table of Contents
Category SQL statements
- DDL (Data Definition Languages) statement: data definition language. These statements define different data segments,
defined in the database of database objects, tables, columns, indexes. Common statement keywords including create, drop, alter
and so on. - DML (Data Manipulation Language) statements: data manipulation statements to add, delete, update and search
query database record and checks data integrity, common keyword statements include insert, delete, udpate and
select and so on. - DCL (Data Control Language) statements: Control statements data for direct control of licenses and different data segment
access levels statement. These statements define the databases, tables, fields, user access rights and security levels. The main
statement keywords include grant, revoke and so on.
DCL statement
DCL statement is mainly used when the DBA to object permissions management system, general developers rarely used. Following
through a simple example to illustrate this point.
Create a database user plf, have all the table plf database SELECT / INSERT permissions:
mysql> grant select,insert on plf.* to 'plf'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> quit
Bye
[root@mysql ~]# mysql -uplf -p123456 -h 192.168.3.100
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.6.37 Source distribution
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use mysql;
ERROR 1044 (42000): Access denied for user 'plf'@'%' to database 'mysql'
mysql> use plf
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changedSince permission to change permissions plf needs to change, withdraw INSERT, SELECT data can only operate, then we need to use the root account possible:
mysql> revoke insert on plf.* from 'plf'@'%';
Query OK, 0 rows affected (0.00 sec)
mysql> quit
Bye
[root@mysql ~]# mysql -uplf -p123456 -h 192.168.3.100
Warning: Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 9
Server version: 5.6.37 Source distribution
Copyright (c) 2000, 2017, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> use plf
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+---------------+
| Tables_in_plf |
+---------------+
| dept |
| emp |
| hk_info |
| log_info |
| user_info |
+---------------+
5 rows in set (0.00 sec)
mysql> insert into dept values(7,'plf');
ERROR 1142 (42000): INSERT command denied to user 'plf'@'192.168.3.100' for table 'dept'
mysql> select*from dept;
+--------+----------+
| deptno | deptname |
+--------+----------+
| 1 | tech |
| 2 | sale |
| 3 | hr |
| 5 | fin |
+--------+----------+
4 rows in set (0.00 sec)
The above example of grant and revoke are granted and to recover some of the privileges the user plf achieve our aim, more about rights, will be described in detail in Part IV.