由于本人水平有限,有错误的地方还请大家帮忙指正.
之前已经分析了mysql怎样实现用户连接过程中的密码认证具体参考(浅析mysql连接的认证过程),我们知道mysql对于用户的权限管理有不同的层级(用户级别,db级别,table级别,column 级别).那么内部是怎样实现这些不同层级权限的管理的呢?接下来我们主要通过源码层面浅析一下其实现方式.源码版本为8.0.20 |
权限简介和存储
简介:
以下是官方文档中列出的所有权限和对应的作用域. 第一列:表示GRANT和REVOKE的语句中对应的权限 第二列:第一列在mysql权限表中对应的列的名称 第三列:表对应的权限作用范围.(Server administration表示作用于整个系统,Database 表示作用于整个Schema,Tables表示用于某个表,Columns 表示作用于某个列,Stored routines表示作用于存储过程)Privilege |
Grant Table Column |
Context |
ALL [PRIVILEGES] |
Synonym for “all privileges” |
Server administration |
ALTER |
Alter_priv |
Tables |
ALTER ROUTINE |
Alter_routine_priv |
Stored routines |
CREATE |
Create_priv |
Databases, tables, or indexes |
CREATE ROUTINE |
Create_routine_priv |
Stored routines |
CREATE TABLESPACE |
Create_tablespace_priv |
Server administration |
CREATE TEMPORARY TABLES |
Create_tmp_table_priv |
Tables |
CREATE USER |
Create_user_priv |
Server administration |
CREATE VIEW |
Create_view_priv |
Views |
DELETE |
Delete_priv |
Tables |
DROP |
Drop_priv |
Databases, tables, or views |
EVENT |
Event_priv |
Databases |
EXECUTE |
Execute_priv |
Stored routines |
FILE |
File_priv |
File access on server host |
GRANT OPTION |
Grant_priv |
Databases, tables, or stored routines |
INDEX |
Index_priv |
Tables |
INSERT |
Insert_priv |
Tables or columns |
LOCK TABLES |
Lock_tables_priv |
Databases |
PROCESS |
Process_priv |
Server administration |
PROXY |
See proxies_priv table |
Server administration |
REFERENCES |
References_priv |
Databases or tables |
RELOAD |
Reload_priv |
Server administration |
REPLICATION CLIENT |
Repl_client_priv |
Server administration |
REPLICATION SLAVE |
Repl_slave_priv |
Server administration |