[英]How to revoke MySQL user privileges for one table?
When I have granted privileges to a user for some specific tables:当我向用户授予某些特定表的权限时:
GRANT ALL PRIVILEGES ON table1.* TO 'user1'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON table2.* TO 'user1'@'localhost' IDENTIFIED BY 'password';
How do I revoke the privileges for this user, just for table1
?我如何撤销此用户的权限,仅适用于
table1
?
Google is your friend!谷歌是你的朋友! http://dev.mysql.com/doc/refman/5.7/en/revoke.html
http://dev.mysql.com/doc/refman/5.7/en/revoke.html
Syntax:句法:
REVOKE ALL PRIVILEGES ON table1.* FROM 'user1'@'localhost';
To further explain this answer - I'll teach how to fish (rather than just give you a fish).为了进一步解释这个答案——我会教你如何钓鱼(而不是只给你一条鱼)。
The MySQL documentation can look confusing at first - the "syntax" for REVOKE
looks like this: MySQL 文档乍一看可能令人困惑 -
REVOKE
的“语法” REVOKE
:
REVOKE
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
FROM user [, user] ...
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...
REVOKE PROXY ON user
FROM user [, user] ...
It means there are 3 "ways" of calling it:这意味着有 3 种“方式”来调用它:
REVOKE priv_type ...
REVOKE ALL PRIVILEGES, GRANT ...
REVOKE PROXY ON ...
These three are separated by the blank lines in the MySQL doc page.这三个在 MySQL 文档页面中由空行分隔。
For each of these, there are "optional" parameters/settings/values.对于其中的每一个,都有“可选”参数/设置/值。 These are denoted by the square brackets, for example:
这些由方括号表示,例如:
REVOKE priv_type [(column_list)] ...
The (column_list)
is optional. (column_list)
是可选的。 You can supply it, but you don't have to.你可以提供它,但你没有必要。
( Updated note, Dec 2019: (更新说明,2019 年 12 月:
The priv_type
is what specifically lets us know we can specify ALL PRIVILEGES
; priv_type
是特别让我们知道我们可以指定ALL PRIVILEGES
; for we are told in the documentation linked above:因为我们在上面链接的文档中被告知:
For details on the levels at which privileges exist, the permissible
priv_type
,priv_level
, andobject_type values
, and the syntax for specifying users and passwords, see Section 13.7.1.4, “GRANT
Statement”.有关权限存在的级别、允许的
priv_type
、priv_level
和object_type values
以及指定用户和密码的语法的详细信息,请参阅第 13.7.1.4 节,“GRANT
语句”。
Section 13.7.1.4 states this:第 13.7.1.4 节说明了这一点:
Privileges Supported by MySQL
MySQL 支持的权限
The following table summarizes the permissible priv_type privilege types that can be specified for the
GRANT
andREVOKE
statements, and the levels at which each privilege can be granted.下表总结了可以为
GRANT
和REVOKE
语句指定的允许的 priv_type 权限类型,以及可以授予每个权限的级别。
ALL [PRIVILEGES]
Grant all privileges at specified accessALL [PRIVILEGES]
授予指定访问权限的所有权限
End update.结束更新。 )
)
Similarly you can chain these together - they've indented the next line to indicate this (and used ...
to show you can continue repeating):类似地,您可以将这些链接在一起 - 他们缩进下一行以表明这一点(并使用
...
来表明您可以继续重复):
priv_type [(column_list)]
[, priv_type [(column_list)]] ... <-- indented, and note the "..."
More complicated examples exist in the MySQL documentation - like for CREATE TABLE
you have lists of optional flags: MySQL 文档中存在更复杂的示例 - 例如对于
CREATE TABLE
您有可选标志列表:
[COLUMN_FORMAT {FIXED|DYNAMIC|DEFAULT}]
This {x|y|z}
syntax indicates you must specify one of them (the {...}
is non-optional, the [...]
means everything inside is optional - so if you specify COLUMN_FORMAT
, one of the three following flags is required ), the pipes ( |
) indicate you can only specify one of the list ( FIXED
/ DYNAMIC
/ DEFAULT
).此
{x|y|z}
语法表示您必须指定其中之一( {...}
是非可选的, [...]
表示里面的所有内容都是可选的 - 因此,如果您指定COLUMN_FORMAT
,则是三个中的一个下面的标志是必需的),管道( |
)表示只能指定列表(一个FIXED
/ DYNAMIC
/ DEFAULT
)。
One final thing to say - be very aware of the MySQL documentation version .最后要说的一件事 - 非常了解 MySQL 文档版本。 It's stated in several places on the website - personally I just look at the URL:
它在网站上的几个地方都有说明 - 我个人只是看一下 URL:
http://dev.mysql.com/doc/refman/5.7/en/create-table.html
Note it says 5.7
in it.请注意,里面写着
5.7
。 This means the documentation you're reading may not be applicable to any version other than MySQL 5.7.这意味着您正在阅读的文档可能不适用于 MySQL 5.7 以外的任何版本。 That's bitten me a lot of times ... usually when I'm under the gun trying to fix something in a panic!
这让我咬了很多次......通常是当我在恐慌中试图修复某些东西时! Always double-check it.
总是仔细检查它。
This is misleading.这是误导。 That statement is revoking permissions in one schema, not one table.
该语句是撤销一个架构中的权限,而不是一个表。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.