如何确保'anil'无法从任何名为'%desk%'的计算机上运行命令?
mysql> show grants for anil;
+------------------------------------------------------------------------------------+
| Grants for anil@% |
+------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'anil'@'%' |
| GRANT SELECT, CREATE TEMPORARY TABLES, LOCK TABLES ON `production`.* TO 'anil'@'%' |
+------------------------------------------------------------------------------------+
mysql> revoke all privileges, grant option from 'anil'@'%desk%';
ERROR 1269 (HY000): Can't revoke all privileges for one or more of the requested users
mysql> revoke usage on *.* from 'anil'@'%desk%';
ERROR 1141 (42000): There is no such grant defined for user 'anil' on host '%desk%'
mysql> revoke SELECT, CREATE TEMPORARY TABLES, LOCK TABLES ON `production`.* from 'anil'@'%desk%';
ERROR 1141 (42000): There is no such grant defined for user 'anil' on host '%desk%'
答案 0 :(得分:1)
MySQL只允许您授予权限,它没有能力授予除某个主机之外的所有,或者以某种方式拒绝基于主机名的权限你正在尝试。实现此目的的唯一方法是仅为可接受的主机名授予用户权限。 REVOKE命令仅删除之前的GRANT ed权限。
如果您的网络恰好被分解为子域[即:* .desk.company.tld和* .serv.company.tld],您应该能够授予'anil'@'%.serv.company.tld'或类似的子网:{ {1}}。