是否可以使用MySQL仅在临时表上授予插入,更新和删除特权?
[英]Is it possible to grant insert, update and delete privileges only on temporary tables with MySQL?
问题描述
I have a user that has only SELECT and CREATE TEMPORARY TABLES privileges on a slave database, to ensure that the slave doesn't get tables changed outside of replication, however without the ability to INSERT (and UPDATE and DELETE ) on any temporary tables that get created, the CREATE TEMPORARY TABLES privilege is fairly useless. 
我有一个仅对从属数据库具有SELECT和CREATE TEMPORARY TABLES特权的用户,以确保从属不会在复制之外更改表,但是无法对任何临时表INSERT (和UPDATE和DELETE )操作创建后, CREATE TEMPORARY TABLES特权就毫无用处。
Is it possible to grant these privileges but only for temporary tables? 是否可以仅针对临时表授予这些特权?
I am running MySQL 5.5 我正在运行MySQL 5.5
EDIT: I am using PHP and PDO to run the commands. 编辑:我正在使用PHP和PDO运行命令。 Perhaps there is an issue with the session, based on @phreakv6's answer 基于@ phreakv6的答案,会话可能存在问题
EDIT 2: My full test code: 编辑2:我完整的测试代码:
<?php
$dbh=new PDO("mysql:host=localhost;dbname=scratch;charset=utf8", 'readonly', 'readonlytestingonlypassword',array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
$prepped=$dbh->prepare("CREATE TEMPORARY TABLE `TempPermissionsTest` (`ID` INT( 11 ) NOT NULL ,`TestVal` INT( 11 ) NOT NULL )");
$prepped->execute();
$err=$prepped->errorInfo();
if ($err[0]>0) print $err[1]." : ".$err[2];
$prepped=$dbh->prepare("INSERT INTO `TempPermissionsTest` (`ID` ,`TestVal`) VALUES (1,3)");
$prepped->execute();
$err=$prepped->errorInfo();
if ($err[0]>0) print $err[1]." : ".$err[2];
$prepped=$dbh->prepare("SELECT * FROM `TempPermissionsTest`");
$prepped->execute();
$err=$prepped->errorInfo();
if ($err[0]>0) print $err[1]." : ".$err[2];
while ($row=$prepped->fetch(PDO::FETCH_ASSOC)) {
print_r($row);
}
?>
Running this on a user who has only SELECT and CREATE TEMPORARY TABLES privileges results in the following output: 在仅具有SELECT和CREATE TEMPORARY TABLES特权的用户上运行此命令,将得到以下输出:
1142 : INSERT command denied to user 'readonly'@'localhost' for table 'TempPermissionsTest'
2 个解决方案
解决方案1
4 已采纳 2016-06-07 06:03:39
After a session has created a temporary table, the server performs no further privilege checks on the table.
It looks your CREATE TEMPORARY TABLES privilege should give you INSERT , UPDATE and DELETE privileges on your temporary table for the session that created it. 看起来,您的CREATE TEMPORARY TABLES特权应该为您创建会话的临时表赋予INSERT , UPDATE和DELETE特权。 Isn't this what you are looking for? 这不是您要找的东西吗?
I just noticed your mysql version. 我刚刚注意到您的mysql版本。 For mysql 5.5 I think you are out of luck. 对于MySQL 5.5,我认为您不走运。 Please take a look at this bug . 请看看这个错误 。 CREATE TEMPORARY TABLES privilege was extended to include INSERT , UPDATE and DELETE only post 5.6. CREATE TEMPORARY TABLES特权被扩展为仅在5.6之后才包含INSERT , UPDATE和DELETE 。
解决方案2
0 2016-06-14 06:21:13
Supplementing the accepted answer with more general info in case people find this question from other dbs. 如果人们从其他数据库中发现了这个问题,则以更多常规信息补充接受的答案。
In every database manager I have worked with, temporary tables have been intended to be session-private and implemented in such a way that the creator has permission on these tables. 在我所使用的每个数据库管理器中,临时表都旨在成为会话专用的,并以创建者对这些表具有权限的方式实现。 In MySQL as noted, there is no permission checks on a temp tables. 如上所述,在MySQL中,没有对临时表的权限检查。
In PostgreSQL, temporary tables are initially owed by the creator who has full permissions to them. 在PostgreSQL中,临时表最初由拥有全部临时权限的创建者所欠。 The owner can revoke permissions and even in theory revoke ownership though I am not aware of any applications that actually do this. 所有者可以撤消权限,甚至在理论上也可以撤消所有权,尽管我不知道任何实际执行此操作的应用程序。
I would expect that every other (or even if there are exceptions, almost every other) RDBMS on the planet effectively defaults the temp table permissions to full permissions for the user that creates them. 我希望这个星球上的所有其他RDBMS(甚至即使有例外,也几乎有其他所有例外)都会有效地将临时表权限默认为创建它们的用户的完全权限。 Failure to do this would severely limit the utility of this feature. 否则,将严重限制此功能的实用性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.