所以如果需要减小权限，需要删除原来的用户然后再从新建立一个新用户！ 还有，重新建立用户后 （grant select,update on *.* to 'aa'@'%' identified by 'aa';），发现还是能delete 和 insert数据 这是因为除了在user表控制权限外，db表也控制对数据库的权限，需要把这里边的相应数据删除后flush privileges后就可以了！ [@more@] 用户问题： 发现先按下列语句建立用户： mysql> grant all privileges on *.* to 'aa'@'%' identified by 'aa'; Query OK, 0 rows affected (0.00 sec) mysql> select * from mysql.user where user = 'aa' G *************************** 1. row *************************** Host: % User: aa Password: *DEE59C300700AF9B586F9F2A702231C0AC373A13 Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Reload_priv: Y Shutdown_priv: Y Process_priv: Y File_priv: Y Grant_priv: N References_priv: Y Index_priv: Y Alter_priv: Y Show_db_priv: Y Super_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Execute_priv: Y Repl_slave_priv: Y Repl_client_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Create_user_priv: Y ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 1 row in set (0.00 sec) 然后： mysql> grant select,update on *.* to 'aa'@'%' identified by 'aa'; Query OK, 0 rows affected (0.00 sec) mysql> select * from mysql.user where user = 'aa' G *************************** 1. row *************************** Host: % User: aa Password: *DEE59C300700AF9B586F9F2A702231C0AC373A13 Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: Y Drop_priv: Y Reload_priv: Y Shutdown_priv: Y Process_priv: Y File_priv: Y Grant_priv: N References_priv: Y Index_priv: Y Alter_priv: Y Show_db_priv: Y Super_priv: Y Create_tmp_table_priv: Y Lock_tables_priv: Y Execute_priv: Y Repl_slave_priv: Y Repl_client_priv: Y Create_view_priv: Y Show_view_priv: Y Create_routine_priv: Y Alter_routine_priv: Y Create_user_priv: Y ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 1 row in set (0.00 sec) 发现权限没有改变... 难道这样新加的是在前面的权限基础上再添加权限？ 新建个用户看看： mysql> grant select,update on *.* to 'bb'@'%' identified by 'bb'; Query OK, 0 rows affected (0.00 sec) mysql> select * from mysql.user where user = 'bb' G *************************** 1. row *************************** Host: % User: bb Password: *E72B08C841E005B05BD564FA1C18CAFFB9FEF5FC Select_priv: Y Insert_priv: N Update_priv: Y Delete_priv: N Create_priv: N Drop_priv: N Reload_priv: N Shutdown_priv: N Process_priv: N File_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Show_db_priv: N Super_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Execute_priv: N Repl_slave_priv: N Repl_client_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Create_user_priv: N ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 1 row in set (0.00 sec) mysql> grant delete,insert on *.* to 'bb'@'%' identified by 'bb'; Query OK, 0 rows affected (0.00 sec) mysql> mysql> select * from mysql.user where user = 'bb' G *************************** 1. row *************************** Host: % User: bb Password: *E72B08C841E005B05BD564FA1C18CAFFB9FEF5FC Select_priv: Y Insert_priv: Y Update_priv: Y Delete_priv: Y Create_priv: N Drop_priv: N Reload_priv: N Shutdown_priv: N Process_priv: N File_priv: N Grant_priv: N References_priv: N Index_priv: N Alter_priv: N Show_db_priv: N Super_priv: N Create_tmp_table_priv: N Lock_tables_priv: N Execute_priv: N Repl_slave_priv: N Repl_client_priv: N Create_view_priv: N Show_view_priv: N Create_routine_priv: N Alter_routine_priv: N Create_user_priv: N ssl_type: ssl_cipher: x509_issuer: x509_subject: max_questions: 0 max_updates: 0 max_connections: 0 max_user_connections: 0 1 row in set (0.00 sec) 从上面可以看出，是权限的一个叠加 所以如果需要减小权限，需要删除原来的用户然后再从新建立一个新用户！ 还有，重新建立用户后 （grant select,update on *.* to 'aa'@'%' identified by 'aa';），发现还是能delete 和 insert数据 这是因为除了在user表控制权限外，db表也控制对数据库的权限，需要把这里边的相应数据删除后flush privileges后就可以了！

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/7916042/viewspace-1030398/，如需转载，请注明出处，否则将追究法律责任。