I was making a SQL file on MySQL as part of a school asignement and I think I got everyting right but a part where it specifies my to create an user an then revoke all permission from him
All sources I have found use something like
CREATE USER IF NOT EXISTS user; REVOKE ALL ON *.* FROM user;
or
CREATE USER IF NOT EXISTS user; REVOKE ALL ON *.* TO USER user;
But both return a systax error in the "FROM/TO" saying that a EOF is expected and I don't even know what is that; am I doing something wrong here?
Should I refer to something first, separate the code sentence or what am I missing?
Seems like a pretty easy task to do and the rest of the code is working, but that error is driving me crazy
This syntax drops all global, database, table, column, and routine privileges for the named users or roles:
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user;
Related
I have made a database called hospitals but when I try and grant my user privileges to the database I get an error back.
My code:
input:
CREATE USER 'axel'#'%' IDENTIFIED BY '123'
output:
Query OK, 0 rows affected (0.19 sec)
input:
grant all on hospitals.* to 'axel'#'localhost';
output:
You are not allowed to create a user with GRANT
How do I fix this? I have tried different things but nothing seems to work and I keep getting the same error message.
The user 'axel'#'%' is not the same user as 'axel'#'localhost'.
You created the former with CREATE USER, then you try to use grant for the latter user, but that user doesn't exist.
MySQL used to allow you to create a user implicitly by granting privileges, but they disabled that specifically for cases like yours. The problem being that since you didn't realize these are different users, your GRANT would have inadvertently created 'axel'#'localhost' as a new user with no password. This was considered a security risk.
Tried some commands with drop user but it dont work see picture.
Revoke all Privileges first before to proceed to drop user
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'bloguser'#'localhost';
DROP USER 'bloguser'#'localhost';
This was lifted from https://www.cyberciti.biz/faq/how-to-delete-remove-user-account-in-mysql-mariadb/
Always ensure you do a proper research before you come here to ask your questions
I have a database that is shared between some users, and I want to manage their permissions on this.
I want to give permission for creating a new table, and accessing (select, insert, update, delete) to that table of course, to a user that doesn't have full permission on the database (only he has SELECT access to some tables).
So, I executed this query:
GRANT CREATE ON eh1 TO user1
Then, when I logged in with that user and tried to create a new table, I got this error:
1142 - CREATE command denied to user 'user1'#'localhost' for table 'folan'
What is the problem here? How can I do that?
UPDATE
The problem solved partially by changing the command to this:
GRANT CREATE ON eh1.* TO user1
Now there is another problem, that the user1 cannot select or insert into the newly created table. The reason is understandable, but is there a way to solve this?
Thanks
use as per below-
GRANT CREATE ON eh1.* TO user1#'%' IDENTIFIED BY 'user1_password';
Note: '%' will provide access from all ips, so we should provide rights to specific ip instead of all ips, so change '%' with any ip like '191.161.3.1'
If user need select/insert/update/delete/create rights then syntax will be -
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE ON eh1.* TO user1#'%' IDENTIFIED BY 'user1_password';
Update as per user requirement:
GRANT CREATE ON eh1.* TO user1#'%' IDENTIFIED BY 'user1_password';
GRANT SELECT, INSERT, UPDATE ON eh1.table1 TO user1#'%';
GRANT SELECT, INSERT, UPDATE ON eh1.table2 TO user1#'%';
Following this, correct syntax is
GRANT CREATE ON eh1.* TO user1
With eh1 a database.
If you don't use ".*", your database is considered a table.
I want to create a user and only allow them to use select statements on the cameracircle database. So I have the following code:
CREATE USER 'hoeym'#'localhost' IDENTIFIED BY 'password';
CREATE DATABASE cameracircle;
GRANT SELECT ON cameracircle TO 'hoeym'#'localhost';
But the phpmyadmin doesn't like that. If I run this it says there is an error cause I don't have a databases selected, and if I add in USE cameracircle; before the GRANT statement it says that there is no table inside the database with the same name as the database. What have I done wrong?
Before you issue a GRANT statement, check that the
derby.database.sqlAuthorization
property is set to true. The derby.database.sqlAuthorization property enables the SQL Authorization mode.
Solved it with
GRANT SELECT ON cameracircle.* TO 'hoeym'#'localhost';
phpMyAdmin lets you do this graphically. From the Users tab, look for Add User then don't select anything for the Global Privileges area. Go ahead and create the user, then edit the privileges. Halfway down the page there's a area for "Database-specific privileges" where you can specify the permissions on a database (or even table-) level.
I have a server, that was created for me.
On it there is a schema called "test".
I've logged in with root user, and created a new schema called "WEB".
create schema WEB;
What I want to do now, is to have a user, that can only see that new schema.
So I created a user like so:
create user webtestuser identified by 'webtestuser';
grant select, insert, update, delete on WEB.* to webtestuser;
The problem is that when I log in with the new user, I can still see the "test" schema. Even when I 'revoke all' on the user, that schema is still visable.
Anything I'm missing here?
Thanks !
By default mysql comes shipped with some grants foro the test schemas defined. They are ALL ON test to all users and also ALL ON test\_% to all users (test\_% matches stuff like test_foo, test_123)
Because of the way they're defined I can't see a way of removing these grants using the REVOKE ... FROM syntax so you'll have to use the following:
DELETE FROM mysql.db WHERE Db IN("test","test\_%") AND User="" AND Host="%";
FLUSH PRIVILEGES;