REVOKE <privileges>

REVOKE <privileges> 语句用于删除已有用户的权限。执行 REVOKE <privileges> 语句需要拥有分配的权限,并且拥有 GRANT OPTION 权限。

语法图

GrantStmt
GRANTPrivElemListONObjectTypePrivLevelTOUserSpecListRequireClauseOptWithGrantOptionOpt
PrivElemList
PrivElem,
PrivElem
PrivType(ColumnNameList)
PrivType
ALLPRIVILEGESALTERROUTINECREATEUSERTEMPORARYTABLESVIEWROLEROUTINETRIGGERDELETEDROPROLEPROCESSEXECUTEINDEXINSERTSELECTSUPERSHOWDATABASESVIEWUPDATEGRANTOPTIONREFERENCESREPLICATIONSLAVECLIENTUSAGERELOADFILECONFIGLOCKTABLESEVENTSHUTDOWN
ObjectType
TABLE
PrivLevel
*.*Identifier.*Identifier
UserSpecList
UserSpec,
RequireClauseOpt
REQUIRENONESSLX509RequireListElementAND
RequireListElement
ISSUERIssuerSUBJECTSubjectCIPHERCipherSANSANTOKEN_ISSUERTokenIssuer

示例

CREATE USER 'newuser' IDENTIFIED BY 'mypassword';
Query OK, 1 row affected (0.02 sec)
GRANT ALL ON test.* TO 'newuser';
Query OK, 0 rows affected (0.03 sec)
SHOW GRANTS FOR 'newuser';
+-------------------------------------------------+ | Grants for newuser@% | +-------------------------------------------------+ | GRANT USAGE ON *.* TO 'newuser'@'%' | | GRANT ALL PRIVILEGES ON test.* TO 'newuser'@'%' | +-------------------------------------------------+ 2 rows in set (0.00 sec)
REVOKE ALL ON test.* FROM 'newuser';
Query OK, 0 rows affected (0.03 sec)
SHOW GRANTS FOR 'newuser';
+-------------------------------------+ | Grants for newuser@% | +-------------------------------------+ | GRANT USAGE ON *.* TO 'newuser'@'%' | +-------------------------------------+ 1 row in set (0.00 sec)
DROP USER 'newuser';
Query OK, 0 rows affected (0.14 sec)
SHOW GRANTS FOR 'newuser';
ERROR 1141 (42000): There is no such grant defined for user 'newuser' on host '%'

MySQL 兼容性

REVOKE <privileges> 语句执行成功后,在 TiDB 中语句执行的结果会在当前连接立即生效,而 MySQL 中部分权限的结果需要等到之后的连接才生效。见 TiDB #39356

另请参阅