1. The purpose of the experiment:
-
Understand the application of autonomous access control and view mechanisms in database security;
-
Familiar with SQL statements for user management, granting permissions, and withdrawing permissions, and verify their effectiveness;
-
Understand the role of roles and be able to distinguish between roles and users.
2. Experimental content:
According to the different authority requirements of different users on the student elective database, complete the following experiment content.
-
Create users. Master the grammatical structure of creating users, and use relevant SQL statements to create the necessary users according to the requirements of the topic.
-
Create the view. According to the requirements of the topic, create a view for specific data.
-
Grant and revoke permissions. Understand and master the various components of GRANT and REVOKE grammar structure, combine user and role management, design different access authority statements, and debug successfully.
-
Combined with application requirements, understand the role of roles and related operations of role management.
3. Experimental process:
1. Subject requirements:
1. Database: Student Course Selection Database
2. Data table: student table student, course table course, course selection table SC
3.User: admin, stu, teacher,
4. Permission requirements: 
Description:
(1) The admin user has all operation permissions on the database and can grant permissions to other users.
(2) The teacher user can only view the Sno, Sname, Ssex and Sdept fields on the student table.
(2) Students cannot update Sno and department fields.
(3) The teacher can only update the grade field on the SC table.
2. On the basis of the student selection database, complete the permission setting according to the following requirements.
1. Log in with the root account and create users stu, teacher and amdin with a password of 123:
create user 'stu'@'localhost' identified by '123';
create user 'teacher'@'localhost' identified by '123';
create user 'admin'@'localhost' identified by '123' with grant option;
The newly created user can log in to mysql, but has no permission to view the stu_course database.
2. Set corresponding permissions for users according to the requirements and instructions of the form, and test the validity of the settings after the settings are completed.
①Set the authority of admin:
grant all privileges
on student,course,SC to 'u1'@'localhost'
with grant option
②Set the permissions of stu:
grant select
on student,course,SC to'stu'@'localhost';
grant update
on student to'stu'@'localhost';
grant insert
on SC to'stu'@'localhost';
③Set the permissions of the teacher:
grant select on student,course,SC to 'teacher'@'localhost';
grant update on SC(grade) to 'teacher'@'localhost';
3. Create users u1 and u2, grant insert permission on the student table to u1 through the admin user, and allow u1 to grant this permission to other users.
create user 'u1'@'localhost' identified by '123';
create user 'u2'@'localhost' identified by '123';
grant insert
on student to 'u1'@'localhost';
with grant option
4. Grant the insert permission on the student table to the u2 user through the u1 user.
grant insert
on student to 'u2'@'localhost';
5. Withdraw the insert permission of u1 on the student table and verify the permission changes of u1 and u2.
revoke insert
on student to 'u1'@'localhost';
By default, permissions will be cascaded back.