Mysql 服务器通过权限表来控制用户对数据库的访问，权限表存放在 mysql 数据库里， 由 mysql_install_db 脚本初始化。这些权限表分别 user，db，table_priv，columns_priv、procs_priv 表。

下面我们连上数据库具体看下

连接到数据库

用 root 账号连上数据库

# mysql -uroot -pEnter password: Welcome to the MySQL monitor.  Commands end with ; or g.Your MySQL connection id is 4Server version: 5.7.34 MySQL Community Server (GPL)

选择 mysql 库

mysql> use mysqlReading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -ADatabase changed

查看所有的表：

mysql> show tables;+---------------------------+| Tables_in_mysql           |+---------------------------+| columns_priv              || db                        || engine_cost               || event                     || func                      || general_log               || gtid_executed             || help_category             || help_keyword              || help_relation             || help_topic                || innodb_index_stats        || innodb_table_stats        || ndb_binlog_index          || plugin                    || proc                      || procs_priv                || proxies_priv              || server_cost               || servers                   || slave_master_info         || slave_relay_log_info      || slave_worker_info         || slow_log                  || tables_priv               || time_zone                 || time_zone_leap_second     || time_zone_name            || time_zone_transition      || time_zone_transition_type || user                      |+---------------------------+31 rows in set (0.00 sec)

查看 user 表【针对所有数据库】

user 表中的权限是针对所有数据库的

mysql> select * from user where User='cbuser'G*************************** 1. row ***************************                  Host: %                  User: cbuser           Select_priv: N           Insert_priv: N           Update_priv: N           Delete_priv: N           Create_priv: N             Drop_priv: N           Reload_priv: N         Shutdown_priv: N          Process_priv: N             File_priv: N            Grant_priv: N       References_priv: N            Index_priv: N            Alter_priv: N          Show_db_priv: N            Super_priv: N Create_tmp_table_priv: N      Lock_tables_priv: N          Execute_priv: N       Repl_slave_priv: N      Repl_client_priv: N      Create_view_priv: N        Show_view_priv: N   Create_routine_priv: N    Alter_routine_priv: N      Create_user_priv: N            Event_priv: N          Trigger_priv: NCreate_tablespace_priv: N              ssl_type:             ssl_cipher:            x509_issuer:           x509_subject:          max_questions: 0           max_updates: 0       max_connections: 0  max_user_connections: 0                plugin: mysql_native_password authentication_string: *2AACE7DA3A0240BE8B1F302E0FE2C69705E39B24      password_expired: N password_last_changed: 2021-07-01 01:50:44     password_lifetime: NULL        account_locked: N1 row in set (0.00 sec)

查看 db 表【只针对指定的数据库】

db 表中的权限只针对指定的数据库

mysql> select * from dbG。。。略*************************** 3. row ***************************                 Host: %                   Db: cookbook                 User: cbuser          Select_priv: Y          Insert_priv: Y          Update_priv: Y          Delete_priv: Y          Create_priv: Y            Drop_priv: Y           Grant_priv: N      References_priv: Y           Index_priv: Y           Alter_priv: YCreate_tmp_table_priv: Y     Lock_tables_priv: Y     Create_view_priv: Y       Show_view_priv: Y  Create_routine_priv: Y   Alter_routine_priv: Y         Execute_priv: Y           Event_priv: Y         Trigger_priv: Y3 rows in set (0.00 sec)

如果希望用户只对某个数据库有操作权限，可以先将 user 表中对应的权限设置为 N，然后在 db 表中设置对应数据库的操作权限。

可以看到 cbuser 这个用户在 user 表中是各个设为 N，在 db 表中设置为 Y。

查看 tables_priv 表【针对表的权限】

tables_priv 表用来对单个表进行权限设置

mysql> select * from tables_privG*************************** 1. row ***************************       Host: localhost         Db: mysql       User: mysql.session Table_name: user    Grantor: boot@connecting host  Timestamp: 0000-00-00 00:00:00 Table_priv: SelectColumn_priv: *************************** 2. row ***************************       Host: localhost         Db: sys       User: mysql.sys Table_name: sys_config    Grantor: root@localhost  Timestamp: 2021-07-01 01:50:39 Table_priv: SelectColumn_priv: 2 rows in set (0.00 sec)

看下表结构：

mysql> show create table tables_privG*************************** 1. row ***************************       Table: tables_privCreate Table: CREATE TABLE `tables_priv` (  `Host` char(60) COLLATE utf8_bin NOT NULL DEFAULT '',  `Db` char(64) COLLATE utf8_bin NOT NULL DEFAULT '',  `User` char(32) COLLATE utf8_bin NOT NULL DEFAULT '',  `Table_name` char(64) COLLATE utf8_bin NOT NULL DEFAULT '',  `Grantor` char(93) COLLATE utf8_bin NOT NULL DEFAULT '',  `Timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,  `Table_priv` set('Select','Insert','Update','Delete','Create','Drop','Grant','References','Index','Alter','Create View','Show view','Trigger') CHARACTER SET utf8 NOT NULL DEFAULT '',  `Column_priv` set('Select','Insert','Update','References') CHARACTER SET utf8 NOT NULL DEFAULT '',  PRIMARY KEY (`Host`,`Db`,`User`,`Table_name`),  KEY `Grantor` (`Grantor`)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Table privileges'1 row in set (0.00 sec)

字段具体说明如下：

Host，主机Db，数据库名User，用户名Table_name， 表名Grantor，修改该记录的用户，grant 美 [ɡr?nt] 英 [ɡrɑ?nt]Timestamp，修改该记录的时间Table_priv，表示对表的操作权限 【包括 ‘Select’,’Insert’,’Update’,’Delete’,’Create’,’Drop’,’Grant’,’References’,’Index’,’Alter’,’Create View’,’Show view’,’Trigger’】Column_priv，表示对表中的列的操作权限【包括 Column_priv】

查看 columns_priv 表【针对列的权限】

columns_priv 表用来对单个数据列进行权限设置

mysql> select * from columns_privGEmpty set (0.00 sec)mysql> show create table columns_privG*************************** 1. row ***************************       Table: columns_privCreate Table: CREATE TABLE `columns_priv` (  `Host` char(60) COLLATE utf8_bin NOT NULL DEFAULT '',  `Db` char(64) COLLATE utf8_bin NOT NULL DEFAULT '',  `User` char(32) COLLATE utf8_bin NOT NULL DEFAULT '',  `Table_name` char(64) COLLATE utf8_bin NOT NULL DEFAULT '',  `Column_name` char(64) COLLATE utf8_bin NOT NULL DEFAULT '',  `Timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,  `Column_priv` set('Select','Insert','Update','References') CHARACTER SET utf8 NOT NULL DEFAULT '',  PRIMARY KEY (`Host`,`Db`,`User`,`Table_name`,`Column_name`)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Column privileges'1 row in set (0.00 sec)

字段具体说明如下：

Column_name，数据列名称，用来指定对哪些数据列具有操作权限Timestamp，修改该记录的时间Column_priv，表示对表中的列的操作权限【包括 ‘Select’,’Insert’,’Update’,’References’】

查看 procs_priv 表【针对存储过程和存储函数】

procs_priv 表可以对存储过程和存储函数进行权限设置

mysql> select * from procs_privGEmpty set (0.00 sec)mysql> show create table procs_privG*************************** 1. row ***************************       Table: procs_privCreate Table: CREATE TABLE `procs_priv` (  `Host` char(60) COLLATE utf8_bin NOT NULL DEFAULT '',  `Db` char(64) COLLATE utf8_bin NOT NULL DEFAULT '',  `User` char(32) COLLATE utf8_bin NOT NULL DEFAULT '',  `Routine_name` char(64) CHARACTER SET utf8 NOT NULL DEFAULT '',  `Routine_type` enum('FUNCTION','PROCEDURE') COLLATE utf8_bin NOT NULL,  `Grantor` char(93) COLLATE utf8_bin NOT NULL DEFAULT '',  `Proc_priv` set('Execute','Alter Routine','Grant') CHARACTER SET utf8 NOT NULL DEFAULT '',  `Timestamp` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,  PRIMARY KEY (`Host`,`Db`,`User`,`Routine_name`,`Routine_type`),  KEY `Grantor` (`Grantor`)) ENGINE=MyISAM DEFAULT CHARSET=utf8 COLLATE=utf8_bin COMMENT='Procedure privileges'1 row in set (0.00 sec)

routine美[.ru'tin]英[.ru?'ti?n]n.常规；例程；例行程序；正常顺序adj.常规的；例行公事的；日常的；平常的

字段具体说明如下：

Routine_name,表示存储过程或函数的名称Routine_type,表示存储过程或函数的类型，Routine_type 字段有两个值，分别是 FUNCTION 和 PROCEDURE。FUNCTION 表示这是一个函数；PROCEDURE 表示这是一个 存储过程。Grantor,插入或修改该记录的用户Proc_priv,表示拥有的权限，包括 Execute、Alter Routine、Grant 3 种