SQL語句的分類
- DDL(Data Definition Languages)語句:數據定義語言。這些語句定義了不同的數據段、
數據庫、表、列、索引等數據庫對象的定義。常用的語句關鍵字主要包括create、drop、alter
等。 - DML(Data Manipulation Language)語句:數據操縱語句,用於添加、刪除、更新和查
詢數據庫記錄,並檢查數據完整性,常用的語句關鍵字主要包括insert、delete、udpate 和
select 等。 - DCL(Data Control Language)語句:數據控制語句,用於控制不同數據段直接的許可和
訪問級別的語句。這些語句定義了數據庫、表、字段、用戶的訪問權限和安全級別。主要的
語句關鍵字包括grant、revoke 等。
DCL語句
DCL 語句主要是DBA 用來管理系統中的對象權限時所使用,一般的開發人員很少使用。下面
通過一個例子來簡單說明一下。
創建一個數據庫用戶plf,具有對plf數據庫中所有表的SELECT/INSERT 權限:
mysql> grant select,insert on plf.* to 'plf'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> quit
Bye
[root@mysql ~]# mysql -uplf -p123456 -h 192.168.3.100
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.6.37 Source distribution
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql;
ERROR 1044 (42000): Access denied for user 'plf'@'%' to database 'mysql'
mysql> use plf
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
由於權限變更,需要將 plf 的權限變更,收回 INSERT,只能對數據進行 SELECT 操作,這時我們需要使用root賬戶進行上述操作:
mysql> revoke insert on plf.* from 'plf'@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> quit
Bye
[root@mysql ~]# mysql -uplf -p123456 -h 192.168.3.100
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.6.37 Source distribution
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use plf
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+---------------+
| Tables_in_plf |
+---------------+
| dept |
| emp |
| hk_info |
| log_info |
| user_info |
+---------------+
5 rows in set (0.00 sec)
mysql> insert into dept values(7,'plf');
ERROR 1142 (42000): INSERT command denied to user 'plf'@'192.168.3.100' for table 'dept'
mysql> select*from dept;
+--------+----------+
| deptno | deptname |
+--------+----------+
| 1 | tech |
| 2 | sale |
| 3 | hr |
| 5 | fin |
+--------+----------+
4 rows in set (0.00 sec)
以上例子中的grant和revoke分別授出和收回了用戶plf的部分權限,達到了我們的目的,關於權限的更多內容,將會在第4篇中詳細介紹。