在MySQL中撤消用户的特权 [英] Revoke privileges from user in mySQL
问题描述
对于每个使用语句在mySQL中创建的新用户
For every new user we create in mySQL using the statement
CREATE USER newuser@localhost IDENTIFIED BY 'password';
"SHOW GRANTS"仅显示"USAGE ON *.*"特权.
"SHOW GRANTS" is showing only "USAGE ON *.* " privilege.
但是用户可以在"test"和"information_schema"数据库上进行选择,插入..,并且我无法使用下面给出的revoke语句来撤销对"test"的这些特权.
But the user is able to select,insert,.. on "test" and "information_schema" databases and I'm unable to revoke these privileges on "test" using the revoke statement given below.
REVOKE ALL ON test.* FROM newuser@localhost;
ERROR 1141 (42000) : There is no such grant defined for user 'guest' on host 'localhost'
我只是不想让新用户访问test和information_schema数据库.
I just don't want the newuser to access the test and information_schema databases.
推荐答案
http://dev.mysql.com/doc/refman/5.6/en/default-privileges.html
默认情况下,
mysql.db
表包含允许以下内容访问的行:test
数据库和其他具有以下名称的数据库的任何用户 从test_
开始. (...) 这意味着 这样的数据库甚至可以由不具备此功能的帐户使用 特权.如果您要删除任何用户对测试数据库的访问权限, 这样做如下:
By default, the
mysql.db
table contains rows that permit access by any user to thetest
database and other databases with names that start withtest_
. (...) This means that such databases can be used even by accounts that otherwise possess no privileges. If you want to remove any-user access to test databases, do so as follows:
mysql> DELETE FROM mysql.db WHERE Db LIKE 'test%';
mysql> FLUSH PRIVILEGES;
(...) 通过前面的更改,只有拥有全局数据库的用户 特权或为测试数据库明确授予的特权可以 使用它.
(...) With the preceding change, only users who have global database privileges or privileges granted explicitly for the test database can use it.
information_schema
数据库是应要求即时建立的只读伪数据库.用户将始终可以查询该数据库,但是该数据库仅显示他们已经可以访问的条目.
The information_schema
database is a read-only pseudo database built on-the-fly on request. Users will always be able to consult this database, but it only presents entries to which they already have access to otherwise.
这篇关于在MySQL中撤消用户的特权的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!