Skip to content

Latest commit

 

History

History
155 lines (117 loc) · 3.37 KB

sql-statement-revoke-privileges.md

File metadata and controls

155 lines (117 loc) · 3.37 KB
title summary aliases
REVOKE <privileges>
TiDB 数据库中 REVOKE <privileges> 的使用概况。
/docs-cn/dev/sql-statements/sql-statement-revoke-privileges/
/docs-cn/dev/reference/sql/statements/revoke-privileges/

REVOKE <privileges>

REVOKE <privileges> 语句用于删除已有用户的权限。执行 REVOKE <privileges> 语句需要拥有分配的权限,并且拥有 GRANT OPTION 权限。

语法图

GrantStmt ::=
    'GRANT' PrivElemList 'ON' ObjectType PrivLevel 'TO' UserSpecList RequireClauseOpt WithGrantOptionOpt

PrivElemList ::=
    PrivElem ( ',' PrivElem )*

PrivElem ::=
    PrivType ( '(' ColumnNameList ')' )?

PrivType ::=
    'ALL' 'PRIVILEGES'?
|   'ALTER' 'ROUTINE'?
|   'CREATE' ( 'USER' | 'TEMPORARY' 'TABLES' | 'VIEW' | 'ROLE' | 'ROUTINE' )?
|    'TRIGGER'
|   'DELETE'
|    'DROP' 'ROLE'?
|    'PROCESS'
|    'EXECUTE'
|   'INDEX'
|   'INSERT'
|   'SELECT'
|   'SUPER'
|    'SHOW' ( 'DATABASES' | 'VIEW' )
|   'UPDATE'
|   'GRANT' 'OPTION'
|   'REFERENCES'
|   'REPLICATION' ( 'SLAVE' | 'CLIENT' )
|   'USAGE'
|    'RELOAD'
|   'FILE'
|   'CONFIG'
|   'LOCK' 'TABLES'
|    'EVENT'
|   'SHUTDOWN'

ObjectType ::=
    'TABLE'?

PrivLevel ::=
    '*' ( '.' '*' )?
|    Identifier ( '.' ( '*' | Identifier ) )?

UserSpecList ::=
    UserSpec ( ',' UserSpec )*

RequireClauseOpt ::= ('REQUIRE' ('NONE' | 'SSL' | 'X509' | RequireListElement ('AND'? RequireListElement)*))?

RequireListElement ::= 'ISSUER' Issuer | 'SUBJECT' Subject | 'CIPHER' Cipher | 'SAN' SAN | 'TOKEN_ISSUER' TokenIssuer

示例

{{< copyable "sql" >}}

CREATE USER 'newuser' IDENTIFIED BY 'mypassword';
Query OK, 1 row affected (0.02 sec)

{{< copyable "sql" >}}

GRANT ALL ON test.* TO 'newuser';
Query OK, 0 rows affected (0.03 sec)

{{< copyable "sql" >}}

SHOW GRANTS FOR 'newuser';
+-------------------------------------------------+
| Grants for newuser@%                            |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO 'newuser'@'%'             |
| GRANT ALL PRIVILEGES ON test.* TO 'newuser'@'%' |
+-------------------------------------------------+
2 rows in set (0.00 sec)

{{< copyable "sql" >}}

REVOKE ALL ON test.* FROM 'newuser';
Query OK, 0 rows affected (0.03 sec)

{{< copyable "sql" >}}

SHOW GRANTS FOR 'newuser';
+-------------------------------------+
| Grants for newuser@%                |
+-------------------------------------+
| GRANT USAGE ON *.* TO 'newuser'@'%' |
+-------------------------------------+
1 row in set (0.00 sec)

{{< copyable "sql" >}}

DROP USER 'newuser';
Query OK, 0 rows affected (0.14 sec)

{{< copyable "sql" >}}

SHOW GRANTS FOR 'newuser';
ERROR 1141 (42000): There is no such grant defined for user 'newuser' on host '%'

MySQL 兼容性

REVOKE <privileges> 语句执行成功后,在 TiDB 中语句执行的结果会在当前连接立即生效,而 MySQL 中部分权限的结果需要等到之后的连接才生效。见 TiDB #39356

另请参阅