授予用户仅查看 MySQL 视图的权限,而不能查看其他内容

发布于 2024-09-07 00:43:30 字数 311 浏览 11 评论 0原文

这个问题最初使用MySQL 5.1.44,但也适用于MySQL 8.0+。

假设我有一个表,其中包含由应用程序的不同用户插入的记录。如何授予特定用户只能查看该表中他/她的记录的权限?我考虑过用他/她的记录创建一个 VIEW,但我不知道如何创建一个只能看到该 VIEW 的 MySQL 用户。

那么,是否可以创建一个只能访问单个VIEW的MySQL用户?是否还可以让该用户对 VIEW 具有只读访问权限?

谢谢!

PS:在我的示例中,我所说的“用户”实际上是希望使用自己的应用程序访问其记录的子公司。

This question was originally using MySQL 5.1.44, but is applicable to MySQL 8.0+ too.

Let's say I have a table with records inserted by different users of my application. How can I give a specific user access to only see his/her records in that table? I've thought about creating a VIEW with his/her records, but I don't know how to create a MySQL user that can only see that VIEW.

So, is it possible to create a MySQL user that only has access to a single VIEW? Can this user also be made so they read-only access to that VIEW?

Thanks!

PS: What I call users in my example are really subsidiary offices that want to access their records with their own applications.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

我一直都在从未离去 2024-09-14 00:43:30

将 database1.view1 上的选择授予 'someuser'@'somehost';

GRANT SELECT ON database1.view1 TO 'someuser'@'somehost';

原谅我要高飞 2024-09-14 00:43:30

此外,

GRANT SELECT ON <database_name>.<view_name>
TO <user>@<host>

最好也

GRANT SHOW VIEW
ON <database_name>.<view_name> TO <user>@<host>

这样做,以便许多 SQL UI 工具可以获得视图定义并适当地为视图工作。

Besides

GRANT SELECT ON <database_name>.<view_name>
TO <user>@<host>

it's better to also do

GRANT SHOW VIEW
ON <database_name>.<view_name> TO <user>@<host>

so that a lot of SQL UI tool can get the view definition and work appropriately for the view.

玩物 2024-09-14 00:43:30
GRANT SELECT ON <database name>.<view name>
TO <user>@<host> IDENTIFIED BY '<password>'

来源:MySQL 文档

GRANT SELECT ON <database name>.<view name>
TO <user>@<host> IDENTIFIED BY '<password>'

Source: MySQL Documentation

转身以后 2024-09-14 00:43:30

我相信最初的问题实际上是问如何将行限制为给定用户拥有的行。 (为每个用户创建一个视图,然后授予该视图的想法似乎是一种解决方法。)

您可以通过将 user() 引用插入数据表中,然后对其进行过滤来实现此目的。

使用MySQL 5.6。创建一个视图,将 SELECT 限制为仅当前用户拥有的记录:

-- check the current user
select user();

create table t1 (myId int, mydata varchar(200), myName varchar(200));

insert t1 select 1, 'my data yes', user();
insert t1 select 2, 'my data yes2', user();
insert t1 select 3, 'my data no', 'joe';

select * from t1;

create or replace view v1 AS
select * from t1 where myName = user();

select * from v1;

I believe the original question is actually asking how to limit the rows to those owned by a given user. (The idea of creating one view per user, and then granting just that, seems like a workaround.)

You can do this by inserting the user() reference into the data table, and then filtering on that.

Using MySQL 5.6. Create a view that limits SELECT to just records owned by the current user:

-- check the current user
select user();

create table t1 (myId int, mydata varchar(200), myName varchar(200));

insert t1 select 1, 'my data yes', user();
insert t1 select 2, 'my data yes2', user();
insert t1 select 3, 'my data no', 'joe';

select * from t1;

create or replace view v1 AS
select * from t1 where myName = user();

select * from v1;
缱倦旧时光 2024-09-14 00:43:30

如果你想让视图只读,我怀疑你会这么做。然后您应该使用 ALGORITHM = TEMPTABLE 子句创建视图。

这将使视图只读,因为它必须创建临时表。

实现只读的另一种方法是坚持聚合函数,这取决于您的数据。例如,如果您有一个基于表并显示所有列的视图,那么您可以将不同的内容粘贴到选择上。

If you want to make the view read only which I suspect you do. Then you should create the view with the ALGORITHM = TEMPTABLE clause.

This will make the view read only virtue of it having to create a temp table.

Another way to achieve read only and this is depends on your data is to stick an aggregate function. For example if you have a view which is based on a table and shows all columns then you can stick a distinct onto the select.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文