MySQL权限篇之GRANT OPTION

GRANT OPTION，用户被授予了某个权限，那么默认情况下，该用户是不能把这个权限授予给其他人的。

但是可以使用WITH GRANT OPTION这个子句来让该用户可以将权限再授予给其他人。比如：

mysql> grant update on cms.t_account to 'ut01'@'%' with grant option;
Query OK, 0 rows affected (0.06 sec)


mysql> show grants for 'ut01'@'%';
+---------------------------------------------------------------------------+
| Grants for ut01@%                                                         |
+---------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ut01'@'%'                                          |
| GRANT UPDATE ON `cms`.`t_account` TO 'ut01'@'%' WITH GRANT OPTION |
+---------------------------------------------------------------------------+
2 rows in set (0.00 sec)


mysql>

但是除了使用该子句指定之外，还是通过直接授予GRANT OPTION权限来达到这个效果。比如：

D:\temp>mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 5.7.11-log MySQL Community Server (GPL)


Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.


Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.


Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.


mysql> show grants for 'ut01'@'%';
+----------------------------------+
| Grants for ut01@%                |
+----------------------------------+
| GRANT USAGE ON *.* TO 'ut01'@'%' |
+----------------------------------+
1 row in set (0.00 sec)


mysql> grant select on test.t_area to 'ut01'@'%';
Query OK, 0 rows affected (0.07 sec)


mysql> show grants for 'ut01'@'%';
+-----------------------------------------------+
| Grants for ut01@%                             |
+-----------------------------------------------+
| GRANT USAGE ON *.* TO 'ut01'@'%'              |
| GRANT SELECT ON `test`.`t_area` TO 'ut01'@'%' |
+-----------------------------------------------+
2 rows in set (0.00 sec)


mysql> grant delete on cms.t_account to 'ut01'@'%';
Query OK, 0 rows affected (0.01 sec)


mysql> show grants for 'ut01'@'%';
+-------------------------------------------------+
| Grants for ut01@%                               |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO 'ut01'@'%'                |
| GRANT DELETE ON `cms`.`t_account` TO 'ut01'@'%' |
| GRANT SELECT ON `test`.`t_area` TO 'ut01'@'%'   |
+-------------------------------------------------+
3 rows in set (0.00 sec)


mysql> grant grant option on test.t_area to 'ut01'@'%';
Query OK, 0 rows affected (0.06 sec)


mysql> show grants for 'ut01'@'%';
+-----------------------------------------------------------------+
| Grants for ut01@%                                               |
+-----------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ut01'@'%'                                |
| GRANT DELETE ON `cms`.`t_account` TO 'ut01'@'%'                 |
| GRANT SELECT ON `test`.`t_area` TO 'ut01'@'%' WITH GRANT OPTION | #在test.t_area对象上的select权限，自动具有了with grant option属性
+-----------------------------------------------------------------+
3 rows in set (0.00 sec)


mysql> grant insert on test.t_area to 'ut01'@'%';
Query OK, 0 rows affected (0.08 sec)


mysql> show grants for 'ut01'@'%';
+-------------------------------------------------------------------------+
| Grants for ut01@%                                                       |
+-------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ut01'@'%'                                        |
| GRANT DELETE ON `cms`.`t_account` TO 'ut01'@'%'                         |
| GRANT SELECT, INSERT ON `test`.`t_area` TO 'ut01'@'%' WITH GRANT OPTION | #虽然insert是后面加上的，但是同样具有了grant option属性，因为其权限范围也是test.t_area
+-------------------------------------------------------------------------+
3 rows in set (0.00 sec)


mysql>