Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.Original topic: TiDB 用户权限信息存储在哪些系统表中?
|
username: OnTheRoad
In MySQL, user privilege information is stored in the INFORMATION_SCHEMA.SCHEMA_PRIVILEGES and INFORMATION_SCHEMA.TABLE_PRIVILEGES tables. You can retrieve all privilege information with a single SQL statement.
USE INFORMATION_SCHEMA;
SELECT V.USER AS Username,
V.HOST AS Host,
V.FULLNAME AS Fullname,
V.OBJ_NAME AS ObjectName,
V.PRIVILEGES AS Privileges,
V.GRANTS_SQL AS GrantSQL
FROM
(
SELECT SUBSTR(SUBSTRING_INDEX(T1.GRANTEE,'@',1),2,LENGTH(SUBSTRING_INDEX(T1.GRANTEE,'@',1))-2) AS USER,
SUBSTR(GRANTEE,LENGTH(SUBSTRING_INDEX(T1.GRANTEE,'@',1))+3,LENGTH(GRANTEE)-LENGTH(SUBSTRING_INDEX(T1.GRANTEE,'@',1))-3) AS HOST,
T1.GRANTEE AS FULLNAME,
'DB' AS PRIV_CLASS,
CONCAT(T1.TABLE_SCHEMA,'.*') AS OBJ_NAME,
GROUP_CONCAT(' ',T1.PRIVILEGE_TYPE ORDER BY T1.GRANTEE, T1.TABLE_SCHEMA, T1.PRIVILEGE_TYPE) AS PRIVILEGES,
CONCAT('GRANT',GROUP_CONCAT(' ',T1.PRIVILEGE_TYPE ORDER BY T1.GRANTEE, T1.TABLE_SCHEMA, T1.PRIVILEGE_TYPE),' ON ',T1.TABLE_SCHEMA, '.*', ' TO ',T1.GRANTEE,';') AS GRANTS_SQL
FROM SCHEMA_PRIVILEGES T1
GROUP BY T1.GRANTEE,T1.TABLE_SCHEMA
UNION ALL
SELECT
SUBSTR(SUBSTRING_INDEX(T2.GRANTEE,'@',1),2,LENGTH(SUBSTRING_INDEX(T2.GRANTEE,'@',1))-2) AS USER,
SUBSTR(GRANTEE,LENGTH(SUBSTRING_INDEX(T2.GRANTEE,'@',1))+3,LENGTH(GRANTEE)-LENGTH(SUBSTRING_INDEX(T2.GRANTEE,'@',1))-3) AS HOST,
T2.GRANTEE AS FULLNAME,
'TABLE' AS PRIV_CLASS,
CONCAT(T2.TABLE_SCHEMA,'.',T2.TABLE_NAME) AS OBJ_NAME,
GROUP_CONCAT(' ', T2.PRIVILEGE_TYPE ORDER BY T2.TABLE_SCHEMA, T2.TABLE_NAME, T2.PRIVILEGE_TYPE ) AS PRIVILEGES,
CONCAT('GRANT ', GROUP_CONCAT(' ', T2.PRIVILEGE_TYPE ORDER BY T2.TABLE_SCHEMA, T2.TABLE_NAME, T2.PRIVILEGE_TYPE ), ' ON ', CONCAT(T2.TABLE_SCHEMA,'.',T2.TABLE_NAME), ' TO ', T2.GRANTEE, ';' ) AS GRANTS_SQL
FROM TABLE_PRIVILEGES T2
GROUP BY T2.GRANTEE,T2.TABLE_SCHEMA,T2.TABLE_NAME
) V
WHERE HOST <> 'localhost'
and user ='etl'
ORDER BY V.FULLNAME,PRIV_CLASS,OBJ_NAME,PRIVILEGES,GRANTS_SQL;
The same SQL does not work in TiDB. In TiDB, these two tables are empty. If you want to retrieve all user privilege information with a single statement, you need to query mysql.db and mysql.tables_priv (which requires row-column transformation).
What considerations led TiDB to make this adjustment?
|
username: 
|
username: 
Is there still a lack of global permissions? 
|
username: 
|
username: