在程序中允许GRANT?

时间:2015-03-16 12:57:36

标签: mysql stored-procedures permissions grant

我创建了一个过程,该过程将准备一个语句以向用户授予密码权限。我已创建此过程以避免必须向管理员用户提供明确的GRANT权限,而是让他们使用完全符合我期望的程序。

程序如下:

CREATE PROCEDURE grantPermission (perm VARCHAR(30), target VARCHAR(30), id VARCHAR(8), host VARCHAR(45), passwd VARCHAR(45))
  BEGIN
    SET @setPermissionCmd = CONCAT('GRANT ', perm, ' ON ', target, ' TO ''', id, '''@''', host, ''' IDENTIFIED BY ''', passwd, ''';');
    PREPARE setPermissionStmt FROM @setPermissionCmd;
    EXECUTE setPermissionStmt;
    DEALLOCATE PREPARE setPermissionStmt;
    FLUSH PRIVILEGES;
  END

当我CALL这个程序时,我收到错误代码1142,我没有GRANT的权限。这里有两个问题。一,我将root执行此操作,该root应具有所有权限(我没有采取任何权限,{{1}}是创建该过程的权限)。第二,有权执行程序应该允许做任何事情。

1 个答案:

答案 0 :(得分:1)

我的测试:

$ mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.5.35-1ubuntu1 (Ubuntu)

Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> use test;
Database changed

mysql> CREATE TABLE `tableTest`(`id` INT UNSIGNED);
Query OK, 0 rows affected (0.00 sec)

mysql> CREATE USER 'userTest'@'localhost' IDENTIFIED BY 'mypass';
Query OK, 0 rows affected (0.00 sec)

mysql> SHOW GRANTS FOR 'userTest'@'localhost';
+-----------------------------------------------------------------------------------------------------------------+
| Grants for userTest@localhost                                                                                   |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'userTest'@'localhost' IDENTIFIED BY PASSWORD '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4' |
+-----------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

mysql> DELIMITER //

mysql> DROP PROCEDURE IF EXISTS `grantPermission`//
Query OK, 0 rows affected, 1 warning (0.00 sec)

mysql> CREATE PROCEDURE `grantPermission` (`perm` VARCHAR(30),
    ->                                     `target` VARCHAR(30),
    ->                                     `id` VARCHAR(8),
    ->                                     `host` VARCHAR(45),
    ->                                     `passwd` VARCHAR(45))
    -> BEGIN
    ->     SET @`setPermissionCmd` = CONCAT(
    ->     'GRANT ', `perm`, ' ON `', `target`, '`
     >      TO ''', `id`, '''@''', `host`, ''' 
     >     IDENTIFIED BY ''', `passwd`, ''';');
    ->     PREPARE `setPermissionStmt` FROM @`setPermissionCmd`;
    ->     EXECUTE `setPermissionStmt`;
    ->     DEALLOCATE PREPARE `setPermissionStmt`;
    ->     FLUSH PRIVILEGES;
    -> END//
Query OK, 0 rows affected (0.00 sec)

mysql> DELIMITER ;

mysql> CALL `grantPermission`('SELECT', 'tableTest', 'userTest', 'localhost', 'mypass');
Query OK, 0 rows affected (0.00 sec)

mysql> SHOW GRANTS FOR 'userTest'@'localhost';
+-----------------------------------------------------------------------------------------------------------------+
| Grants for userTest@localhost                                                                                   |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'userTest'@'localhost' IDENTIFIED BY PASSWORD '*6C8989366EAF75BB670AD8EA7A7FC1176A95CEF4' |
| GRANT SELECT ON `test`.`tableTest` TO 'userTest'@'localhost'                                                    |
+-----------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
相关问题
最新问题