我正在尝试向具有“经理”访问权限的特定用户授予访问权限。他们可以SELECT和UPDATE但只能访问自己群体中的人。数据库为redflame,表格为payroll。
表格的一部分是:
+------+---------+--------+-----------+--------+
| Dept | Manager | Name | Birthdate | Salary |
+------+---------+--------+-----------+--------+
| 1 | Y | BOB | 1/1/1 | 50000 |
| 1 | N | BILL | 2/2/2 | 40000 |
| 1 | N | BART | 3/3/3 | 70000 |
| 2 | Y | JIM | 4/4/4 | 40000 |
| 2 | N | JANET | 5/5/5 | 50000 |
...
我希望只允许SELECT和UPDATE权限给经理,但仅限于他的群组。我试过了,
GRANT SELECT (Dept, Manager, Name, Birthdate),
UPDATE (Dept, Manager, Name, Birthdate)
ON redflame.payroll WHERE Dept = '1'
TO 'Bob'@'localhost';
我知道这不起作用,但您如何根据Bob实施Dept的许可?
非常感谢任何帮助。
答案 0 :(得分:1)
为每个部门创建一个视图,并为其授予权限。
答案 1 :(得分:0)
根据MySQL手册:
http://dev.mysql.com/doc/refman/5.1/en/grant.html
通常,数据库管理员首先使用CREATE USER创建 帐户,然后GRANT来定义其特权和特征。
在您向工资表添加新记录时的PHP代码中,您必须执行以下操作(我使用伪代码编写):
if((new->Dept == 1) and (new->Manager == 'Y'))
{
if (user with name == new->Name doesn't exist)
{
Create a new user with name = new->Name
Grant SELECT and UPDATE privileges to the newly created user ON redflame.payroll table
}
else
{
error: user already exists!
}
}
更新工资表中的记录时:
if(the record was a Manager and he is updated to non Manager)
{
DROP USER with name = old->Name
}
if(the record was not a Manager and he is updated to Manager)
{
if (user with name == new->Name doesn't exist)
{
Create a new user with name = new->Name
Grant SELECT and UPDATE privileges to the newly created user ON redflame.payroll table
}
else
{
error: user already exists!
}
}
从工资表中删除记录时:
if((old->Dept == 1) and (old->Manager == 'Y'))
{
if (user with name == old->Name exists)
{
DROP USER with name = old->Name
}
}
如果您具有数据库的root访问权限,则可以创建ON INSERT,ON UPDATE和ON DELETE触发器。然后使用这个逻辑,编写SQL代码。否则,在php中实现它。