【发布时间】:2020-01-01 13:46:26
【问题描述】:
在数据库上以root 用户身份运行:
MariaDB [(none)]> SHOW GRANTS FOR jake@localhost;
+-------------------------------------------------------------------------------------------------------------+
| Grants for jake@localhost |
+-------------------------------------------------------------------------------------------------------------+
| GRANT developer TO 'jake'@'localhost' |
| GRANT USAGE ON *.* TO 'jake'@'localhost' IDENTIFIED BY PASSWORD '*intentionallyomitted' |
+-------------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)
MariaDB [(none)]> SHOW GRANTS FOR developer;
+-------------------------------------------------+
| Grants for developer |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO 'developer' |
| GRANT ALL PRIVILEGES ON `test`.* TO 'developer' |
+-------------------------------------------------+
2 rows in set (0.000 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| test |
+--------------------+
4 rows in set (0.001 sec)
MariaDB [(none)]> USE mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [mysql]> SELECT Host, User, is_role, default_role FROM user WHERE User = 'jake' OR User = 'developer';
+-----------+-----------+---------+--------------+
| Host | User | is_role | default_role |
+-----------+-----------+---------+--------------+
| | developer | Y | |
| localhost | jake | N | |
+-----------+-----------+---------+--------------+
2 rows in set (0.001 sec)
MariaDB [mysql]> SELECT * FROM roles_mapping WHERE User = 'jake';
+-----------+------+-----------+--------------+
| Host | User | Role | Admin_option |
+-----------+------+-----------+--------------+
| localhost | jake | developer | N |
+-----------+------+-----------+--------------+
1 rows in set (0.001 sec)
然后,在运行sudo systemctl restart mysql之后:
$ mysql -u jake -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.3.13-MariaDB-1:10.3.13+maria~bionic mariadb.org binary distribution
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> SELECT CURRENT_USER;
+----------------+
| CURRENT_USER |
+----------------+
| jake@localhost |
+----------------+
1 row in set (0.000 sec)
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.001 sec)
似乎我通过授予developer 角色权限,然后将用户添加到该角色,显然将jake@localhost 用户权限授予了测试数据库。但是,用户看不到数据库(或其中的表)。
这只是我代码中某个地方的愚蠢错字吗?什么可能导致这样的问题?我的一个想法是,这是与IDENTIFED BY PASSWORD 子句有关的问题,因为它只出现在GRANT USAGE 上而没有其他地方出现,但我很难想象这会导致这样的错误。有a related thread,但由于用户到处都是jake@localhost(始终如一),因此该线程中的解决方案似乎都不是问题。那么是什么给出的呢?
版本:
$ mysql --version
mysql Ver 15.1 Distrib 10.3.13-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2
【问题讨论】:
-
当您以
jake@localhost登录时SELECT CURRENT_ROLE;会给出什么我假设结果是NULL?因为我很确定您仍然需要或多或少地使用GRANT developer to 'jake'@'localhost'授予该 MySQL 用户的角色 -
它确实给出了
NULL。这确实可以解释问题,但不能完全解释为什么会发生。我进行了编辑以包含有关用户和角色的更多信息。 -
“这确实可以解释问题,但不能完全解释为什么会发生。” 是的,它确实... MySQL 怎么知道 jake 是开发团队的一员你说?运行
GRANT developer to 'jake'@'localhost'作为root? MySQL用户帐户需要定义一个角色才能获得角色权限......然后'jake'@'localhost'应该有developer角色,你可以再次检查SELECT CURRENT_ROLE;然后它应该说developer -
我已经运行过它并再次运行它。行为没有变化。我会将roles_mapping表的内容添加到问题中。
-
@RaymondNijland 请注意,
jake@localhost用户始终拥有developer授权。
标签: mysql ubuntu permissions mariadb access-control