MySQL 为什么在我第一次授予用户权限时会创建“GRANT USAGE”?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2126225/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Why is a "GRANT USAGE" created the first time I grant a user privileges?
提问by John M Naglick
I'm new to the admin side of DBMS and was setting up a new database tonight (using MySQL) when I noticed this. After granting a user a privilege for the first time, another grant is created that looks like
我是 DBMS 管理方面的新手,当我注意到这一点时,我今晚正在设置一个新数据库(使用 MySQL)。第一次授予用户权限后,将创建另一个授权,如下所示
GRANT USAGE on *.* TO user IDENTIFIED BY PASSWORD password
The documentation says that the USAGEprivilege means "no privileges," so I'm inferring thats grants work hierarchically and perhaps a user must have some kind of privilege for all databases, so this serves as a catch all?
文档说USAGE特权意味着“没有特权”,所以我推断这是分层工作的,也许用户必须对所有数据库都拥有某种特权,所以这可以概括吗?
I also dont understand why this line has an IDENTIFIED BYclause in it when the grant I created does not have one (mostly because I dont understand what purpose the IDENTIFIED BYclause serves).
我也不明白为什么IDENTIFIED BY当我创建的赠款没有条款时,为什么这一行中有一个条款(主要是因为我不明白该IDENTIFIED BY条款的目的是什么)。
Edit:Sorry for not stating this originally, the grants were
编辑:对不起,最初没有说明这一点,赠款是
GRANT ALL PRIVILEGES ON database.* TO admin_user
GRANT SELECT, INSERT, UPDATE, DELETE ON database.* TO user
回答by Espresso_Boy
As you said, in MySQL USAGEis synonymous with "no privileges". From the MySQL Reference Manual:
正如您所说,在 MySQL 中USAGE是“无特权”的同义词。从MySQL 参考手册:
The USAGE privilege specifier stands for "no privileges." It is used at the global level with GRANT to modify account attributes such as resource limits or SSL characteristics without affecting existing account privileges.
USAGE 特权说明符代表“无特权”。它在全局级别与 GRANT 一起用于修改帐户属性,例如资源限制或 SSL 特征,而不会影响现有帐户权限。
USAGEis a way to tell MySQL that an account exists without conferring any real privileges to that account. They merely have permission to usethe MySQL server, hence USAGE. It corresponds to a row in the `mysql`.`user`table with no privileges set.
USAGE是一种告诉 MySQL 帐户存在的方法,而无需向该帐户授予任何实际权限。他们只有使用MySQL 服务器的权限,因此USAGE. 它对应于`mysql`.`user`表中没有设置权限的行。
The IDENTIFIED BYclause indicates that a password is set for that user. How do we know a user is who they say they are? They identifythemselves by sending the correct password for their account.
该IDENTIFIED BY子句表示为该用户设置了密码。我们如何知道用户是他们所说的人?他们通过发送正确的帐户密码来识别自己。
A user's password is one of those global level account attributes that isn't tied to a specific database or table. It also lives in the `mysql`.`user`table. If the user does not have any other privileges ON *.*, they are granted USAGE ON *.*and their password hash is displayed there. This is often a side effect of a CREATE USERstatement. When a user is created in that way, they initially have no privileges so they are merely granted USAGE.
用户的密码是与特定数据库或表无关的全局级别帐户属性之一。它也住在`mysql`.`user`桌子上。如果用户没有任何其他权限ON *.*,他们将被授予USAGE ON *.*并在那里显示他们的密码哈希。这通常是CREATE USER语句的副作用。当以这种方式创建用户时,他们最初没有特权,因此仅被授予了权限USAGE。
回答by 5YrsLaterDBA
I was trying to find the meaning of GRANT USAGE on *.* TOand found here. I can clarify that GRANT USAGE on *.* TO user IDENTIFIED BY PASSWORD passwordwill be granted when you createthe user with the following command (CREATE):
我试图GRANT USAGE on *.* TO找到这里的含义并找到了。我可以澄清,GRANT USAGE on *.* TO user IDENTIFIED BY PASSWORD password当您使用以下命令 ( )创建用户时,将被授予CREATE:
CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
When you grantprivilege with GRANT, new privilege s will be added on top of it.
当您使用授予权限时GRANT,将在其上添加新权限。
回答by s1los
In addition mysql passwords when not using the IDENTIFIED BYclause, may be blank values, if non-blank, they may be encrypted. But yes USAGEis used to modify an account by granting simple resource limiters such as MAX_QUERIES_PER_HOUR, again this can be specified by also
using the WITH clause, in conjuction with GRANT USAGE(no privileges added) or GRANT ALL, you can also specify GRANT USAGEat the global level, database level, table level,etc....
另外mysql密码在不使用IDENTIFIED BY子句时,可能是空值,如果非空,则可能被加密。但是 yesUSAGE用于通过授予简单的资源限制器来修改帐户,例如MAX_QUERIES_PER_HOUR,同样可以通过使用 WITH 子句来指定,结合GRANT USAGE(不添加特权) or GRANT ALL,您也可以GRANT USAGE在全局级别,数据库级别指定,表级等....
