DROP ROLE
使用 DROP ROLE
语句可删除已用 CREATE ROLE
语句创建的角色。
语法图
DropRoleStmt:
RolenameList:
示例
创建新角色 analyticsteam
和新用户 jennifer
:
$ mysql -uroot
CREATE ROLE analyticsteam;
Query OK, 0 rows affected (0.02 sec)
GRANT SELECT ON test.* TO analyticsteam;
Query OK, 0 rows affected (0.02 sec)
CREATE USER jennifer;
Query OK, 0 rows affected (0.01 sec)
GRANT analyticsteam TO jennifer;
Query OK, 0 rows affected (0.01 sec)
需要注意的是,默认情况下,用户 jennifer
需要执行 SET ROLE analyticsteam
语句才能使用与角色相关联的权限:
$ mysql -ujennifer
SHOW GRANTS;
+---------------------------------------------+
| Grants for User |
+---------------------------------------------+
| GRANT USAGE ON *.* TO 'jennifer'@'%' |
| GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' |
+---------------------------------------------+
2 rows in set (0.00 sec)
SHOW TABLES in test;
ERROR 1044 (42000): Access denied for user 'jennifer'@'%' to database 'test'
SET ROLE analyticsteam;
Query OK, 0 rows affected (0.00 sec)
SHOW GRANTS;
+---------------------------------------------+
| Grants for User |
+---------------------------------------------+
| GRANT USAGE ON *.* TO 'jennifer'@'%' |
| GRANT Select ON test.* TO 'jennifer'@'%' |
| GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' |
+---------------------------------------------+
3 rows in set (0.00 sec)
SHOW TABLES IN test;
+----------------+
| Tables_in_test |
+----------------+
| t1 |
+----------------+
1 row in set (0.00 sec)
执行 SET DEFAULT ROLE
语句将用户 jennifer
与某一角色相关联,这样该用户无需执行 SET ROLE
语句就能拥有与角色相关联的权限。
$ mysql -uroot
SET DEFAULT ROLE analyticsteam TO jennifer;
Query OK, 0 rows affected (0.02 sec)
$ mysql -ujennifer
SHOW GRANTS;
+---------------------------------------------+
| Grants for User |
+---------------------------------------------+
| GRANT USAGE ON *.* TO 'jennifer'@'%' |
| GRANT Select ON test.* TO 'jennifer'@'%' |
| GRANT 'analyticsteam'@'%' TO 'jennifer'@'%' |
+---------------------------------------------+
3 rows in set (0.00 sec)
SHOW TABLES IN test;
+----------------+
| Tables_in_test |
+----------------+
| t1 |
+----------------+
1 row in set (0.00 sec)
删除角色 analyticsteam
:
$ mysql -uroot
DROP ROLE analyticsteam;
Query OK, 0 rows affected (0.02 sec)
Jennifer 不再具有与 analyticsteam 关联的默认角色,或不能再将 analyticsteam 设为启用角色:
$ mysql -ujennifer
SHOW GRANTS;
+--------------------------------------+
| Grants for User |
+--------------------------------------+
| GRANT USAGE ON *.* TO 'jennifer'@'%' |
+--------------------------------------+
1 row in set (0.00 sec)
SET ROLE analyticsteam;
ERROR 3530 (HY000): `analyticsteam`@`%` is is not granted to jennifer@%
MySQL 兼容性
DROP ROLE
语句与 MySQL 8.0 的角色功能完全兼容。如发现任何兼容性差异,请在 GitHub 上提交 issue。