我如何确保'anil'不能从任何名为'%desk%'的机器上运行命令?
mysql> show grants for anil;
+------------------------------------------------------------------------------------+
| Grants for anil@% |
+------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'anil'@'%' |
| GRANT SELECT, CREATE TEMPORARY TABLES, LOCK TABLES ON `production`.* TO 'anil'@'%' |
+------------------------------------------------------------------------------------+
mysql> revoke all privileges, grant option from 'anil'@'%desk%';
ERROR 1269 (HY000): Can't revoke all privileges for one or more of the requested users
mysql> revoke usage on *.* from 'anil'@'%desk%';
ERROR 1141 (42000): There is no such grant defined for user 'anil' on host '%desk%'
mysql> revoke SELECT, CREATE TEMPORARY TABLES, LOCK TABLES ON `production`.* from 'anil'@'%desk%';
ERROR 1141 (42000): There is no such grant defined for user 'anil' on host '%desk%'
MySQL只允许您授予权限,它没有能力授予除特定主机以外的所有,或者以您正在尝试的方式基于主机名拒绝权限。实现这一点的唯一方法是只给用户可接受的主机名权限。REVOKE命令仅删除以前的GRANT ed权限。
如果您的网络碰巧被分解成子域[例如:*.desk.company.tld和*. serve .company.tld],您应该能够授予'anil'@'%.serv.company.tld'或类似的子网:'anil'@'192.168.1.%'。