RDS白名单设置适用于所有账号,无法根据账号来限制IP地址的访问。在安全性上有较大缺陷。本文介绍如何指定账号从特定的IP地址访问数据库。
已创建高权限账号,创建方法,请参见创建高权限账号。
%。 创建新账号test001并授权管理rds001数据库,允许从42.120.XX.XX访问数据库。
CREATE USER `test001`@`42.120.XX.XX`IDENTIFIED BY 'passwd'; GRANT PROCESS, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'test001'@'42.120.XX.XX'; GRANT ALL PRIVILEGES ON `rds001`.* TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`help_topic` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`func` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`time_zone` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`slow_log` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`time_zone_transition` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`event` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`proc` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`help_category` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`help_relation` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`help_keyword` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`general_log` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`time_zone_leap_second` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`time_zone_transition_type` TO 'test001'@'42.120.XX.XX'; GRANT SELECT ON `mysql`.`time_zone_name` TO 'test001'@'42.120.XX.XX';
RENAME USER `test001`@`42.120.XX.XX` TO `test001`@`42.121.XX.XX`;
