: Y
         Lock_tables_priv: Y
             Execute_priv: Y
          Repl_slave_priv: Y
         Repl_client_priv: Y
         Create_view_priv: Y
           Show_view_priv: Y
      Create_routine_priv: Y
       Alter_routine_priv: Y
         Create_user_priv: Y
               Event_priv: Y
             Trigger_priv: Y
   Create_tablespace_priv: Y
                 ssl_type:
               ssl_cipher:
              x509_issuer:
             x509_subject:
            max_questions: 0
              max_updates: 0
          max_connections: 0
     max_user_connections: 0
                   plugin: mysql_native_password
    authentication_string: *515CAC99449179CD4EBCFA7A51E0F4749B7A5102
         password_expired: N
    password_last_changed: 2022-08-15 18:15:00
        password_lifetime: NULL
           account_locked: N
   1 row in set (0.00 sec)
   1
   2
   3
   4
   5
   6
   7
   8
   9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48

使用grant命令给用户授予权限

1. 创建用户并给用户授权

mysql> -- 查看Mysql中所有的用户
mysql> SELECT user,host FROM mysql.user;
+---------------+-----------+
| user          | host      |
+---------------+-----------+
| mysql.session | localhost |
| mysql.sys     | localhost |
| root          | localhost |
+---------------+-----------+
3 rows in set (0.00 sec)

mysql>
mysql> -- 创建用户'user1'@'localhost'并给用户授权
mysql> -- 其中Grant后面跟的是权限内容(这里的"SELECT,INSERT"是指查询权限和插入权限)
mysql> -- 其中ON后面跟的是权限范围(这里的"*.*"是指作用于所有的数据库下的所有表，*是通配符)
mysql> -- 其中TO后面跟的是被授权的用户
mysql> -- 其中identified by 后面跟的是密码，这个密码是通过mysql的内置函数password()加密的，并保存在mysql.user的authentication_string中
mysql> GRANT SELECT,INSERT ON *.* TO 'user1'@'localhost' identified BY '123';
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> -- 查看密码'123'是否是通过password()函数加密
mysql> SELECT password('123') = (SELECT authentication_string FROM mysql.user WHERE user='user1' AND host='localhost') `密码'123' 是否通过password()加密`;
+-----------------------------------------+
| 密码'123'是否通过password()加密         |
+-----------------------------------------+
|                                       1 |
+-----------------------------------------+
1 row in set, 1 warning (0.00 sec)

mysql> -- 再次查看Mysql中所有用户,可以看到'user1'@'localhost'用户已被创建
mysql> SELECT user,host FROM mysql.user;
+---------------+-----------+
| user          | host      |
+---------------+-----------+
| mysql.session | localhost |
| mysql.sys     | localhost |
| root          | localhost |
| user1         | localhost |
+---------------+-----------+
4 rows in set (0.00 sec)

mysql> -- 查看用户'user1'@'localhost'的权限,可以看到该用户以被授予SELECT和INSERT权限
mysql> SELECT * FROM mysql.USER WHERE user='user1' AND host='localhost'\G;
*************************** 1. row ***************************
                  Host: localhost
                  User: user1
           Select_priv: Y
           Insert_priv: Y
           Update_priv: N
           Delete_priv: N
           Create_priv: N
             Drop_priv: N
           Reload_priv: N
         Shutdown_priv: N
          Process_priv: N
             File_priv: N
            Grant_priv: N
       References_priv: N
            Index_priv: N
            Alter_priv: N
          Show_db_priv: N
            Super_priv: N
 Create_tmp_table_priv: N
      Lock_tables_priv: N
          Execute_priv: N
       Repl_slave_priv: N
      Repl_client_priv: N
      Create_view_priv: N
        Show_view_priv: N
   Create_routine_priv: N
    Alter_routine_priv: N
      Create_user_priv: N
            Event_priv: N
          Trigger_priv: N
Create_tablespace_priv: N
              ssl_type:
            ssl_cipher:
           x509_issuer:
          x509_subject:
         max_questions: 0
           max_updates: 0
       max_connections: 0
  max_user_connections: 0
                plugin: mysql_native_password
 authentication_string: *23AE809DDACAF96AF0FD78ED04B6A265E05AA257
      password_expired: N
 password_last_changed: 2022-08-18 12:26:21
     password_lifetime: NULL
        account_locked: N
1 row in set (0.00 sec)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

2. 给已经存在的用户授权
   通过上一步我们已经将user1@localhost这个用户创建出来了，我们继续对这个用户进行授权

mysql> -- 给已经存在的用户'user1'@'localhost'授权,(grant命令采用追加的方式为用户授权，并不会覆盖用户原有的权限)
mysql> -- 其中"ALL privileges"代表所有权限，其中的privileges是可以省略的
mysql> GRANT ALL privileges ON *.* TO 'user1'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql> -- 重新查看权限表
mysql> SELECT * FROM mysql.USER WHERE user='user1' AND host='localhost'\G;
*************************** 1. row ***************************
                  Host: localhost
                  User: user1
           Select_priv: Y
           Insert_priv: Y
           Update_priv: Y
           Delete_priv: Y
           Create_priv: Y
             Drop_priv: Y
           Reload_priv: Y
         Shutdown_priv: Y
          Process_priv: Y
             File_priv: Y
            Grant_priv: N
       References_priv: Y
            Index_priv: Y
            Alter_priv: Y
          Show_db_priv: Y
            Super_priv: Y
 Create_tmp_table_priv: Y
      Lock_tables_priv: Y
          Execute_priv: Y
       Repl_slave_priv: Y
      Repl_client_priv: Y
      Create_view_priv: Y
        Show_view_priv: Y
   Create_routine_priv: Y
    Alter_routine_priv: Y
      Create_user_priv: Y
            Event_priv: Y
          Trigger_priv: Y
Create_tablespace_priv: Y
              ssl_type:
            ssl_cipher:
           x509_issuer:
          x509_subject:
         max_questions: 0
           max_updates: 0
       max_connections: 0
  max_user_connections: 0
                plugin: mysql_native_password
 authentication_string: *23AE809DDACAF96AF0FD78ED04B6A265E05AA257
      password_expired: N
 password_last_changed: 2022-08-18 12:26:21
     password_lifetime: NULL
        account_locked: N
1 row in set (0.00 sec)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

1.2 revoke

使用revoke命令给用户撤销权限

我们以1.1中创建的user1@localhost为例

mysql> -- 先查看用户'user1'@'localhost'的权限
mysql> SHOW GRANTS FOR 'user1'@'localhost';
+----------------------------------------------------+
| Grants for user1@localhost                         |
+----------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'user1'@'localhost' |
+----------------------------------------------------+
1 row in set (0.00 sec)

mysql>
mysql> -- 通过查看grant语句，可以看出用户'user1'@'localhost'拥有所有权限
mysql> -- 我们撤销用户'user1'@'localhost'(在所有数据库下的表的)DROP权限
mysql> REVOKE DROP ON *.* FROM 'user1'@'localhost';
Query OK, 0 rows affected (0.00 sec)

mysql>
mysql> -- 我们再次查看用户'user1'@'localhost'的权限，可以看出用户的DROP权限被撤销了
mysql> SELECT * FROM mysql.USER WHERE user='user1' AND host='localhost'\G;
*************************** 1. row ***************************
                  Host: localhost
                  User: user1
           Select_priv: Y
           Insert_priv: Y
           Update_priv: Y
           Delete_priv: Y
           Create_priv: Y
             Drop_priv: N
           Reload_priv: Y
         Shutdown_priv: Y
          Process_priv: Y
             File_priv: Y
            Grant_priv: N
       References_priv: Y
            Index_priv: Y
            Alter_priv: Y
          Show_db_priv: Y
            Super_priv: Y
 Create_tmp_table_priv: Y
      Lock_tables_priv: Y
          Execute_priv: Y
       Repl_slave_priv: Y
      Repl_client_priv: Y
      Create_view_priv: Y
        Show_view_priv: Y
   Create_routine_priv: Y
    Alter_routine_priv: Y
      Create_user_priv: Y
            Event_priv: Y
          Trigger_priv: Y
Create_tablespace_priv: Y
              ssl_type:
            ssl_cipher:
           x509_issuer:
          x509_subject:
         max_questions: 0
           max_updates: 0
       max_connections: 0
  max_user_connections: 0
                plugin: mysql_native_password
 authentication_string: *23AE809DDACAF96AF0FD78ED04B6A265E05AA257
      password_expired: N
 password_last_changed: 2022-08-18 12:42:26
     password_lifetime: NULL
        account_locked: N
1 row in set (0.00 sec)```
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65