第一步,大家需要创建一个角色并授予仅读权限。
CREATE ROLE readonly; GRANT SELECT ON *.* TO readonly;
第二步,大家需要创建一个存储过程并授予角色仅执行权限。
CREATE PROCEDURE backup_db() BEGIN DECLARE backup_db_done INT DEFAULT 0; DECLARE db_name VARCHAR(50); DECLARE CUR CURSOR FOR SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME NOT IN('mysql', 'information_schema', 'performance_schema', 'sys'); DECLARE CONTINUE HANDLER FOR NOT FOUND SET backup_db_done = 1; OPEN CUR; LABEL_DB: LOOP FETCH CUR INTO db_name; IF backup_db_done = 1 THEN LEAVE LABEL_DB; END IF; SET @sql = CONCAT('SELECT * FROM ', db_name, '.table_name INTO OUTFILE ', '/path/to/file'); PREPARE stmt FROM @sql; EXECUTE stmt; DEALLOCATE PREPARE stmt; END LOOP; CLOSE CUR; END; GRANT EXECUTE ON PROCEDURE backup_db TO readonly;
第三步,大家需要从角色中撤销查看权限。
REVOKE SELECT ON *.* FROM readonly;
至此,大家已经禁止了MySQL数据库的导出,只有执行存储过程的角色才能导出数据库。在需要导出的时候,可以使用该角色来执行存储过程。