角色

CREATE DATABASE IF NOT EXISTS app_db CHARACTER SET utf8mb4;
USE app_db;

CREATE TABLE employees (
    emp_id INT AUTO_INCREMENT PRIMARY KEY,
    emp_name VARCHAR(20),
    dept VARCHAR(20),
    score DECIMAL(5, 2)
);

INSERT INTO employees (emp_name, dept, score) VALUES
('大翔', '技术部', 100),
('白歌', '技术部', NULL);

-- 创建只读用户
CREATE USER 'analyst'@'localhost' IDENTIFIED BY 'Analyst123!';
CREATE USER 'analyst'@'%' IDENTIFIED BY 'Analyst123!';

-- 创建读写用户
CREATE USER 'backend'@'localhost' IDENTIFIED BY 'Backend123!';
CREATE USER 'backend'@'%' IDENTIFIED BY 'Backend123!';

-- 创建管理员用户
CREATE USER 'db_admin'@'localhost' IDENTIFIED BY 'DbAdmin123!';

-- 给所有分析师授予只读权限
GRANT SELECT ON app_db.* TO 'analyst'@'localhost';
GRANT SELECT ON app_db.* TO 'analyst'@'%';

-- 给所有后端开发授予读写权限
GRANT SELECT, INSERT, UPDATE, DELETE ON app_db.* TO 'backend'@'localhost';
GRANT SELECT, INSERT, UPDATE, DELETE ON app_db.* TO 'backend'@'%';

-- 给管理员授予所有权限
GRANT ALL PRIVILEGES ON app_db.* TO 'db_admin'@'localhost' WITH GRANT OPTION;

SHOW GRANTS FOR 'analyst'@'localhost';
SHOW GRANTS FOR 'backend'@'localhost';
SHOW GRANTS FOR 'db_admin'@'localhost';

DELIMITER //

CREATE PROCEDURE GrantReadOnly(IN user_host VARCHAR(100))
BEGIN
    SET @sql = CONCAT('GRANT SELECT ON app_db.* TO ', user_host);
    PREPARE stmt FROM @sql;
    EXECUTE stmt;
    DEALLOCATE PREPARE stmt;
END //

CREATE PROCEDURE GrantReadWrite(IN user_host VARCHAR(100))
BEGIN
    SET @sql = CONCAT('GRANT SELECT, INSERT, UPDATE, DELETE ON app_db.* TO ', user_host);
    PREPARE stmt FROM @sql;
    EXECUTE stmt;
    DEALLOCATE PREPARE stmt;
END //

DELIMITER ;

-- 给新用户授予只读权限
CALL GrantReadOnly("'new_analyst'@'localhost'");

-- 给新用户授予读写权限
CALL GrantReadWrite("'new_dev'@'localhost'");