[英]How do I create roles that grant access to a database for a new user in mariaDB?
創建角色,然后向角色分配新用戶以授予對所需數據庫的訪問權的正確方法是什么?
它對我的工作方式不符合我的預期。
如果我嘗試創建一個讀/寫角色和一個只讀角色,然后授予這些角色權限,然后創建一個具有默認角色的用戶,則會收到該用戶的數據庫訪問被拒絕錯誤:
CREATE DATABASE testDb;
CREATE ROLE readOnly;
CREATE ROLE readWrite;
GRANT SELECT ON testDB . * TO readOnly;
GRANT ALL ON testDB . * TO readWrite;
CREATE USER 'testUser'@'%' IDENTIFIED BY 'testPass';
GRANT readOnly TO testUser;
GRANT readWrite TO testUser;
SET DEFAULT ROLE readOnly FOR testUser;
\q
然后,當我嘗試以testUser身份連接到數據庫時:
/mysql -u testUser -p -D testDb
ERROR 1044 (42000): Access denied for user 'testUser'@'%' to database 'testDb'
另一方面,如果我不使用角色並直接向用戶授予權限,即沒有角色的用戶,則不會出現數據庫訪問被拒絕的錯誤:
DROP USER testUser;
DROP ROLE readWrite;
DROP ROLE readOnly;
GRANT ALL ON testDb . * TO testUser@'%' IDENTIFIED BY 'testPass';
\q
現在,以testUser的身份工作:
mysql -u testUser -p -D testDb
Enter password:
MariaDB [testDb]>
我無法重現該問題(請在數據庫對象名稱中使用大寫和小寫形式):
$ mysql -u root -p
Enter password:
MariaDB [(none)]> SELECT VERSION();
+----------------+
| VERSION() |
+----------------+
| 10.3.2-MariaDB |
+----------------+
1 row in set (0.000 sec)
MariaDB [(none)]> CREATE DATABASE `testDb`;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE ROLE `readOnly`;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> CREATE ROLE `readWrite`;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT SELECT ON `testDb`.* TO `readOnly`;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL ON `testDb`.* TO `readWrite`;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> CREATE USER 'testUser'@'%' IDENTIFIED BY '*********';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT `readOnly` TO `testUser`;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT `readWrite` TO `testUser`;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> SET DEFAULT ROLE `readOnly` FOR `testUser`;
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> \q
Bye
$ mysql -u testUser -p
Enter password:
MariaDB [(none)]> SELECT CURRENT_USER();
+----------------+
| CURRENT_USER() |
+----------------+
| testUser@% |
+----------------+
1 row in set (0.000 sec)
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| testDb |
+--------------------+
2 rows in set (0.001 sec)
MariaDB [(none)]> SELECT CURRENT_ROLE;
+--------------+
| CURRENT_ROLE |
+--------------+
| readOnly |
+--------------+
1 row in set (0.000 sec)
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.