【 使用环境 】
生产环境
【 OB or 其他组件 】
OB
【 使用版本 】
4.3.3.1 MySQL
【问题描述】清晰明确描述问题
使用root用户建立了一个自定义函数,如何才能使普通用户看不到函数的定义
【复现路径】问题出现前后相关操作
使用root账号,创建函数(举例说明):
obclient(root@obmysql)[lfq]> show create function lfq.my_func\G;
*************************** 1. row ***************************
Function: my_func
sql_mode: STRICT_ALL_TABLES,NO_ZERO_IN_DATE,NO_AUTO_CREATE_USER
Create Function: CREATE DEFINER = root@% FUNCTION my_func(c1 CHAR(20)) RETURNS char(50)
DETERMINISTIC
RETURN CONCAT(‘Thank ‘,c1,’!’)
character_set_client: utf8mb4
collation_connection: utf8mb4_general_ci
Database Collation: utf8mb4_general_ci
1 row in set (0.025 sec)
root账号权限信息:
obclient(root@obmysql)[lfq]> show grants;
±-------------------------------------------------------------------+
| Grants for root@% |
±-------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON . TO ‘root’ WITH GRANT OPTION |
| GRANT ALL PRIVILEGES ON oceanbase.* TO ‘root’ |
| GRANT ALL PRIVILEGES ON __recyclebin.* TO ‘root’ |
| GRANT ALL PRIVILEGES ON mysql.* TO ‘root’ |
| GRANT ALL PRIVILEGES ON test.* TO ‘root’ |
| GRANT ALL PRIVILEGES ON information_schema.* TO ‘root’ |
| GRANT ALL PRIVILEGES ON __public.* TO ‘root’ |
| GRANT EXECUTE, ALTER ROUTINE ON FUNCTION lfq.my_func TO ‘root’ |
±-------------------------------------------------------------------+
8 rows in set (0.008 sec)
普通用户lfq的权限信息:
obclient(lfq@obmysql)[lfq]> show grants;
±---------------------------------------------------------+
| Grants for lfq@% |
±---------------------------------------------------------+
| GRANT USAGE ON . TO ‘lfq’ |
| GRANT DELETE, INSERT, UPDATE, SELECT ON lfq.* TO ‘lfq’ |
±---------------------------------------------------------+
2 rows in set (0.263 sec)
普通用户执行函数(无权限,符合预期)
obclient(lfq@obmysql)[lfq]> select lfq.my_func(“123”);
ERROR 1370 (42000): EXECUTE command denied to user ‘lfq’@’%’ for routine ‘my_func’
想要的效果(不允许普通用户查到函数定义,以下最好都禁用):
尝试用这个来撤销,普通用户查看函数定义的权限,以下两种方式均报错:
obclient(root@obmysql)[lfq]> REVOKE SHOW_ROUTINE FROM lfq;
ERROR 3523 (HY000): Unknown authorization ID SHOW_ROUTINE@%
obclient(root@obmysql)[lfq]> REVOKE SHOW_ROUTINE on lfq.* from lfq;
ERROR 1149 (42000): You have an error in your SQL syntax; check the manual that corresponds to your OceanBase version for the right syntax to use
【附件及日志】推荐使用OceanBase敏捷诊断工具obdiag收集诊断信息,详情参见链接(右键跳转查看):
【备注】基于 LLM 和开源文档 RAG 的论坛小助手已开放测试,在发帖时输入 [@论坛小助手] 即可召唤小助手,欢迎试用!