MySQL的数据控制语言DCL

SHOW GRANTS;/显示当前用户权限
SHOW GRANTS FOR 'pinnsvin'@'localhost';/显示指定用户权限
SHOW GRANTS FOR CURRENT_USER();/显示当前用户权限

GRANT
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
TO user_specification [, user_specification] ...
[REQUIRE {NONE | ssl_option [[AND] ssl_option] ...}]
[WITH {GRANT OPTION | resource_option} ...]
/代理
GRANT PROXY ON user_specification
TO user_specification [, user_specification] ...
[WITH GRANT OPTION]/联级授权，选了此项，该用户有权将自己的权限授予自己创建的子用户
/授权目标对象类型
object_type: {
TABLE
| FUNCTION
| PROCEDURE
}
/授权目标
priv_level: {
*
| *.*
| db_name.*
| db_name.tbl_name
| tbl_name
| db_name.routine_name
}
/授权用户
user_specification:
user [ auth_option ]

auth_option: {
IDENTIFIED BY 'auth_string'
| IDENTIFIED BY PASSWORD 'hash_string'
| IDENTIFIED WITH auth_plugin
| IDENTIFIED WITH auth_plugin AS 'hash_string'
}
/SSL设置
ssl_option: {
SSL
| X509
| CIPHER 'cipher'
| ISSUER 'issuer'
| SUBJECT 'subject'
}

resource_option: {
| MAX_QUERIES_PER_HOUR count /允许用户每小时执行的查询语句数量
| MAX_UPDATES_PER_HOUR count /允许用户每小时执行更新语句数量
| MAX_CONNECTIONS_PER_HOUR count /允许用户每小时连接的次数
| MAX_USER_CONNECTIONS count /允许用户同时连接服务器的数量
}

/先要创建一个用户，创建了一个名为jeffrey，登录主机为localhost，密码为mypass的用户
CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY 'mypass';
/授予了用户jeffrey@localhost对数据库db1下所有数据表所有操作权限
GRANT ALL ON db1.* TO 'jeffrey'@'localhost';
/授予了用户'jeffrey'@'localhost'对数据库db2下invoice数据表的查询权限
GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';
/USAGE意指无权限，用户jeffrey@localhost 在一个小时内只有90次查询权限
GRANT USAGE ON *.* TO 'jeffrey'@'localhost' WITH MAX_QUERIES_PER_HOUR 90;

REVOKE
priv_type [(column_list)]
[, priv_type [(column_list)]] ...
ON [object_type] priv_level
FROM user [, user] ...

REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user [, user] ...
/授权代理
REVOKE PROXY ON user
FROM user [, user] ...

/撤回了用户jeffrey@localhost对数据库db1下所有数据表所有操作权限
REVOKE ALL ON db1.* FROM 'jeffrey'@'localhost';
/撤回了用户'jeffrey'@'localhost'对数据库db2下invoice数据表的查询权限
REVOKE SELECT ON db2.invoice FROM 'jeffrey'@'localhost';