#最少权限原则


  • GRANT:授予用户权限 REVOKE:取消用户权限

GRANT privileges [columns]
ON item
TO user_name [IDENTIFIED BY 'pasword']
[REQUIRE ssl_options]
[WITH [GRANT OPTION | limit_options]]

  • 创建一个管理员
grant all on * to fred identified by 'mnb123' with grant option;
  • 授予用户名为fred,密码是mnb123的用户使用所有数据库的权限,并允许他向其他人授予这些权限。

  • 如果不希望用户在系统中存在,可以按照如下方式撤销

revoke all privileges, grant from fred;
  • 创建一个没有任何权限的用户
grant usage on bookes.* to sally identified by 'magic1234';
  • 向该用户授予权限
grant select, insert, update, delete, index, alter, create, drop on bookes.* to sally;
  • 减少该用户的权限
revoke alter, create, drop on books.* from sally;