在MySQL中撤消用户的特权 [英] Revoke privileges from user in mySQL

问题描述

对于每个使用语句在mySQL中创建的新用户

For every new user we create in mySQL using the statement

CREATE USER newuser@localhost IDENTIFIED BY 'password';

"SHOW GRANTS"仅显示"USAGE ON *.*"特权.

"SHOW GRANTS" is showing only "USAGE ON *.* " privilege.

但是用户可以在"test"和"information_schema"数据库上进行选择，插入..，并且我无法使用下面给出的revoke语句来撤销对"test"的这些特权.

But the user is able to select,insert,.. on "test" and "information_schema" databases and I'm unable to revoke these privileges on "test" using the revoke statement given below.

REVOKE ALL ON test.* FROM newuser@localhost;
ERROR 1141 (42000) : There is no such grant defined for user 'guest' on host 'localhost'

我只是不想让新用户访问test和information_schema数据库.

I just don't want the newuser to access the test and information_schema databases.

推荐答案

http://dev.mysql.com/doc/refman/5.6/en/default-privileges.html

默认情况下，mysql.db表包含允许以下内容访问的行: test数据库和其他具有以下名称的数据库的任何用户 从test_开始. (...) 这意味着 这样的数据库甚至可以由不具备此功能的帐户使用 特权.如果您要删除任何用户对测试数据库的访问权限， 这样做如下:

By default, the mysql.db table contains rows that permit access by any user to the test database and other databases with names that start with test_. (...) This means that such databases can be used even by accounts that otherwise possess no privileges. If you want to remove any-user access to test databases, do so as follows:

mysql> DELETE FROM mysql.db WHERE Db LIKE 'test%';
mysql> FLUSH PRIVILEGES;

(...) 通过前面的更改，只有拥有全局数据库的用户 特权或为测试数据库明确授予的特权可以 使用它.

(...) With the preceding change, only users who have global database privileges or privileges granted explicitly for the test database can use it.

information_schema数据库是应要求即时建立的只读伪数据库.用户将始终可以查询该数据库，但是该数据库仅显示他们已经可以访问的条目.

The information_schema database is a read-only pseudo database built on-the-fly on request. Users will always be able to consult this database, but it only presents entries to which they already have access to otherwise.

这篇关于在MySQL中撤消用户的特权的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！