下述为用户权限管理语句的语法:
GRANT privilege_type_list ON privilege_level TO user_option_list [WITH GRANT OPTION];
revoke_stmt:
REVOKE privilege_type_list ON privilege_level FROM user_name_list;
show_grants_stmt:
SHOW GRANTS [FOR user_name];
privilege_type_list:
{ALL [PRIVILEGES] | privilege_type [, privilege_type ...]}
privilege_type:
ALTER
| CREATE
| CREATE USER
| CREATE VIEW
| DELETE
| DROP
| GRANT OPTION
| INDEX
| INSERT
| PROCESS
| SHOW DATABASES
| SHOW VIEW
| UPDATE
| USAGE
privilege_level:
*
| *.*
| database_name.*
| database_name.table_name
| table_name
user_option_list:
user_option [, user_option ...]
user_option:
user_name [IDENTIFIED BY 'password']
password:
STR_VALUE
user_name_list:
user_name [, user_name ...]
下述为用户管理语法树:
create_user_stmt:
CREATE USER [IF NOT EXISTS] user_name [IDENTIFIED BY "password"];
ALTER USER user_name ACCOUNT {LOCK | UNLOCK};
| SET PASSWORD [FOR user_name] = PASSWORD("password");
drop_user_stmt:
DROP USER user_name_list [cascade];
user_name_list:
user_name [, user_name ...]
password:
STR_VALUE
ob_tcp_invited_nodes
参数是租户全局的白名单限制参数。运行下述语句查看该参数以确认白名单:
obclient> show variables like 'ob_tcp_invited_nodes';
+----------------------+-------+
| Variable_name | Value |
+----------------------+-------+
| ob_tcp_invited_nodes | % |
+----------------------+-------+
Lock 用户操作:
obclient> ALTER USER demo ACCOUNT LOCK ;
Query OK, 0 rows affected (0.02 sec)
obclient -udemo@demo0_111 -P2881 -h11.166.87.1 -pttt
obclient: [Warning] Using a password on the command line interface can be insecure.
ERROR 5039 (01007): User locked
权限授予操作:
obclient> grant SELECT on demo.* TO demo;
权限摘除操作:
obclient> revoke SELECT on demo.* from demo;
Query OK, 0 rows affected (0.03 sec)
obclient -udemo@demo0_111 -P2881 -h11.166.87.1 -pttt
ERROR 1044 (42000): Access denied for user 'DEMO'@'%' to database 'DEMO'