第一步,大家需要创建一个角色并授予仅读权限。
CREATE ROLE readonly; GRANT SELECT ON *.* TO readonly;
第二步,大家需要创建一个存储过程并授予角色仅执行权限。
CREATE PROCEDURE backup_db()
BEGIN
DECLARE backup_db_done INT DEFAULT 0;
DECLARE db_name VARCHAR(50);
DECLARE CUR CURSOR FOR SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME NOT IN('mysql', 'information_schema', 'performance_schema', 'sys');
DECLARE CONTINUE HANDLER FOR NOT FOUND SET backup_db_done = 1;
OPEN CUR;
LABEL_DB: LOOP
FETCH CUR INTO db_name;
IF backup_db_done = 1 THEN
LEAVE LABEL_DB;
END IF;
SET @sql = CONCAT('SELECT * FROM ', db_name, '.table_name INTO OUTFILE ', '/path/to/file');
PREPARE stmt FROM @sql;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
END LOOP;
CLOSE CUR;
END;
GRANT EXECUTE ON PROCEDURE backup_db TO readonly;第三步,大家需要从角色中撤销查看权限。
REVOKE SELECT ON *.* FROM readonly;
至此,大家已经禁止了MySQL数据库的导出,只有执行存储过程的角色才能导出数据库。在需要导出的时候,可以使用该角色来执行存储过程。