堆栈内存溢出
  简体   繁体   English

仅撤销对 MySQL 具有所有权限的用户的删除

[英]Revoke only delete from user with all privileges on MySQL

 原文  2021-05-07 07:53:20       mysql/ database/ grant

问题描述

I have a user with all privileges for a specific DB in MySQL 8:我有一个拥有 MySQL 8 中特定数据库所有权限的用户:

GRANT ALL PRIVILEGES ON `mydatabase`.* TO `foo`@`localhost`

I can check the grants with SHOW GRANTS FOR 'foo'@'localhost';我可以使用SHOW GRANTS FOR 'foo'@'localhost'; and I get:我得到:

+-------------------------------------------------------------+
| Grants for foo@localhost                                    |
+-------------------------------------------------------------+
| GRANT USAGE ON *.* TO `foo`@`localhost`                     |
| GRANT ALL PRIVILEGES ON `mydatabase`.* TO `foo`@`localhost` |
+-------------------------------------------------------------+

Now I need to remove the DELETE grant on a specific table, so I've tried with:现在我需要删除特定表上的 DELETE 授权,所以我尝试过:

REVOKE DELETE ON `mydatabase`.`mytable` FROM 'foo'@'localhost';

but I get the following error:但我收到以下错误:

ERROR 1147 (42000): There is no such grant defined for user 'foo' on host 'localhost' on table 'mytable'

How can I remove the delete grant?如何删除删除授权? I have to add all grants one by one (which ones are they?) and then remove the delete grant?我必须一一添加所有授权(它们是哪些?),然后删除删除授权?

1 个解决方案

解决方案1
 1 已采纳  2021-05-07 08:19:08

GRANT adds according row into privileges table. GRANT将相应的行添加到权限表中。

REVOKE deletes the row with specified privilege from this table, not add another row with removing the privilege. REVOKE从该表中删除具有指定权限的行,而不是添加具有删除权限的另一行。 So you can revoke only those privilege which is present in a table.因此,您只能撤销表中存在的那些特权。 Precisely.恰恰。

You may:您可以:

  1. Add separate privileges list with all privileges included into ALL PRIVILEGES except DELETE privilege on the database level添加单独的权限列表,所有权限都包含在 ALL PRIVILEGES 中,但数据库级别的 DELETE 权限除外
  2. Add DELETE privilege on all tables except mytable对除mytable之外的所有表添加 DELETE 权限
  3. Remove ALL PRIVILEGES privilege删除 ALL PRIVILEGES 权限

This is too complex.这太复杂了。 But correct.但正确。

Alternatively you may simplify the solution, do not use privileges system (of course this is not good practice), and forbid the deletion on the programming level using according trigger:或者,您可以简化解决方案,不使用特权系统(当然这不是好的做法),并使用根据触发器在编程级别禁止删除:

CREATE TRIGGER forbid_delete_for_user
BEFORE DELETE 
ON mytable
FOR EACH ROW
BEGIN
    IF LOCATE(USER(), 'foo@localhost,bar@localhost') THEN
        SIGNAL SQLSTATE '45000'
            SET MESSAGE_TEXT = 'Deletion from 'mytable' not allowed for current user.';
    END IF;
END

But you must remember that cascaded foreign key actions do not activate triggers .但是您必须记住,级联外键操作不会激活触发器 So the user can find the way for to delete the rows from this table nevertheless.因此,用户仍然可以找到从该表中删除行的方法。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在MySQL中从用户撤消特权 - Revoke privileges from user in mySQL 如何撤销 MySQL 用户的权限 - how to revoke privileges for a MySQL user 如何撤销 MySQL 中用户的所有 EXECUTE 权限? - How do you revoke all EXECUTE privileges for a user in MySQL? 撤消MySQL数据库上所有用户的所有权限 - Revoke all privileges for all users on a MySQL DB 如何撤销一张表的MySQL用户权限? - How to revoke MySQL user privileges for one table? mysql小心地撤销root权限 - mysql revoke root privileges carefully Mysql 授予用户所有权限 - Mysql grant all privileges to user 在不再存在的表上撤消MySQL权限 - Revoke MySQL Privileges on no longer existing Table Mysql撤销特权不影响现有的连接 - Mysql Revoke Privileges Not Affecting For Existed Connections 撤销所有权限,授予选项无效? - revoke all privileges, grant option not working?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM