문법은
GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
[WITH with_option ...]
object_type:
TABLE
| FUNCTION
| PROCEDURE
priv_level:
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
| db_name.routine_name
user_specification:
user [IDENTIFIED BY [PASSWORD] 'password']
ssl_option:
SSL
| X509
| CIPHER 'cipher'
| ISSUER 'issuer'
| SUBJECT 'subject'
with_option:
GRANT OPTION
| MAX_QUERIES_PER_HOUR count
| MAX_UPDATES_PER_HOUR count
| MAX_CONNECTIONS_PER_HOUR count
| MAX_USER_CONNECTIONS count
mysql> GRANT ALL PRIVILEGES on *.* to 'id'@'hosts' identified by '패스워드;
*.* 은. DB명.Table명 쯤 된다 전체다주고 싶으니 *.*
'id' @ 'hosts' id계정에 hosts에서 접속한녀석에게 해당된다는 얘기
(id는 알아서 주면 될테고 hosts는 %로 줄때 어디서 접속하든이 될것임)
권한을 골라서 줄수가 있음
ALL 대신에 select, insert, delete, update 엄청 많으니 표를 참조
Table 13.1 Permissible Privileges for GRANT and REVOKE
| Privilege | Meaning and Grantable Levels |
|---|---|
ALL [PRIVILEGES] | Grant all privileges at specified access level except GRANT OPTION |
ALTER | Enable use of ALTER TABLE. Levels: Global, database, table. |
ALTER ROUTINE | Enable stored routines to be altered or dropped. Levels: Global, database, procedure. |
CREATE | Enable database and table creation. Levels: Global, database, table. |
CREATE ROUTINE | Enable stored routine creation. Levels: Global, database. |
CREATE TEMPORARY TABLES | Enable use of CREATE TEMPORARY TABLE. Levels: Global, database. |
CREATE USER | Enable use of CREATE USER, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES. Level: Global. |
CREATE VIEW | Enable views to be created or altered. Levels: Global, database, table. |
DELETE | Enable use of DELETE. Level: Global, database, table. |
DROP | Enable databases, tables, and views to be dropped. Levels: Global, database, table. |
EVENT | Enable use of events for the Event Scheduler. Levels: Global, database. |
EXECUTE | Enable the user to execute stored routines. Levels: Global, database, table. |
FILE | Enable the user to cause the server to read or write files. Level: Global. |
GRANT OPTION | Enable privileges to be granted to or removed from other accounts. Levels: Global, database, table, procedure. |
INDEX | Enable indexes to be created or dropped. Levels: Global, database, table. |
INSERT | Enable use of INSERT. Levels: Global, database, table, column. |
LOCK TABLES | Enable use of LOCK TABLES on tables for which you have the SELECT privilege. Levels: Global, database. |
PROCESS | Enable the user to see all processes with SHOW PROCESSLIST. Level: Global. |
REFERENCES | Not implemented |
RELOAD | Enable use of FLUSH operations. Level: Global. |
REPLICATION CLIENT | Enable the user to ask where master or slave servers are. Level: Global. |
REPLICATION SLAVE | Enable replication slaves to read binary log events from the master. Level: Global. |
SELECT | Enable use of SELECT. Levels: Global, database, table, column. |
SHOW DATABASES | Enable SHOW DATABASES to show all databases. Level: Global. |
SHOW VIEW | Enable use of SHOW CREATE VIEW. Levels: Global, database, table. |
SHUTDOWN | Enable use of mysqladmin shutdown. Level: Global. |
SUPER | Enable use of other administrative operations such as CHANGE MASTER TO, KILL, PURGE BINARY LOGS, SET GLOBAL, and mysqladmin debug command. Level: Global. |
TRIGGER | Enable trigger operations. Levels: Global, database, table. |
UPDATE | Enable use of UPDATE. Levels: Global, database, table, column. |
USAGE | Synonym for “no privileges” |
// 아래 부분은 예시로 편하게 볼수 있게 정리되어있다고 판단하여 정리
//
mysql> GRANT ALL PRIVILEGES ON db_name.* TO 'monty'@'localhost'
-> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
mysql> GRANT ALL PRIVILEGES ON db_name.* TO 'monty'@'localhost'
-> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
// 모든 호스트(%)에서 연결을 허용
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'%'
-> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
// domain.com 도메인에 속한 모든 호스트로부터 연결 허용
mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'%.domain.com'
-> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;
// mysqladmin reload, mysqladmin refress, mysqladmin processlist
// 등의 명령을 실행하도록 admin 유저에게 권한 부여mysql> GRANT RELOAD, PROCESS ON *.* TO 'admin'@'localhost';
// 현재 연결된 사용자의 GRANT 상태 보기
mysql> SHOW GRANTS FOR CURRENT_USER;
