授予用户仅查看 MySQL 视图的权限,而不能查看其他内容
这个问题最初使用MySQL 5.1.44,但也适用于MySQL 8.0+。
假设我有一个表,其中包含由应用程序的不同用户插入的记录。如何授予特定用户只能查看该表中他/她的记录的权限?我考虑过用他/她的记录创建一个 VIEW,但我不知道如何创建一个只能看到该 VIEW 的 MySQL 用户。
那么,是否可以创建一个只能访问单个VIEW的MySQL用户?是否还可以让该用户对 VIEW 具有只读访问权限?
谢谢!
PS:在我的示例中,我所说的“用户”实际上是希望使用自己的应用程序访问其记录的子公司。
This question was originally using MySQL 5.1.44, but is applicable to MySQL 8.0+ too.
Let's say I have a table with records inserted by different users of my application. How can I give a specific user access to only see his/her records in that table? I've thought about creating a VIEW with his/her records, but I don't know how to create a MySQL user that can only see that VIEW.
So, is it possible to create a MySQL user that only has access to a single VIEW? Can this user also be made so they read-only access to that VIEW?
Thanks!
PS: What I call users in my example are really subsidiary offices that want to access their records with their own applications.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(5)
将 database1.view1 上的选择授予 'someuser'@'somehost';GRANT SELECT ON database1.view1 TO 'someuser'@'somehost';此外,
最好也
这样做,以便许多 SQL UI 工具可以获得视图定义并适当地为视图工作。
Besides
it's better to also do
so that a lot of SQL UI tool can get the view definition and work appropriately for the view.
来源:MySQL 文档
Source: MySQL Documentation
我相信最初的问题实际上是问如何将行限制为给定用户拥有的行。 (为每个用户创建一个视图,然后授予该视图的想法似乎是一种解决方法。)
您可以通过将 user() 引用插入数据表中,然后对其进行过滤来实现此目的。
使用MySQL 5.6。创建一个视图,将 SELECT 限制为仅当前用户拥有的记录:
I believe the original question is actually asking how to limit the rows to those owned by a given user. (The idea of creating one view per user, and then granting just that, seems like a workaround.)
You can do this by inserting the user() reference into the data table, and then filtering on that.
Using MySQL 5.6. Create a view that limits SELECT to just records owned by the current user:
如果你想让视图只读,我怀疑你会这么做。然后您应该使用 ALGORITHM = TEMPTABLE 子句创建视图。
这将使视图只读,因为它必须创建临时表。
实现只读的另一种方法是坚持聚合函数,这取决于您的数据。例如,如果您有一个基于表并显示所有列的视图,那么您可以将不同的内容粘贴到选择上。
If you want to make the view read only which I suspect you do. Then you should create the view with the ALGORITHM = TEMPTABLE clause.
This will make the view read only virtue of it having to create a temp table.
Another way to achieve read only and this is depends on your data is to stick an aggregate function. For example if you have a view which is based on a table and shows all columns then you can stick a distinct onto the select.