PingKai Logo下载
搜索

REVOKE <privileges>

REVOKE <privileges> 语句用于删除已有用户的权限。执行 REVOKE <privileges> 语句需要拥有分配的权限,并且拥有 GRANT OPTION 权限。

从 v8.5.6 版本开始,TiDB 支持兼容 MySQL 的列级权限管理机制,你可以在 REVOKE 中指定列名列表,例如,REVOKE SELECT(col2) ON test.tbl FROM 'user'@'host';。更多信息参见列级权限管理

语法图

RevokeStmt
REVOKE PrivElemList ON ObjectType PrivLevel FROM UserSpecList
PrivElemList
PrivElem ,
PrivElem
PrivType ( ColumnNameList )
PrivType
ALL PRIVILEGES ALTER ROUTINE CREATE USER TEMPORARY TABLES VIEW ROLE ROUTINE TRIGGER DELETE DROP ROLE PROCESS EXECUTE INDEX INSERT SELECT SUPER SHOW DATABASES VIEW UPDATE GRANT OPTION REFERENCES REPLICATION SLAVE CLIENT USAGE RELOAD FILE CONFIG LOCK TABLES EVENT SHUTDOWN
ObjectType
TABLE
PrivLevel
* . * Identifier . * Identifier
UserSpecList
UserSpec ,

示例

CREATE USER 'newuser' IDENTIFIED BY 'mypassword';
Query OK, 1 row affected (0.02 sec)
GRANT ALL ON test.* TO 'newuser';
Query OK, 0 rows affected (0.03 sec)
SHOW GRANTS FOR 'newuser';
+-------------------------------------------------+
| Grants for newuser@%                            |
+-------------------------------------------------+
| GRANT USAGE ON *.* TO 'newuser'@'%'             |
| GRANT ALL PRIVILEGES ON test.* TO 'newuser'@'%' |
+-------------------------------------------------+
2 rows in set (0.00 sec)
REVOKE ALL ON test.* FROM 'newuser';
Query OK, 0 rows affected (0.03 sec)
SHOW GRANTS FOR 'newuser';
+-------------------------------------+
| Grants for newuser@%                |
+-------------------------------------+
| GRANT USAGE ON *.* TO 'newuser'@'%' |
+-------------------------------------+
1 row in set (0.00 sec)
DROP USER 'newuser';
Query OK, 0 rows affected (0.14 sec)
SHOW GRANTS FOR 'newuser';
ERROR 1141 (42000): There is no such grant defined for user 'newuser' on host '%'

MySQL 兼容性

REVOKE <privileges> 语句执行成功后,在 TiDB 中语句执行的结果会在当前连接立即生效,而 MySQL 中部分权限的结果需要等到之后的连接才生效。见 TiDB #39356

另请参阅