MySQL 用户执行存储过程的权限
来源:互联网 发布:ubuntu 启动apache2 编辑:程序博客网 时间:2024/04/28 18:43
MySQL中以用户执行存储过程的权限为EXECUTE
比如我们在名为configdb的数据库下创建了如下存储过程,存储过程的定义者为user_admin
use configdb;
drop procedure if exists sp_dev_test_user_add;
delimiterCREATEDEFINER=‘useradmin‘@‘invaruservarchar(30),invaripvarchar(15),invarusernamevarchar(30),invaremailvarchar(30),invarorginfovarchar(30))BEGINcreatetemporarytableerrors(errorvarchar(500));ifexists(selectuserfrommysql.userwhereuser=varuser)theninsertintoerrorsvalues(concat(′用户名"′,varuser,′"已存在!′));endif;ifexists(select∗fromerrors)thenselecterrorfromerrors;elseset@user=concat(varuser,′@\'′,varip,′\'′);set@s=concat(′createuser′,@user,′identifiedby′′12345′′;′);preparecmdfrom@s;executecmd;set@s=concat(′GRANTSELECTON‘mysql‘.‘func‘TO′,@user,′;′);preparecmdfrom@s;executecmd;set@s=concat(′GRANTSELECTON‘mysql‘.‘proc‘TO′,@user,′;′);preparecmdfrom@s;executecmd;replaceintodevtestuserinfovalues(varuser,varusername,varemail,varorginfo);endif;droptemporarytableerrors;END
delimiter ;
试着创建一个普通用户user_test1
mysql>create user user_test1 identified by '12345';
查看其权限
mysql>show grants for user_test1;
+-----------------------------------------------------------------------------------------------------------+
| Grants for user_test1@% |
+-----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' |
+-----------------------------------------------------------------------------------------------------------+
赋予其configdb上的select\insert\delete\update权限
mysql>grant select,insert,delete,update on configdb.* to 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9'
mysql> show grants for user_test1;
+-----------------------------------------------------------------------------------------------------------+
| Grants for user_test1@% |
+-----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `configdb`.* TO 'user_test1'@'%' |
+-----------------------------------------------------------------------------------------------------------+
使用此用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql>call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
ERROR 1370 (42000): execute command denied to user 'user_test1'@'%' for routine 'configdb.sp_dev_test_user_add'
看来是权限不足,继续赋予其configdb上的execute权限
mysql> grant execute on configdb.* to 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9';
mysql> show grants for user_test1;
+-----------------------------------------------------------------------------------------------------------+
| Grants for user_test1@% |
+-----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' |
| GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON `configdb`.* TO 'user_test1'@'%' |
+-----------------------------------------------------------------------------------------------------------+
重新使用此用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql>call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
ERROR 1449 (HY000): The user specified as a definer ('user_admin'@'%') does not exist
这次可以调用该存储过程了,但是提示存储过程定义中的definer不存在,原来仅仅是连接到MySQL服务器的用户具有执行存储过程的权限是远远不够的,最终要通过存储过程定义中指定的definer来执行存储过程。
创建user_admin'@'%'这个用户,并赋予configdb上相应的权限
mysql>create user user_admin identified by '12345';
mysql> grant select,insert,delete,update on configdb.* to 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9';
mysql> show grants for user_admin;
+-----------------------------------------------------------------------------------------------------------+
| Grants for user_admin@% |
+-----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `configdb`.* TO 'user_admin'@'%' |
+-----------------------------------------------------------------------------------------------------------+
重新使用'user_test1'@'%'用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql> call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
ERROR 1370 (42000): execute command denied to user 'user_admin'@'%' for routine 'configdb.sp_dev_test_user_add'
看来不仅仅是连接到MySQL服务器的用户需要具有存储过程上的执行权限,存储过程定义者同样需要该权限。
mysql> grant execute on configdb.* to 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9';
mysql> show grants for user_admin;
+-----------------------------------------------------------------------------------------------------------+
| Grants for user_admin@% |
+-----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' |
| GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON `configdb`.* TO 'user_admin'@'%' |
+-----------------------------------------------------------------------------------------------------------+
重新使用'user_test1'@'%'用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql> call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
ERROR 1044 (42000): Access denied for user 'user_admin'@'%' to database 'configdb'
可以执行存储过程了,但是提示权限不足,仔细查看存储过程的定义可以看到,存储过程中包含创建用户和赋予权限的语句,而我们赋给'user_test1'@'%'用户和'user_admin'@'%'都不具有这样的权限。
赋予'user_test1'@'%'创建用户的权限和赋权的权限,以及创建临时表的权限
mysql> grant create user on *.* to 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' with grant option;
mysql> grant create temporary tables on configdb.* to 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9';
mysql> show grants for 'user_test1'@'%';
+-----------------------------------------------------------------------------------------------------------------------------------+
| Grants for user_test1@% |
+-----------------------------------------------------------------------------------------------------------------------------------+
| GRANT CREATE USER ON *.* TO 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' WITH GRANT OPTION |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE TEMPORARY TABLES, EXECUTE ON `configdb`.* TO 'user_test1'@'%' |
+-----------------------------------------------------------------------------------------------------------------------------------+
重新使用'user_test1'@'%'用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql> call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
ERROR 1044 (42000): Access denied for user 'user_admin'@'%' to database 'configdb'
对了,不管你是以什么账户登录的MySQL,最后是使用存储过程的definer执行存储过程的,所以应当把创建用户和赋权的权限付给definer,这里为user_admin'@'%'这个账户。
赋予'user_admin'@'%'创建用户的权限和赋权的权限
mysql> grant create user on *.* to 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' with grant option;
mysql> grant create temporary tables on configdb.* to 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9';
mysql> show grants for 'user_admin'@'%';
+-----------------------------------------------------------------------------------------------------------------------------------+
| Grants for user_admin@% |
+-----------------------------------------------------------------------------------------------------------------------------------+
| GRANT CREATE USER ON *.* TO 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' WITH GRANT OPTION |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE TEMPORARY TABLES, EXECUTE ON `configdb`.* TO 'user_admin'@'%' |
+-----------------------------------------------------------------------------------------------------------------------------------+
重新使用'user_test1'@'%'用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql> call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
ERROR 1142 (42000): SELECT command denied to user 'user_admin'@'%' for table 'user'
哦,除了configdb库外还得有mysql库上user表的权限,给加上,看来权限问题还真是棘手,呵呵~
mysql> grant select,insert,delete,update on mysql.* to 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9';
mysql> show grants for 'user_admin'@'%';
+-----------------------------------------------------------------------------------------------------------------------------------+
| Grants for user_admin@% |
+-----------------------------------------------------------------------------------------------------------------------------------+
| GRANT CREATE USER ON *.* TO 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' WITH GRANT OPTION |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, CREATE TEMPORARY TABLES, EXECUTE ON `configdb`.* TO 'user_admin'@'%' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `mysql`.* TO 'user_admin'@'%' |
+-----------------------------------------------------------------------------------------------------------------------------------+
重新使用'user_test1'@'%'用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql> call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
Query OK, 0 rows affected (0.05 sec)
终于OK了,相信通过这一系列过程,大家应该能够很清楚的了解MySQL存储过程相关的执行权限了。另外,定义该存储过程还需要有CREATE ROUTINE的权限、更该存储过程需要有ALTER ROUTINE的权限(这里是用超级用户在configdb创建的存储过程,上述权限都是具备的),调用存储过程的用户需要有EXECUTE权限,最终执行存储过程的用户也即存储过程定义者要具备存储过程定义语句中相关的各种权限。
MySQL的权限分的比较细,大致可分为表权限、列权限、过程权限具体可参考MySQL官方手册。
比如我们在名为configdb的数据库下创建了如下存储过程,存储过程的定义者为user_admin
use configdb;
drop procedure if exists sp_dev_test_user_add;
delimiter
delimiter ;
试着创建一个普通用户user_test1
mysql>create user user_test1 identified by '12345';
查看其权限
mysql>show grants for user_test1;
+-----------------------------------------------------------------------------------------------------------+
| Grants for user_test1@% |
+-----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' |
+-----------------------------------------------------------------------------------------------------------+
赋予其configdb上的select\insert\delete\update权限
mysql>grant select,insert,delete,update on configdb.* to 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9'
mysql> show grants for user_test1;
+-----------------------------------------------------------------------------------------------------------+
| Grants for user_test1@% |
+-----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `configdb`.* TO 'user_test1'@'%' |
+-----------------------------------------------------------------------------------------------------------+
使用此用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql>call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
ERROR 1370 (42000): execute command denied to user 'user_test1'@'%' for routine 'configdb.sp_dev_test_user_add'
看来是权限不足,继续赋予其configdb上的execute权限
mysql> grant execute on configdb.* to 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9';
mysql> show grants for user_test1;
+-----------------------------------------------------------------------------------------------------------+
| Grants for user_test1@% |
+-----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' |
| GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON `configdb`.* TO 'user_test1'@'%' |
+-----------------------------------------------------------------------------------------------------------+
重新使用此用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql>call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
ERROR 1449 (HY000): The user specified as a definer ('user_admin'@'%') does not exist
这次可以调用该存储过程了,但是提示存储过程定义中的definer不存在,原来仅仅是连接到MySQL服务器的用户具有执行存储过程的权限是远远不够的,最终要通过存储过程定义中指定的definer来执行存储过程。
创建user_admin'@'%'这个用户,并赋予configdb上相应的权限
mysql>create user user_admin identified by '12345';
mysql> grant select,insert,delete,update on configdb.* to 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9';
mysql> show grants for user_admin;
+-----------------------------------------------------------------------------------------------------------+
| Grants for user_admin@% |
+-----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `configdb`.* TO 'user_admin'@'%' |
+-----------------------------------------------------------------------------------------------------------+
重新使用'user_test1'@'%'用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql> call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
ERROR 1370 (42000): execute command denied to user 'user_admin'@'%' for routine 'configdb.sp_dev_test_user_add'
看来不仅仅是连接到MySQL服务器的用户需要具有存储过程上的执行权限,存储过程定义者同样需要该权限。
mysql> grant execute on configdb.* to 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9';
mysql> show grants for user_admin;
+-----------------------------------------------------------------------------------------------------------+
| Grants for user_admin@% |
+-----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' |
| GRANT SELECT, INSERT, UPDATE, DELETE, EXECUTE ON `configdb`.* TO 'user_admin'@'%' |
+-----------------------------------------------------------------------------------------------------------+
重新使用'user_test1'@'%'用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql> call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
ERROR 1044 (42000): Access denied for user 'user_admin'@'%' to database 'configdb'
可以执行存储过程了,但是提示权限不足,仔细查看存储过程的定义可以看到,存储过程中包含创建用户和赋予权限的语句,而我们赋给'user_test1'@'%'用户和'user_admin'@'%'都不具有这样的权限。
赋予'user_test1'@'%'创建用户的权限和赋权的权限,以及创建临时表的权限
mysql> grant create user on *.* to 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' with grant option;
mysql> grant create temporary tables on configdb.* to 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9';
mysql> show grants for 'user_test1'@'%';
+-----------------------------------------------------------------------------------------------------------------------------------+
| Grants for user_test1@% |
+-----------------------------------------------------------------------------------------------------------------------------------+
| GRANT CREATE USER ON *.* TO 'user_test1'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' WITH GRANT OPTION |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE TEMPORARY TABLES, EXECUTE ON `configdb`.* TO 'user_test1'@'%' |
+-----------------------------------------------------------------------------------------------------------------------------------+
重新使用'user_test1'@'%'用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql> call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
ERROR 1044 (42000): Access denied for user 'user_admin'@'%' to database 'configdb'
对了,不管你是以什么账户登录的MySQL,最后是使用存储过程的definer执行存储过程的,所以应当把创建用户和赋权的权限付给definer,这里为user_admin'@'%'这个账户。
赋予'user_admin'@'%'创建用户的权限和赋权的权限
mysql> grant create user on *.* to 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' with grant option;
mysql> grant create temporary tables on configdb.* to 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9';
mysql> show grants for 'user_admin'@'%';
+-----------------------------------------------------------------------------------------------------------------------------------+
| Grants for user_admin@% |
+-----------------------------------------------------------------------------------------------------------------------------------+
| GRANT CREATE USER ON *.* TO 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' WITH GRANT OPTION |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE TEMPORARY TABLES, EXECUTE ON `configdb`.* TO 'user_admin'@'%' |
+-----------------------------------------------------------------------------------------------------------------------------------+
重新使用'user_test1'@'%'用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql> call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
ERROR 1142 (42000): SELECT command denied to user 'user_admin'@'%' for table 'user'
哦,除了configdb库外还得有mysql库上user表的权限,给加上,看来权限问题还真是棘手,呵呵~
mysql> grant select,insert,delete,update on mysql.* to 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9';
mysql> show grants for 'user_admin'@'%';
+-----------------------------------------------------------------------------------------------------------------------------------+
| Grants for user_admin@% |
+-----------------------------------------------------------------------------------------------------------------------------------+
| GRANT CREATE USER ON *.* TO 'user_admin'@'%' IDENTIFIED BY PASSWORD '*00A51F3F48415C7D4E8908980D443C29C69B60C9' WITH GRANT OPTION |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, CREATE TEMPORARY TABLES, EXECUTE ON `configdb`.* TO 'user_admin'@'%' |
| GRANT SELECT, INSERT, UPDATE, DELETE ON `mysql`.* TO 'user_admin'@'%' |
+-----------------------------------------------------------------------------------------------------------------------------------+
重新使用'user_test1'@'%'用户登录MySQL执行刚才定义的存储过程
mysql>use configdb;
mysql> call sp_dev_test_user_add('uapp_yzz','172.16.%','yzz','yzz@email','MySQL DBA');
Query OK, 0 rows affected (0.05 sec)
终于OK了,相信通过这一系列过程,大家应该能够很清楚的了解MySQL存储过程相关的执行权限了。另外,定义该存储过程还需要有CREATE ROUTINE的权限、更该存储过程需要有ALTER ROUTINE的权限(这里是用超级用户在configdb创建的存储过程,上述权限都是具备的),调用存储过程的用户需要有EXECUTE权限,最终执行存储过程的用户也即存储过程定义者要具备存储过程定义语句中相关的各种权限。
MySQL的权限分的比较细,大致可分为表权限、列权限、过程权限具体可参考MySQL官方手册。
0 0
- MySQL 用户执行存储过程的权限
- MySQL 用户执行存储过程的权限
- MySQL用户执行存储过程的权限
- mysql执行存储过程权限的问题
- 使执行存储过程的用户拥有role的权限
- 存储过程的执行权限
- 存储过程跨用户执行execute immediate权限不足
- 给数据库用户设置存储过程执行权限的SQL语句
- sql 中创建的用户登录后无权限执行存储过程
- 给某用户赋予跨数据库的执行存储过程权限
- JDBC连接执行MySQL存储过程报权限错误
- JDBC连接执行 MySQL 存储过程报权限错误
- MySQL存储过程权限
- mysql 存储过程权限
- mysql执行存储过程
- Oracle存储过程执行权限 .
- 执行存储过程 没有权限???
- oracle 存储过程执行权限
- Boost中的单利模式
- cvc-complex-type.2.4.c: 通配符的匹配很全面, 但无法找到元素 'dubbo:application
- 使用FormData对象
- vs2008+Qt 编译MySQL驱动
- ios保存录制好的视频到相簿的方法
- MySQL 用户执行存储过程的权限
- 观察者模式(java)浅析
- Zmq中pub和sub的用法
- ubuntu开发环境部署流程
- Leetcode闲逛随笔
- java程序猿应该了解的10个面向对象设计原则(每次看都很有感悟,特意拿来和大家共享)
- POJ 3783 (DP)
- IOS 获取当前版本信息
- 免备案\免审批号\廉价教你构建自己的网站\域名DNS解析\超实用的端口映射转发