GRANT OPTION,用户被授予了某个权限,那么默认情况下,该用户是不能把这个权限授予给其他人的。
但是可以使用WITH GRANT OPTION这个子句来让该用户可以将权限再授予给其他人。比如:
mysql> grant update on cms.t_account to 'ut01'@'%' with grant option;
Query OK, 0 rows affected (0.06 sec)
mysql> show grants for 'ut01'@'%';
+---------------------------------------------------------------------------+
| Grants for ut01@% |
+---------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ut01'@'%' |
| GRANT UPDATE ON `cms`.`t_account` TO 'ut01'@'%' WITH GRANT OPTION |
+---------------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql>
但是除了使用该子句指定之外,还是通过直接授予GRANT OPTION权限来达到这个效果。比如:
D:\temp>mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 5.7.11-log MySQL Community Server (GPL)
Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show grants for 'ut01'@'%';
+----------------------------------+
| Grants for ut01@% |
+----------------------------------+
| GRANT USAGE ON *.* TO 'ut01'@'%' |
+----------------------------------+
1 row in set (0.00 sec)
mysql> grant select on test.t_area to 'ut01'@'%';
Query OK, 0 rows affected (0.07 sec)
mysql> show grants for 'ut01'@'%';
+-----------------------------------------------+
| Grants for ut01@% |
+-----------------------------------------------+
| GRANT USAGE ON *.* TO 'ut01'@'%' |
| GRANT SELECT ON `test`.`t_area` TO 'ut01'@'%' |
+-----------------------------------------------+
2 rows in set (0.00 sec)
mysql> grant delete on cms.t_account to 'ut01'@'%';
Query OK, 0 rows affected (0.01 sec)
mysql> show grants for 'ut01'@'%';
+-------------------------------------------------+
| Grants for ut01@% |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO 'ut01'@'%' |
| GRANT DELETE ON `cms`.`t_account` TO 'ut01'@'%' |
| GRANT SELECT ON `test`.`t_area` TO 'ut01'@'%' |
+-------------------------------------------------+
3 rows in set (0.00 sec)
mysql> grant grant option on test.t_area to 'ut01'@'%';
Query OK, 0 rows affected (0.06 sec)
mysql> show grants for 'ut01'@'%';
+-----------------------------------------------------------------+
| Grants for ut01@% |
+-----------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ut01'@'%' |
| GRANT DELETE ON `cms`.`t_account` TO 'ut01'@'%' |
| GRANT SELECT ON `test`.`t_area` TO 'ut01'@'%' WITH GRANT OPTION | #在test.t_area对象上的select权限,自动具有了with grant option属性
+-----------------------------------------------------------------+
3 rows in set (0.00 sec)
mysql> grant insert on test.t_area to 'ut01'@'%';
Query OK, 0 rows affected (0.08 sec)
mysql> show grants for 'ut01'@'%';
+-------------------------------------------------------------------------+
| Grants for ut01@% |
+-------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'ut01'@'%' |
| GRANT DELETE ON `cms`.`t_account` TO 'ut01'@'%' |
| GRANT SELECT, INSERT ON `test`.`t_area` TO 'ut01'@'%' WITH GRANT OPTION | #虽然insert是后面加上的,但是同样具有了grant option属性,因为其权限范围也是test.t_area
+-------------------------------------------------------------------------+
3 rows in set (0.00 sec)
mysql>