为什么是“授予使用”创建的第一次我授予用户权限？ [英] Why is a "GRANT USAGE" created the first time I grant a user privileges?

问题描述

我是DBMS的管理员的新手，并在今晚（使用MySQL）设置一个新的数据库，当我注意到这一点。在首次授予用户特权后，会创建另一个类似

I'm new to the admin side of DBMS and was setting up a new database tonight (using MySQL) when I noticed this. After granting a user a privilege for the first time, another grant is created that looks like

GRANT USAGE on *.* TO user IDENTIFIED BY PASSWORD password

文档说明 USAGE 特权意味着没有特权，所以我推断thats grant工作分层，也许一个用户必须有某种特权的所有数据库，所以这充当一个catch all？

The documentation says that the USAGE privilege means "no privileges," so I'm inferring thats grants work hierarchically and perhaps a user must have some kind of privilege for all databases, so this serves as a catch all?

我也不明白为什么当我创建的授权不具有 IDENTIFIED BY （主要是因为我不明白 IDENTIFIED BY 子句的用途）。

I also dont understand why this line has an IDENTIFIED BY clause in it when the grant I created does not have one (mostly because I dont understand what purpose the IDENTIFIED BY clause serves).

/ em>很抱歉，最初没有说明，这些拨款是

Sorry for not stating this originally, the grants were

GRANT ALL PRIVILEGES ON database.* TO admin_user
GRANT SELECT, INSERT, UPDATE, DELETE ON database.* TO user

推荐答案

正如你所说，在MySQL USAGE 是无特权的同义词。从 MySQL参考手册：

As you said, in MySQL USAGE is synonymous with "no privileges". From the MySQL Reference Manual:

USAGE特权说明符代表无特权。它在全局级别与GRANT一起使用以修改帐户属性，如资源限制或SSL特性，而不会影响现有的帐户权限。

The USAGE privilege specifier stands for "no privileges." It is used at the global level with GRANT to modify account attributes such as resource limits or SSL characteristics without affecting existing account privileges.

使用是告诉MySQL帐户存在而不授予任何该帐户的真正特权。他们只有权限使用 MySQL，因此 USAGE 。它对应于未设置任何权限的`mysql`.````中的一行

USAGE is a way to tell MySQL that an account exists without conferring any real privileges to that account. They have merely permission to use MySQL, hence USAGE. It corresponds to a row in the `mysql`.`user` table with no privileges set.

IDENTIFIED BY 子句表示为该用户设置了密码。我们如何知道用户是他们说他们是谁？他们可以通过为其帐户发送正确的密码来自行识别。

The IDENTIFIED BY clause indicates that a password is set for that user. How do we know a user is who they say they are? They identify themselves by sending the correct password for their account.

用户密码是不与特定数据库或表绑定的全局级帐户属性之一。它也存在于`mysql`.`user` 表中。如果用户没有任何其他权限 ON *。* ，则会授予 USAGE ON *。* 密码哈希显示在那里。这通常是 CREATE USER 语句的副作用。当用户以这种方式创建时，他们最初没有权限，因此只能授予 USAGE 。

A user's password is one of those global level account attributes that isn't tied to a specific database or table. It also lives in the `mysql`.`user` table. If the user does not have any other privileges ON *.*, they are granted USAGE ON *.* and their password hash is displayed there. This is often a side effect of a CREATE USER statement. When a user is created in that way, they initially have no privileges so they are merely granted USAGE.

这篇关于为什么是“授予使用”创建的第一次我授予用户权限？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！