MySQL role names refer to roles, which are named collections of privileges. For role usage examples, see Section 6.2.10, “Using Roles”.MySQL角色名称是指角色,这些角色被命名为特权集合。有关角色使用示例,请参阅第6.2.10节,“使用角色”。
Role names have syntax and semantics similar to account names; see Section 6.2.4, “Specifying Account Names”. 角色名称的语法和语义与帐户名称相似;请参阅第6.2.4节,“指定帐户名”。As stored in the grant tables, they have the same properties as account names, which are described in Grant Table Scope Column Properties.与存储在授权表中的帐户名具有相同的属性,这些属性在“授权表范围列属性”中进行了描述。
Role names differ from account names in these respects:角色名称在以下方面与帐户名称不同:
The user part of role names cannot be blank. 角色名称的用户部分不能为空。Thus, there is no “anonymous role” analogous to the concept of “anonymous user.”因此,没有类似于“匿名用户”概念的“匿名角色”
As for an account name, omitting the host part of a role name results in a host part of 对于帐户名,省略角色名的主机部分会导致主机部分为'%'. '%'。But unlike 但与帐户名中的'%' in an account name, a host part of '%' in a role name has no wildcard properties. '%'不同,角色名中'%'的主机部分没有通配符属性。For example, for a name 例如,对于用作角色名的名称'me'@'%' used as a role name, the host part ('%') is just a literal value; it has no “any host” matching property.'me'@'%',主机部分('%')只是一个文字值;它没有“任何主机”匹配属性。
Netmask notation in the host part of a role name has no significance.角色名称主机部分的网络掩码符号没有意义。
An account name is permitted to be 在多种上下文中,帐户名允许为CURRENT_USER() in several contexts. A role name is not.CURRENT_USER()。角色名称不是。
It is possible for a row in the mysql.user system table to serve as both an account and a role. mysql.user系统表中的一行可以同时用作帐户和角色。In this case, any special user or host name matching properties do not apply in contexts for which the name is used as a role name. 在这种情况下,任何特殊的用户名或主机名匹配属性都不适用于将该名称用作角色名称的上下文。For example, you cannot execute the following statement with the expectation that it sets the current session roles using all roles that have a user part of 例如,您不能执行以下语句,并期望它使用具有myrole and any host name:myrole用户部分和任何主机名的所有角色来设置当前会话角色:
SET ROLE 'myrole'@'%';
Instead, the statement sets the active role for the session to the role with exactly the name 相反,该语句将会话的活动角色设置为名为'myrole'@'%'.'myrole'@'%'的角色。
For this reason, role names are often specified using only the user name part and letting the host name part implicitly be 因此,角色名称通常仅使用用户名部分指定,并让主机名部分隐式为'%'. '%'。Specifying a role with a non-如果您打算创建一个既可以作为角色又可以作为允许从给定主机连接的用户帐户的名称,那么指定一个具有非'%' host part can be useful if you intend to create a name that works both as a role an as a user account that is permitted to connect from the given host.'%'主机部分的角色可能会很有用。