1

我正在尝试向具有“经理”访问权限的某个用户授予访问权限。他们能够SELECTUPDATE但仅限于他们自己组中的人。数据库是redflame,表是payroll

表格的一部分是这样的:

+------+---------+--------+-----------+--------+
| Dept | Manager | Name   | Birthdate | Salary |
+------+---------+--------+-----------+--------+
|    1 | Y       | BOB    | 1/1/1     |  50000 |
|    1 | N       | BILL   | 2/2/2     |  40000 |
|    1 | N       | BART   | 3/3/3     |  70000 |
|    2 | Y       | JIM    | 4/4/4     |  40000 |
|    2 | N       | JANET  | 5/5/5     |  50000 |
...

我只想允许经理SELECTUPDATE特权,但只允许他的组。我试过,

GRANT SELECT (Dept, Manager, Name, Birthdate),
      UPDATE (Dept, Manager, Name, Birthdate)
   ON redflame.payroll WHERE Dept = '1'
   TO 'Bob'@'localhost';

我知道这行不通,但是您如何Bob根据他的许可来实现Dept

任何帮助将不胜感激。

4

2 回答 2

1

为每个部门创建一个视图并授予这些权限。

于 2013-04-08T12:01:02.867 回答
0

根据 MySQL 手册:

http://dev.mysql.com/doc/refman/5.1/en/grant.html

通常,数据库管理员首先使用 CREATE USER 创建帐户,然后使用 GRANT 定义其权限和特征。

在您的 php 代码中,当您向工资表添加新记录时,您必须执行以下操作(我正在编写伪代码):

if((new->Dept == 1) and (new->Manager == 'Y'))
{
      if (user with name == new->Name doesn't exist)
      {
            Create a new user with name = new->Name
            Grant SELECT and UPDATE privileges to the newly created user ON redflame.payroll table
      }
      else
      {
            error: user already exists!
      }
}

当您更新工资表中的记录时:

if(the record was a Manager and he is updated to non Manager)
{
      DROP USER with name = old->Name
}

if(the record was not a Manager and he is updated to Manager)
{
      if (user with name == new->Name doesn't exist)
      {
            Create a new user with name = new->Name
            Grant SELECT and UPDATE privileges to the newly created user ON redflame.payroll table
      }
      else
      {
            error: user already exists!
      }
}

当您从工资表中删除记录时:

if((old->Dept == 1) and (old->Manager == 'Y'))
{
      if (user with name == old->Name exists)
      {
            DROP USER with name = old->Name
      }
}

如果您对数据库具有 root 访问权限,则可以创建 ON INSERT、ON UPDATE 和 ON DELETE 触发器。然后使用这个逻辑,编写 SQL 代码。否则,在 php.ini 中实现它。

于 2013-04-08T12:20:17.173 回答