MySQL 日常运维业务账号权限的控制
程序员文章站
2022-05-29 23:38:40
在MySQL数据库日常运维中,对业务子账号的权限的统一控制十分必要。 业务上基本分为读账号和写账号两种账号,所以可以整理为固定的存储过程,让数据库自动生成对应的库的账号,随机密码。以及统一的读权限,写权限。(这里没有对 host进行过多的限制。只赋给通用的192.168.% 。有兴趣的同学可以在存储 ......
在MySQL数据库日常运维中,对业务子账号的权限的统一控制十分必要。
业务上基本分为读账号和写账号两种账号,所以可以整理为固定的存储过程,让数据库自动生成对应的库的账号,随机密码。以及统一的读权限,写权限。(这里没有对 host进行过多的限制。只赋给通用的192.168.% 。有兴趣的同学可以在存储过程加个参数,对host 控制)
delimiter // set session sql_log_bin=OFF; drop PROCEDURE IF EXISTS `usercrt` // CREATE DEFINER=`root`@`localhost` PROCEDURE `usercrt`(dbname varchar(64),type int,username varchar(16)) COMMENT '创建用户 call usercrt(库名,1/0,'') 1写 0读 。最后一个参数为手动指定用户名,没有指定则用户名默认为 库名_w/r' label:BEGIN DECLARE chars_str varchar(100) DEFAULT 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; DECLARE return_str varchar(255) DEFAULT ''; DECLARE n int DEFAULT 12; DECLARE i INT DEFAULT 0; DECLARE pri_dbgrant VARCHAR(500); DECLARE pri_namepre VARCHAR(500); DECLARE pri_dbname VARCHAR(500); DECLARE check_user VARCHAR(500); DECLARE grantsql VARCHAR(200); DECLARE pri_username VARCHAR(500); DECLARE pri_grant VARCHAR(500); DECLARE notice_msg VARCHAR(500); set notice_msg=' 账号 '; WHILE i < n DO SET return_str = concat(return_str,substring(chars_str , FLOOR(1 + RAND()*62 ),1)); SET i = i +1; END WHILE; IF dbname = '*' THEN SET pri_dbgrant="*.*"; SET pri_namepre="alldb"; ELSE select SCHEMA_NAME INTO pri_dbname FROM information_schema.SCHEMATA where SCHEMA_NAME=dbname and SCHEMA_NAME NOT IN ("information_schema","performance_schema","mysql","sys"); IF pri_dbname IS NOT NULL AND pri_dbname !='' THEN SET pri_namepre=substring(pri_dbname,1,14); SET pri_dbgrant=concat(pri_dbname,'.*'); ELSE select concat('库名错误且不能为系统库,请输入:',group_concat(SCHEMA_NAME)) FROM information_schema.SCHEMATA where SCHEMA_NAME NOT IN ("information_schema","performance_schema","mysql","sys"); leave label; END IF ; END IF; IF TYPE = 0 THEN SET pri_username=CONCAT(pri_namepre,'_r'); set pri_grant="GRANT select on "; set notice_msg=' 读账号 '; ELSEIF TYPE = 1 THEN SET pri_username=CONCAT(pri_namepre,'_w'); set pri_grant="GRANT Show view,select,insert,update,delete on "; set notice_msg=' 写账号 '; ELSE select "读写类型不正确 1 写 0 读"; leave label; END IF; IF username IS NOT NULL AND username !='' THEN SET pri_username =username; END IF; select User INTO check_user from mysql.user where user=pri_username AND Host='192.168.%' ; IF check_user IS NOT NULL AND check_user !='' THEN SET return_str=''; set grantsql=concat(pri_grant,pri_dbgrant,' to ',pri_username,'@"192.168.%"'); ELSE set grantsql=concat(pri_grant,pri_dbgrant,' to ',pri_username,'@"192.168.%" identified by ',"'",return_str,"'"); END IF ; SELECT grantsql; SET @gsql=grantsql; PREPARE STMT FROM @gsql; EXECUTE STMT; DEALLOCATE PREPARE STMT; IF return_str!='' THEN set @crtsql="create table IF NOT EXISTS tmp_pwd(col varchar(100))"; PREPARE STMT2 FROM @crtsql; EXECUTE STMT2; DEALLOCATE PREPARE STMT2; set @intsql=concat("insert into tmp_pwd(col) values('",return_str,"')"); PREPARE STMT3 FROM @intsql; EXECUTE STMT3; DEALLOCATE PREPARE STMT3; END IF; set @showsql=concat(' show grants for ',pri_username,'@"192.168.%"'); PREPARE STMT4 FROM @showsql; EXECUTE STMT4; DEALLOCATE PREPARE STMT4; SELECT CONCAT('数据库名 ',pri_dbname,notice_msg, pri_username,' 密码 ',return_str); END // delimiter ;
上一篇: 爆逗,都坏的很哟!
下一篇: 爆笑之逗B剧场第185季