mysql drop权限测试

在项目开发和测试中，常收到开发人员需求，需要建立数据库帐号和授权脚本，发现授权脚本中有基于库上的drop权限，按mysql的权限机制，drop权限比较大，能drop database，这个权限很危险，现在验证测试一下。 

drop 权限测试：

先给库test2建帐号test2并授权如下：

product)root@localhost [(none)]> grant select,insert,update,delete,drop,create,alter on test2.* to'test2'@'%' identified by 'Hlsad_10111';
Query OK, 0 rows affected (0.00 sec)

查看test2的权限：
(product)test2@10.16.24.108 [(none)]> show grants for 'test2'@'%';
+------------------------------------------------------------------------------------------------------+
| Grants for test2@%                                                                                   |
+------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'test2'@'%' IDENTIFIED BY PASSWORD '*5E78EAB1F7F00212267E7C0EDD0C9862EE7DA808' |
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER ON `test2`.* TO 'test2'@'%'                |
+------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)

在其它客户端用test2帐号连接mysql:

(product)test2@10.16.24.108 [(none)]> select user();
+--------------------+
| user()             |
+--------------------+
| test2@10.16.24.109 |
+--------------------+
1 row in set (0.00 sec)

对test2进行drop database test2操作：

(product)test2@10.16.24.108 [(none)]> drop database test2;
Query OK, 0 rows affected (0.02 sec)

再查看是还有test2库：

(product)root@localhost [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| log                |
| mysql              |
| performance_schema |
| test               |
| test107            |
| test108            |
| zengxuewen         |
+--------------------+
8 rows in set (0.00 sec

说明drop权限非常大，若对库有drop权限，能drop database，一般不给应用和开发人员开放drop权限，建议drop权限由dba来管理。