当前位置:网站首页>Database Experiment 5 Security Language Experiment
Database Experiment 5 Security Language Experiment
2022-04-23 21:45:00 【Hebuter-Rui】
1. The experiment purpose
Master the definition and maintenance method of autonomous access control authority .
2. The contents and requirements of the experiment
Define users 、 role , Assign permissions to users and roles 、 Recycling permissions , Log in to the database with the corresponding user name to verify whether the permission allocation is correct .
3. The experimental steps
(1) Create user :
① For purchasing 、 Manager of sales and customer management David、Tom、Jerry Create a user representation , Require the right to create users or roles .
Source code :
CREATE USER 'David'@'localhost' IDENTIFIED BY '123456';
CREATE USER 'Tom'@'localhost' IDENTIFIED BY '123456';
CREATE USER 'Jerry'@'localhost' IDENTIFIED BY '123456';
GRANT CREATE USER,
CREATE ROLE ON *.* TO 'David'@'localhost' WITH GRANT OPTION;
GRANT CREATE USER,
CREATE ROLE ON *.* TO 'Tom'@'localhost' WITH GRANT OPTION;
GRANT CREATE USER,
CREATE ROLE ON *.* TO 'Jerry'@'localhost' WITH GRANT OPTION;Results screenshots :
② For purchasing 、 Sales and customer management Marry、Jack、Mike Create user ID and user password .
Source code :
CREATE USER 'Marry'@'localhost' IDENTIFIED BY '123456';
CREATE USER 'Jack'@'localhost' IDENTIFIED BY '123456';
CREATE USER 'Mike'@'localhost' IDENTIFIED BY '123456';Results screenshots :
(2) Create roles and assign permissions :
① Each department creates a query role , And assign corresponding query permissions . Purchase corresponds to : Parts list 、 Supplier list 、 Parts supply contact list
Sales correspondence : Order list and order details
The customer corresponds to : Customer watch 、 Country table 、 District Table
Source code :
CREATE ROLE 'SELECT_David'@'localhost';
GRANT SELECT
ON test.part TO 'SELECT_David'@'localhost';
GRANT SELECT
ON test.supplier TO 'SELECT_David'@'localhost';
GRANT SELECT
ON test.partsupp TO 'SELECT_David'@'localhost';
CREATE ROLE 'SELECT_Tom'@'localhost';
GRANT SELECT
ON test.orders TO 'SELECT_Tom'@'localhost';
GRANT SELECT
ON test.lineitem TO 'SELECT_Tom'@'localhost';
CREATE ROLE 'SELECT_Jerry'@'localhost';
GRANT SELECT
ON test.customer TO 'SELECT_Jerry'@'localhost';
GRANT SELECT
ON test.nation TO 'SELECT_Jerry'@'localhost';
GRANT SELECT
ON test.region TO 'SELECT_Jerry'@'localhost';Results screenshots :
② Create an employee role for each department , Have the ability to view this department 、 Insert permissions .
Source code :
CREATE ROLE 'WORKERS_Marry'@'localhost';
GRANT SELECT,INSERT
ON test.part TO 'WORKERS_Marry'@'localhost';
GRANT SELECT,INSERT
ON test.supplier TO 'WORKERS_Marry'@'localhost';
GRANT SELECT,INSERT
ON test.partsupp TO 'WORKERS_Marry'@'localhost';
CREATE ROLE 'WORKERS_Jack'@'localhost';
GRANT SELECT,INSERT
ON test.orders TO 'WORKERS_Jack'@'localhost';
GRANT SELECT,INSERT
ON test.lineitem TO 'WORKERS_Jack'@'localhost';
CREATE ROLE 'WORKERS_Mike'@'localhost';
GRANT SELECT,INSERT
ON test.customer TO 'WORKERS_Mike'@'localhost';
GRANT SELECT,INSERT
ON test.nation TO 'WORKERS_Mike'@'localhost';
GRANT SELECT,INSERT
ON test.region TO 'WORKERS_Mike'@'localhost';Results screenshots :
③ Create a manager role for each department , The corresponding role has full control over the information of the Department , The manager has the right to assign authority to the staff of his department
Source code :
CREATE ROLE 'MANAGER_David'@'localhost';
GRANT ALL PRIVILEGES ON test.part TO 'MANAGER_David'@'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON test.supplier TO 'MANAGER_David'@'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON test.partsupp TO 'MANAGER_David'@'localhost' WITH GRANT OPTION;
CREATE ROLE 'MANAGER_Tom'@'localhost';
GRANT ALL PRIVILEGES ON test.orders TO 'MANAGER_Tom'@'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON test.lineitem TO 'MANAGER_Tom'@'localhost' WITH GRANT OPTION;
CREATE ROLE 'MANAGER_Jerry'@'localhost';
GRANT ALL PRIVILEGES ON test.customer TO 'MANAGER_Jerry'@'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON test.nation TO 'MANAGER_Jerry'@'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON test.region TO 'MANAGER_Jerry'@'localhost' WITH GRANT OPTION;Results screenshots :
(3) Assign permissions to users
Need to activate the role !!!
set default role all to David;
① Assign authority to each department manager .
Source code :
GRANT 'MANAGER_David'@'localhost' TO 'David'@'localhost';
GRANT 'MANAGER_Tom'@'localhost' TO 'Tom'@'localhost';
GRANT 'MANAGER_Jerry'@'localhost' TO 'Jerry'@'localhost';Results screenshots :
② Assign authority to the staff of each department .
Source code :
GRANT 'WORKERS_Marry'@'localhost' TO 'Marry'@'localhost';
GRANT 'WORKERS_Jack'@'localhost' TO 'Jack'@'localhost';
GRANT 'WORKERS_Mike'@'localhost' TO 'Mike'@'localhost';Results screenshots :
(4) Recycling Roles or user permissions
① Withdraw the customer information viewing permission of the role of customer manager .
Source code :
REVOKE SELECT
ON TABLE test.customer
FROM
'MANAGER_Jerry'@'localhost';
REVOKE SELECT
ON TABLE test.nation
FROM
'MANAGER_Jerry'@'localhost';
REVOKE SELECT
ON TABLE test.region
FROM
'MANAGER_Jerry'@'localhost';Results screenshots :
② Recycling Mike Employee authority of the customer department .
because Mike The permissions are WORKERS_Mike Granted , Cannot view permissions by itself , Therefore, it is necessary to recover WORKERS_Mike The right to withdraw Mike Authority .
Source code :
REVOKE ALL PRIVILEGES
ON TABLE test.customer
FROM
'WORKERS_Mike'@'localhost';
REVOKE ALL PRIVILEGES
ON TABLE test.nation
FROM
'WORKERS_Mike'@'localhost';
REVOKE ALL PRIVILEGES
ON TABLE test.region
FROM
'WORKERS_Mike'@'localhost';Results screenshots :
(5) Verify the correctness of permission assignment
① With David Login to the database , Verify the authority of the purchasing department manager .
This part of the experiment is carried out on the command line , The code and results are as follows .
Screenshot of source code and results :
Use on the command line
mysql -u David -pCommand and enter the password 123456 Sign in David User's identity
Use
SELECT *
FROM test.customer;Command query customer table , An error at this time David The user does not have permission to query the customer table
Use
SELECT *
FROM test.part; Command to query the parts table , At this point, the query is successful , Prove that the permission is granted correctly 
② Recycling Mike Employee authority of the customer department .
Screenshot of source code and results :
With Mike Identity login database , Using a database test, Report errors , Prove that after the last recycling permission ,Mike You no longer have permission to use this database .
版权声明
本文为[Hebuter-Rui]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204200618536864.html
边栏推荐
- Solve importerror: cannot import name 'imread' from 'SciPy misc‘
- [leetcode sword finger offer 10 - II. Frog jumping steps (simple)]
- Introduce structured concurrency and release swift 5.5!
- [leetcode sword finger offer 28. Symmetric binary tree (simple)]
- Plato Farm元宇宙IEO上线四大,链上交易颇高
- Amazon and epic will be settled, and the Microsoft application mall will be opened to third parties
- The computer is out of power. How did I pass the terrible interview of Tencent cloud?
- 管道和xargs
- DW basic course (II)
- ERP function_ Financial management_ Basic concepts of Finance
猜你喜欢
Express③(使用Express编写接口、跨域有关问题)
Deep analysis of C language pointer (Part I)
![[leetcode sword finger offer 58 - I. flip word order (simple)]](/img/25/e000531faeaee2eac18d9a634e203b.png)
[leetcode sword finger offer 58 - I. flip word order (simple)]
Resolve the "chromedriver executable needs to be in path" error
Is rust more suitable for less experienced programmers?
Pipes and xargs
Based on jsplumb JS to achieve multi list one to many connection effect
CUDA, NVIDIA driver, cudnn download address and version correspondence
Subcontracting of wechat applet based on uni app
What if Jenkins forgot his password
随机推荐
Amazon and epic will be settled, and the Microsoft application mall will be opened to third parties
Oracle updates the data of different table structures and fields to another table, and then inserts it into the new table
Detailed explanation of basic assembly instructions of x86 architecture
How to use the project that created SVN for the first time
DW basic tutorial (I)
Error message: b04access.00f eve'. Read of address 000001B4
[leetcode refers to offer 22. The penultimate node in the linked list (simple)]
Keywords static, extern + global and local variables
Arm architecture assembly instructions, registers and some problems
pytorch 1.7. The model saved by X training cannot be loaded in version 1.4 or earlier
Flomo software recommendation
Preliminary analysis of Airbase
ubutnu20安裝CenterNet
2.整理华子面经--2
Problem brushing plan -- dynamic programming (III)
Tencent cloud has two sides in an hour, which is almost as terrible as one side..
一文解决浏览器跨域问题
2. Finishing huazi Mianjing -- 2
Opencv application -- jigsaw puzzle
[leetcode sword finger offer 10 - II. Frog jumping steps (simple)]