[Translated to] take effect when the flush privileges

Others 2019-11-15 07:52:03 views: null

# Preface:

In recent frequent mysql access control here roadblock in front, after I read some information, simply translate what the official described the gateway to flush privileges, and start a discussion.
 

# Translate text:

If the mysqld server is started without the -skip-grant-tables option, it reads all grant table contents into memory during its startup sequence. The in-memory tables become effective for access control at that point.

If mysqld service is not using the --skip-grant-tables option to start, mysql reads into memory at startup will process all of the content permissions on the table. In this case, the table will control access memory effect.

 

If you modify the grant tables indirectly using an account-management statement, the server notices these changes and loads the grant tables into memory again immediately. Examples include GRANT, REVOKE, SET PASSWORD, and RENAME USER.

If you do not directly use the account management statement to modify the permissions table, mysql service will notice these changes and immediately loaded into memory. Account management statements include GRANT, REVOKE, SET PASSWORD, RENAME USER four.

 

If you modify the grant tables directly using statements such as INSERT, UPDATE, or DELETE(which is not recommended), the changes have no effect on privilege checking until you either tell the server to reload the tables or restart it. Thus, if you change the grant tables directly but forget to reload them, the changes have no effect until you restart the server. This may leave you wondering why your changes seem to make no difference!

If you just use INSERT, UPDATE, DELETE (DELETE not recommended) to modify permissions on the table, unless you reload the table, or restart the database, these operations will not affect the permission checks. Therefore, if you modify the permissions on the table but forget to reload them until you restart the database, this modification are invalid. This may make you discover why you modify the name, but to no avail!

 

To tell the server to reload the grant tables, perform a flush-privileges operation. This can be done by issuing a FLUSH PRIVILEGES statement or by executing a mysqladmin flush-privileges or mysqladmin reload command.

To tell the server to reload the privilege tables, you need to perform a refresh permission command. We can perform in the database FLUSH PRIVILEGES statement or execute the command line mysqladmin flush privileges or mysqladmin reload command.

 

A grant table reload affects privileges for each existing client session as follows:

  • Table and column privilege changes take effect with the client's next request.

  • Database privilege changes take effect the next time the client executes a USE *db_name* statement.

**Note**

**Client applications may cache the database name; thus, this effect may not be visible to them without actually changing to a different database.**
  • Global privileges and passwords are unaffected for a connected client. These changes take effect only in sessions for subsequent connections.

Each time permissions on the table will have the following impact on the load session:

  • Table and row-level permissions will be at the next session connection changing

  • Database-level permissions will be at the next USE DB_NAME after the change.

    Note: Due to caching client, if not really switch databases, change the entry may be difficult to detect.

  • In the same connection, the global privileges and passwords are not changed. Only open a new session, to take effect.

 

If the server is started with the --skip-grant-tables option, it does not read the grant tables or implement any access control. Any user can connect and perform any operation, which is insecure. To cause a server thus started to read the tables and enable access checking, flush the privileges.

If the session with --skip-grant-tables option is enabled, it does not read permission on the table, and no rights associated access control. Anyone can --skip-grant-tables are connected and operate, which is unsafe. If you start reading from the server access permissions table and assurance check, please refresh permission.

 

# to sum up:

  1. flush privileges command is the role that is written into memory in the modified disk space, to take effect immediately.
  2. Suitable for flush privileges command: INSERT, UPDATE, DELETE
  3. Not suitable for use or do not need to flush privileges command: GRANT, REVOKE, SET PASSWORD, RENAME USER
  4. After-related changes (especially GRANT, REVOKE two boxes of operation, very dangerous), do not, do not, do not easily withdraw an existing connection, otherwise there is a you cry!

 

#postscript

Link address, taken from the official website:
privileges Changes https://dev.mysql.com/doc/refman/5.7/en/privilege-changes.html )

Guess you like

Origin www.cnblogs.com/young233/p/11863777.html
Recommended
Ranking
稀疏数组(狂神)
Windows11 system configuration Pycharm installation tutorial
[From the springboard machine ssh to the intranet target server] Configure vscode to achieve remote connection
Architecture python program
C language test code binary tree search
Questions about University website maintenance
echarts sized digital dashboards
Layui table click event
fantasy function
Windows turns on CPU virtualization + turns off Hyper-V
Daily
More
2024-07-31(0)
2024-07-30(0)
2024-07-29(0)
2024-07-28(0)
2024-07-27(0)
2024-07-26(0)
2024-07-25(0)
2024-07-24(0)
2024-07-23(0)
2024-07-22(0)

Code World

© 2018 codetd.com