If the mysqld server is started without the 如果mysqld服务器在没有--skip-grant-tables option, it reads all grant table contents into memory during its startup sequence. --skip-grant-tables选项的情况下启动,它将在启动过程中将所有授权表内容读入内存。The in-memory tables become effective for access control at that point.此时,内存中的表对访问控制生效。
If you modify the grant tables indirectly using an account-management statement, the server notices these changes and loads the grant tables into memory again immediately. 如果使用帐户管理语句间接修改授权表,服务器会注意到这些更改,并立即将授权表再次加载到内存中。Account-management statements are described in Section 13.7.1, “Account Management Statements”. 账户管理报表参阅第13.7.1节,“账户管理报表”。Examples include 示例包括GRANT, REVOKE, SET PASSWORD, and RENAME USER.GRANT、REVOKE、SET PASSWORD和RENAME USER。
If you modify the grant tables directly using statements such as 如果您直接使用INSERT, UPDATE, or DELETE (which is not recommended), the changes have no effect on privilege checking until you either tell the server to reload the tables or restart it. INSERT、UPDATE或DELETE(不建议使用)等语句修改授权表,则这些更改对权限检查没有影响,直到您告诉服务器重新加载表或重新启动它。Thus, if you change the grant tables directly but forget to reload them, the changes have no effect until you restart the server. 因此,如果直接更改授权表但忘记重新加载它们,则在重新启动服务器之前,更改将无效。This may leave you wondering why your changes seem to make no difference!这可能会让你想知道为什么你的改变似乎没有什么不同!
To tell the server to reload the grant tables, perform a flush-privileges operation. 要告诉服务器重新加载授权表,请执行刷新权限操作。This can be done by issuing a 这可以通过发出FLUSH PRIVILEGES statement or by executing a mysqladmin flush-privileges or mysqladmin reload command.FLUSH PRIVILES语句或执行mysqladmin flush-privileges或mysqladmin reload命令来实现。
A grant table reload affects privileges for each existing client session as follows:重新加载授权表会影响每个现有客户端会话的权限,如下所示:
Table and column privilege changes take effect with the client's next request.表和列权限更改将在客户端的下一个请求时生效。
Database privilege changes take effect the next time the client executes a 数据库权限更改将在客户端下次执行USE statement.db_nameUSE db_name语句时生效。
Client applications may cache the database name; thus, this effect may not be visible to them without actually changing to a different database.客户端应用程序可以缓存数据库名称;因此,如果不实际更改到不同的数据库,他们可能看不到这种效果。
Static global privileges and passwords are unaffected for a connected client. These changes take effect only in sessions for subsequent connections. Changes to dynamic global privileges apply immediately. 连接的客户端的静态全局权限和密码不受影响。这些更改仅在后续连接的会话中生效。对动态全局权限的更改将立即生效。For information about the differences between static and dynamic privileges, see Static Versus Dynamic Privileges.)有关静态权限和动态权限之间差异的信息,请参阅静态权限与动态权限。)
Changes to the set of active roles within a session take effect immediately, for that session only. The 对会话中活动角色集的更改仅对该会话立即生效。SET ROLE statement performs session role activation and deactivation (see Section 13.7.1.11, “SET ROLE Statement”).SET ROLE语句执行会话角色激活和停用(参阅第13.7.1.11节,“SET ROLE语句”)。
If the server is started with the 如果服务器使用--skip-grant-tables option, it does not read the grant tables or implement any access control. --skip-grant-tables选项启动,则它不会读取授权表或实现任何访问控制。Any user can connect and perform any operation, which is insecure. 任何用户都可以连接并执行任何操作,这是不安全的。To cause a server thus started to read the tables and enable access checking, flush the privileges.要使服务器开始读取表并启用访问检查,请刷新权限。