如何授予用户执行特定存储过程的权限 [英] How to grant execute on specific stored procedure to user
问题描述
我已经在特定架构上创建了一些存储过程.
I have created some stored procedure on a specific schema.
在此存储过程中,我想授予执行特权.
In this stored procedure, I want to grant execute privilege.
所以我写了:
GRANT EXECUTE ON PROCEDURE schema_name.proc_name TO 'user_name';
GRANT SELECT ON mysql.proc to 'user_name';
问题是:我的用户可以看到每个存储过程. 我希望他只能看到拥有EXECUTE特权的程序.
The problem is : My user can see every stored procedure. I wish he could only see the procedure where he has the EXECUTE privilege.
有没有办法实现这一目标?
Is there a way to achieve that ?
谢谢.
推荐答案
是的...如果您没有直接或间接地授予用户mysql.proc
表的SELECT
特权,则此方法可以按预期工作,例如使用GRANT SELECT ON *.* TO ...
Yes... this works as expected if you don't grant the user the SELECT
privilege on the mysql.proc
table, either directly or indirectly, such as with GRANT SELECT ON *.* TO ...
在没有此表的SELECT
权限的情况下,用户只能看到具有其他权限(例如EXECUTE
)的存储过程和存储函数.
Without SELECT
permission on this table, a user can only see the existence of stored procedures and stored functions where they have other permissions, like EXECUTE
.
在后台,mysql.proc
上缺少SELECT
还会阻止用户通过information_schema.routines
伪表查看他们无权访问的过程.
Under the hood, the lack of SELECT
on mysql.proc
also prevents the user from seeing the procedures they don't have access to via the information_schema.routines
pseudo-table.
您不需要GRANT SELECT ON mysql.proc
即可使用户执行过程或功能...如果您这样做,则那个似乎是个问题.
You shouldn't need to GRANT SELECT ON mysql.proc
to enable the user to execute procedures or functions... and if you do, then that seems like the question.
这篇关于如何授予用户执行特定存储过程的权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!