你的問題是一個挑戰,但最終,即使我們有一個「簡單」的查詢來顯示哪些用戶帳戶沒有任何類型的特權分配(是的,沒有特權),並使用它清潔我們的DB :)
我們理解查詢,讓它分裂到一定程度
第一級,列出沒有列級訪問的每個用戶。
SELECT C.User FROM mysql.user C LEFT JOIN mysql.columns_priv ON (mysql.columns_priv.User = C.User) WHERE (Column_priv=0 OR Column_priv IS NULL) AND mysql.columns_priv.Db IS NULL
第二級,列出沒有表級別權限的用戶,以及僅列出沒有列級別權限的用戶。
SELECT B.User FROM mysql.user B LEFT JOIN mysql.tables_priv ON (mysql.tables_priv.User = B.User) WHERE
mysql.tables_priv.Db IS NULL AND (Table_priv=0 OR Table_priv IS NULL) AND (Column_priv=0 OR Column_priv IS NULL)
AND B.User IN (
SELECT C.User FROM mysql.user C LEFT JOIN mysql.columns_priv ON (mysql.columns_priv.User = C.User) WHERE
(Column_priv=0 OR Column_priv IS NULL) AND mysql.columns_priv.Db IS NULL)
第三級,列出沒有數據庫級別權限的用戶,並列出只有那些沒有訪問前兩個查詢的用戶。
SELECT A.User FROM mysql.user A LEFT JOIN mysql.db ON (mysql.db.User = A.User) WHERE
mysql.db.Db IS NULL
AND A.User IN (
SELECT B.User FROM mysql.user B LEFT JOIN mysql.tables_priv ON (mysql.tables_priv.User = B.User) WHERE
mysql.tables_priv.Db IS NULL AND (Table_priv=0 OR Table_priv IS NULL) AND (Column_priv=0 OR Column_priv IS NULL)
AND B.User IN (
SELECT C.User FROM mysql.user C LEFT JOIN mysql.columns_priv ON (mysql.columns_priv.User = C.User) WHERE
(Column_priv=0 OR Column_priv IS NULL) AND mysql.columns_priv.Db IS NULL)
)
第三級,檢查任何人誰在數據庫級別訪問,並列出誰沒有表/列級別訪問。
最後。
SELECT mysql.user.Host, mysql.user.User
FROM mysql.user WHERE mysql.user.User IN (
SELECT A.User FROM mysql.user A LEFT JOIN mysql.db ON (mysql.db.User = A.User) WHERE
mysql.db.Db IS NULL
AND A.User IN (
SELECT B.User FROM mysql.user B LEFT JOIN mysql.tables_priv ON (mysql.tables_priv.User = B.User) WHERE
mysql.tables_priv.Db IS NULL AND (Table_priv=0 OR Table_priv IS NULL) AND (Column_priv=0 OR Column_priv IS NULL)
AND B.User IN (
SELECT C.User FROM mysql.user C LEFT JOIN mysql.columns_priv ON (mysql.columns_priv.User = C.User) WHERE
(Column_priv=0 OR Column_priv IS NULL) AND mysql.columns_priv.Db IS NULL)
)
) AND CONCAT(Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv,Reload_priv,Shutdown_priv,Process_priv,File_priv,Grant_priv,References_priv,Index_priv,Alter_priv,Show_db_priv,Super_priv,Create_tmp_table_priv,Lock_tables_priv,Execute_priv,Repl_slave_priv,Repl_client_priv,Create_view_priv,Show_view_priv,Create_routine_priv,Alter_routine_priv,Create_user_priv,Event_priv,Trigger_priv,Create_tablespace_priv) NOT LIKE '%Y%'
僅列出那些沒有分配全局訪問權限並匹配其他子查詢條件的人員。
「漂亮直」
編輯:請給予反饋意見,因爲這是查詢只有5.5版本的測試。
請提供您已安裝的完整MySQL服務器版本 –
它在3臺不同的服務器上分別運行'5.0.51a-24 + lenny5-log', '5.5.54-0 + deb7u2'和'5.6.35' – TomRA