无为,多年 MySQL DBA 工作经验,现就职于某知名互联网公司,对 MySQL、 Redis、PostgrepSQL 等主流数据库有一定了解,拥有丰富的一线运维经验。
1 配置 proxy
mysql> show variables like "%proxy%"; #查看当前proxy是否开启,OFF 表示没有开启+-----------------------------------+-------+| Variable_name | Value |+-----------------------------------+-------+| check_proxy_users | OFF || mysql_native_password_proxy_users | OFF || proxy_user | || sha256_password_proxy_users | OFF |+-----------------------------------+-------+4 rows in set (0.02 sec)mysql> set global check_proxy_users =on;Query OK, 0 rows affected (0.00 sec)mysql> set global mysql_native_password_proxy_users = on;Query OK, 0 rows affected (0.01 sec)mysql> exit
2 创建角色和用户
mysql> create user role_dba;Query OK, 0 rows affected (1.03 sec)mysql> create user 'jack';Query OK, 0 rows affected (0.01 sec)mysql> create user 'mary';Query OK, 0 rows affected (0.01 sec)
3 权限映射
将 role_dba 的权限映射( map )到 jack 、mary
mysql> grant proxy on role_dba to jack;Query OK, 0 rows affected (0.02 sec)mysql> grant proxy on role_dba to mary;Query OK, 0 rows affected (0.01 sec)
4 给用户赋权
给 role_dba 赋权(模拟 role 赋权)
mysql> grant select on *.* to role_dba;Query OK, 0 rows affected (0.01 sec)mysql> show grants for role_dba;+---------------------------------------+| Grants for role_dba@% |+---------------------------------------+| GRANT SELECT ON *.* TO 'role_dba'@'%' |+---------------------------------------+1 row in set (0.00 sec)mysql> show grants for jack;+---------------------------------------------+| Grants for jack@% |+---------------------------------------------+| GRANT USAGE ON *.* TO 'jack'@'%' || GRANT PROXY ON 'role_dba'@'%' TO 'jack'@'%' |+---------------------------------------------+2 rows in set (0.00 sec)mysql> show grants for mary;+---------------------------------------------+| Grants for mary@% |+---------------------------------------------+| GRANT USAGE ON *.* TO 'mary'@'%' || GRANT PROXY ON 'role_dba'@'%' TO 'mary'@'%' |+---------------------------------------------+2 rows in set (0.00 sec)
5 查看 mysql.proxies_priv
mysql> select * from mysql.proxies_priv;+-----------+------+--------------+--------------+------------+----------------------+---------------------+| Host | User | Proxied_host | Proxied_user | With_grant | Grantor | Timestamp |+-----------+------+--------------+--------------+------------+----------------------+---------------------+| localhost | root | | | 1 | boot@connecting host | 0000-00-00 00:00:00 || % | will | % | will_dba | 0 | root@localhost | 0000-00-00 00:00:00 || % | tom | % | will_dba | 0 | root@localhost | 0000-00-00 00:00:00 || % | jack | % | role_dba | 0 | root@localhost | 0000-00-00 00:00:00 || % | mary | % | role_dba | 0 | root@localhost | 0000-00-00 00:00:00 |+-----------+------+--------------+--------------+------------+----------------------+---------------------+5 rows in set (0.01 sec)
6 验证
$ mysql -h 127.0.0.1 -u jackWelcome to the MySQL monitor. Commands end with ; or \g.Your MySQL connection id is 249Server version: 5.7.28-log MySQL Community Server (GPL)Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or itsaffiliates. Other names may be trademarks of their respectiveowners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.mysql> select * from test.ssd limit 1;+---+------+------+| a | b | c |+---+------+------+| 1 | NULL | NULL |+---+------+------+1 row in set (0.01 sec)
各大平台都可以找到我
微信公众号:杨建荣的学习笔记 Github:@jeanron100 CSDN:@jeanron100 知乎:@jeanron100 头条号:@杨建荣的学习笔记 网易号:@杨建荣的数据库笔记 大鱼号:@杨建荣的数据库笔记 百家号:@杨建荣的数据库笔记 腾讯云+社区:@杨建荣的学习笔记
QQ群号:763628645
QQ群二维码如下, 添加请注明:姓名+地区+职位,否则不予通过
文章转载自杨建荣的学习笔记,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
