我的书签
添加书签
移除书签GRANT <role>
GrantRoleStmt
RolenameList
以 root 用户连接 TiDB:
mysql -h 127.0.0.1 -P 4000 -u root
创建新角色 analyticsteam 和新用户 jennifer:
CREATE ROLE analyticsteam;Query OK, 0 rows affected (0.02 sec)GRANT SELECT ON test.* TO analyticsteam;Query OK, 0 rows affected (0.02 sec)CREATE USER jennifer;Query OK, 0 rows affected (0.01 sec)GRANT analyticsteam TO jennifer;Query OK, 0 rows affected (0.01 sec)
以 jennifer 用户连接 TiDB:
SHOW GRANTS;+---------------------------------------------+| Grants for User || GRANT USAGE ON *.* TO 'jennifer'@'%' || GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' |+---------------------------------------------+SHOW TABLES in test;ERROR 1044 (42000): Access denied for user 'jennifer'@'%' to database 'test'SET ROLE analyticsteam;Query OK, 0 rows affected (0.00 sec)SHOW GRANTS;+---------------------------------------------+| Grants for User |+---------------------------------------------+| GRANT USAGE ON *.* TO 'jennifer'@'%' || GRANT SELECT ON test.* TO 'jennifer'@'%' || GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' |+---------------------------------------------+3 rows in set (0.00 sec)SHOW TABLES IN test;+----------------+| Tables_in_test |+----------------+| t1 |+----------------+
以 root 用户连接 TiDB:
执行 SET DEFAULT ROLE 语句将用户 jennifer 与 analyticsteam 角色相关联:
以 jennifer 用户连接 TiDB:
mysql -h 127.0.0.1 -P 4000 -u jennifer
此时 jennifer 用户无需执行 SET ROLE 语句就能拥有 analyticsteam 角色相关联的权限:
SHOW GRANTS;+---------------------------------------------+| Grants for User |+---------------------------------------------+| GRANT USAGE ON *.* TO 'jennifer'@'%' || GRANT SELECT ON test.* TO 'jennifer'@'%' || GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' |+---------------------------------------------+3 rows in set (0.00 sec)SHOW TABLES IN test;+----------------+| Tables_in_test |+----------------+| t1 |+----------------+
