DROP ROLE

使用 DROP ROLE 语句可删除已用 CREATE ROLE 语句创建的角色。

语法图

DropRoleStmt:

DropRoleStmt

RolenameList:

RolenameList

示例

创建新角色 analyticsteam 和新用户 jennifer

$ mysql -uroot CREATE ROLE analyticsteam; Query OK, 0 rows affected (0.02 sec) GRANT SELECT ON test.* TO analyticsteam; Query OK, 0 rows affected (0.02 sec) CREATE USER jennifer; Query OK, 0 rows affected (0.01 sec) GRANT analyticsteam TO jennifer; Query OK, 0 rows affected (0.01 sec)

需要注意的是,默认情况下,用户 jennifer 需要执行 SET ROLE analyticsteam 语句才能使用与角色相关联的权限:

$ mysql -ujennifer SHOW GRANTS; +---------------------------------------------+ | Grants for User | +---------------------------------------------+ | GRANT USAGE ON *.* TO 'jennifer'@'%' | | GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' | +---------------------------------------------+ 2 rows in set (0.00 sec) SHOW TABLES in test; ERROR 1044 (42000): Access denied for user 'jennifer'@'%' to database 'test' SET ROLE analyticsteam; Query OK, 0 rows affected (0.00 sec) SHOW GRANTS; +---------------------------------------------+ | Grants for User | +---------------------------------------------+ | GRANT USAGE ON *.* TO 'jennifer'@'%' | | GRANT Select ON test.* TO 'jennifer'@'%' | | GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' | +---------------------------------------------+ 3 rows in set (0.00 sec) SHOW TABLES IN test; +----------------+ | Tables_in_test | +----------------+ | t1 | +----------------+ 1 row in set (0.00 sec)

执行 SET DEFAULT ROLE 语句将用户 jennifer 与某一角色相关联,这样该用户无需执行 SET ROLE 语句就能拥有与角色相关联的权限。

$ mysql -uroot SET DEFAULT ROLE analyticsteam TO jennifer; Query OK, 0 rows affected (0.02 sec)
$ mysql -ujennifer SHOW GRANTS; +---------------------------------------------+ | Grants for User | +---------------------------------------------+ | GRANT USAGE ON *.* TO 'jennifer'@'%' | | GRANT Select ON test.* TO 'jennifer'@'%' | | GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' | +---------------------------------------------+ 3 rows in set (0.00 sec) SHOW TABLES IN test; +----------------+ | Tables_in_test | +----------------+ | t1 | +----------------+ 1 row in set (0.00 sec)

删除角色 analyticsteam

$ mysql -uroot DROP ROLE analyticsteam; Query OK, 0 rows affected (0.02 sec)

Jennifer 不再具有与 analyticsteam 关联的默认角色,或不能再将 analyticsteam 设为启用角色:

$ mysql -ujennifer SHOW GRANTS; +--------------------------------------+ | Grants for User | +--------------------------------------+ | GRANT USAGE ON *.* TO 'jennifer'@'%' | +--------------------------------------+ 1 row in set (0.00 sec) SET ROLE analyticsteam; ERROR 3530 (HY000): `analyticsteam`@`%` is is not granted to jennifer@%

MySQL 兼容性

DROP ROLE 语句与 MySQL 8.0 的角色功能完全兼容。如发现任何兼容性差异,请在 GitHub 上提交 issue

另请参阅