Last active
October 24, 2016 14:14
-
-
Save yoshi-taka/3a0ffc4ec8068e11b4f675dd0e2021fe to your computer and use it in GitHub Desktop.
MySQL権限一覧をきれいに作る方法と、rootユーザー以外で棚卸しする方法 ref: http://qiita.com/yoshi-taka/items/94467014ec7e9e3e8ec8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SELECT * FROM information_schema.user_privileges; -- グローバルレベル権限のリスト | |
SELECT * FROM information_schema.schema_privileges; -- データベースレベル権限のリスト | |
SELECT * FROM information_schema.table_privileges; -- テーブルレベル権限のリスト | |
SELECT * FROM information_schema.column_privileges; -- カラムレベル権限のリスト |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-- グローバルレベル権限のリスト | |
SELECT | |
grantee user, GROUP_CONCAT(privilege_type ORDER BY privilege_type) privileges | |
FROM | |
information_schema.user_privileges | |
GROUP BY | |
grantee; | |
-- データベースレベル権限のリスト | |
SELECT | |
grantee user, table_schema db, GROUP_CONCAT(privilege_type ORDER BY privilege_type) privileges | |
FROM | |
information_schema.schema_privileges | |
GROUP BY | |
grantee, table_schema; | |
-- テーブルレベル権限のリスト | |
SELECT | |
grantee user, table_schema db, table_name tbl, GROUP_CONCAT(privilege_type ORDER BY privilege_type) privileges | |
FROM | |
information_schema.table_privileges | |
GROUP BY | |
grantee, table_schema, table_name; | |
-- カラムレベル権限のリスト | |
SELECT | |
grantee user, table_schema db, table_name tbl, column_name clmn, GROUP_CONCAT(privilege_type ORDER BY privilege_type) privileges | |
FROM | |
information_schema.column_privileges | |
GROUP BY | |
grantee, table_schema, table_name, column_name; | |
-- GROUP_CONCAT関数はANSI SQL非標準 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(SELECT grantee user, '*' db, '*' tbl, '*' clmn, GROUP_CONCAT(privilege_type ORDER BY privilege_type) privileges FROM information_schema.user_privileges GROUP BY grantee) | |
UNION | |
(SELECT grantee user, table_schema db, '*' tbl, '*' clmn, GROUP_CONCAT(privilege_type ORDER BY privilege_type) privileges FROM information_schema.schema_privileges GROUP BY grantee, table_schema) | |
UNION | |
(SELECT grantee user, table_schema db, table_name tbl, '*' clmn, GROUP_CONCAT(privilege_type ORDER BY privilege_type) privileges FROM information_schema.table_privileges GROUP BY grantee, table_schema, table_name) | |
UNION | |
(SELECT grantee user, table_schema db, table_name tbl, column_name clmn, GROUP_CONCAT(privilege_type ORDER BY privilege_type) privileges FROM information_schema.column_privileges GROUP BY grantee, table_schema, table_name, column_name) | |
ORDER BY user, db, tbl, clmn; | |
-- 結果例 | |
+----------------+-------+------+------------------+---------------+ | |
| user | db | tbl | clmn | privileges | | |
+----------------+-------+------+------------------+---------------+ | |
| 'testuser'@'%' | * | * | * | FILE,PROCESS | | |
| 'testuser'@'%' | mysql | * | * | SELECT,INSERT | | |
| 'testuser'@'%' | mysql | user | * | DELETE | | |
| 'testuser'@'%' | mysql | user | password_expired | UPDATE | | |
+----------------+-------+------+------------------+---------------+ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
-- 棚卸し用ユーザー | |
-- テーブルレベル(mysql.userなど)では効果がなく、データベースレベルが必要 | |
GRANT SELECT ON mysql.* to listmaker; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
CREATE SQL SECURITY DEFINER VIEW sampledb.db_privileges AS | |
SELECT grantee, table_schema, priviledge_type | |
FROM information_schema.schema_privileges; -- Viewを作る |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment