角色(Role)可用于批量管理用户。同一角色下的用户具有相同的权限。MySQL数据库也有这样的功能吗?答案是肯定的。MySQL5.7.X可以通过mysql.proxies_priv来模拟角色(Role)功能。我们来做个实验(测试版本MySQL5.7.28):1配置proxymysql>showvariableslike"%proxy%";#查看当前代理是否启用,OFF表示未启用+----------------------------------+--------+|Variable_name|Value|+----------------------------------+------+|check_proxy_users|OFF||mysql_native_password_proxy_users|OFF||proxy_user|||sha256_password_proxy_users|OFF|+--------------------------------+--------+4rowsinset(0.02秒)mysql>setglobalcheck_proxy_users=on;QueryOK,0rowsaffected(0.00sec)mysql>setglobalmysql_native_password_proxy_users=on;QueryOK,0rowsaffected(0.01sec)mysql>exit以上设置参数对当前会话无效,需要注销重新登录,或者直接在my.cnf中设置进去;2创建角色和用户mysql>createuserrole_dba;QueryOK,0rowsaffected(1.03sec)mysql>createuser'jack';QueryOK,0rowsaffected(0.01sec)mysql>createuser'mary';QueryOK,0rowsaffected(0.01sec)用户不需要设置密码。如果需要密码,可以使用'####'标识来设置;3PermissionMapping映射(map)role_dba的权限给jack,marymysql>grantproxyonrole_dbatojack;QueryOK,0rowsaffected(0.02sec)mysql>grantproxyonrole_dbatomary;QueryOK,0rowsaffected(0.01sec)4给用户授权给role_dba授权(模拟角色授权)mysql>grantselecton*.*torole_dba;QueryOK,0rowsaffected(0.01sec)mysql>showgrantsforrole_dba;+------------------------------------+|Grantsforrole_dba@%|+--------------------------------------+|GRANTSELECTON*.*TO'role_dba'@'%'|+---------------------------------------+1rowinset(0.00sec)mysql>showgrantsforjack;+-------------------------------------------+|Grantsforjack@%|+-------------------------------------------+|GRANTUSAGEON*.*TO'jack'@'%'||GRANTPROXYON'role_dba'@'%'TO'jack'@'%'|+------------------------------------------+2rowsinset(0.00sec)mysql>showgrantsformary;+--------------------------------------------+|Grantsformary@%|+------------------------------------------+|GRANTUSAGEON*.*TO'mary'@'%'||GRANTPROXYON'role_dba'@'%'TO'mary'@'%'|+------------------------------------------+2rowsinset(0.00sec)5查看mysql.proxies_privmysql>select*frommysql.proxies_priv;+---------+-----+-------------+--------------+------------+--------------------+----------------------+|Host|User|Proxied_host|Proxied_user|With_grant|Grantor|Timestamp|+------------+------+---------------+------------+------------+----------------------+--------------------+|localhost|root|||1|boot@connectinghost|0000-00-0000:00:00||%|will|%|will_dba|0|root@localhost|0000-00-0000:00:00||%|tom|%|will_dba|0|root@localhost|0000-00-0000:00:00||%|jack|%|role_dba|0|root@localhost|0000-00-0000:00:00||%|mary|%|role_dba|0|root@localhost|0000-00-0000:00:00|+------------+------+------------+-------------+------------+--------------------+----------------------+5rowsinset(0.01sec)6验证$mysql-h127.0.0.1-ujackWelcometotheMySQLmonitor.Commandsendwith;or\g.YourMySQLconnectionidis249Serverversion:5.7.28-logMySQLCommunityServer(GPL)Copyright(c)2000,2019,Oracle和/或其附属公司。保留所有权利。Oracle是OracleCorporation的注册商标d/oritsaffiliates.Othernamesmaybetrademarksofttheirrespectiveowners.Type'help;'or'\h'forhelp.Type'\c'toclearthecurrentinputstatement.mysql>select*fromtest.ssdlimit1;+---+------+------+|a|b|c|+---+------+------+|1|NULL|NULL|+---+------+------+1rowinset(0.01sec)mysql.proxies_priv只是对Role的模拟,不同于Oracle的role;官方名称为RolelikeMySQL8.0正式加入角色功能,感兴趣的同学可以自行学习。MySQL5.6.X需要安装插件来模拟Role功能。详情请参考:https://dev.mysql.com/doc/refman/5.6/en/proxy-users.htmlhttps://dev.mysql.com/doc/refman/5.6/en/pluggable-authentication.html
