Tried some commands with drop user but it dont work see picture.
Revoke all Privileges first before to proceed to drop user
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'bloguser'#'localhost';
DROP USER 'bloguser'#'localhost';
This was lifted from https://www.cyberciti.biz/faq/how-to-delete-remove-user-account-in-mysql-mariadb/
Always ensure you do a proper research before you come here to ask your questions
Related
I was making a SQL file on MySQL as part of a school asignement and I think I got everyting right but a part where it specifies my to create an user an then revoke all permission from him
All sources I have found use something like
CREATE USER IF NOT EXISTS user; REVOKE ALL ON *.* FROM user;
or
CREATE USER IF NOT EXISTS user; REVOKE ALL ON *.* TO USER user;
But both return a systax error in the "FROM/TO" saying that a EOF is expected and I don't even know what is that; am I doing something wrong here?
Should I refer to something first, separate the code sentence or what am I missing?
Seems like a pretty easy task to do and the rest of the code is working, but that error is driving me crazy
This syntax drops all global, database, table, column, and routine privileges for the named users or roles:
REVOKE ALL PRIVILEGES, GRANT OPTION
FROM user;
I have made a database called hospitals but when I try and grant my user privileges to the database I get an error back.
My code:
input:
CREATE USER 'axel'#'%' IDENTIFIED BY '123'
output:
Query OK, 0 rows affected (0.19 sec)
input:
grant all on hospitals.* to 'axel'#'localhost';
output:
You are not allowed to create a user with GRANT
How do I fix this? I have tried different things but nothing seems to work and I keep getting the same error message.
The user 'axel'#'%' is not the same user as 'axel'#'localhost'.
You created the former with CREATE USER, then you try to use grant for the latter user, but that user doesn't exist.
MySQL used to allow you to create a user implicitly by granting privileges, but they disabled that specifically for cases like yours. The problem being that since you didn't realize these are different users, your GRANT would have inadvertently created 'axel'#'localhost' as a new user with no password. This was considered a security risk.
Grant INSERT without having it.
Suppose the following code snippet is executed every time a new manager is created (with different names for the database and user account each time, of course):
#Executed as root
CREATE DATABASE `Manager1Section`;
CREATE TABLE Manager1Data(`SomeData` INT);
CREATE USER 'Manager1'#'localhost' IDENTIFIED BY 'Something';
GRANT SELECT, INSERT, UPDATE, DELETE ON `Manager1Section`.`Manager1Data` TO 'Manager1'#'localhost';
GRANT CREATE, DROP ON `Manager1Section`.* TO 'Manager1'#'localhost';
GRANT CREATE USER ON *.* TO 'Manager1Section'#'localhost' WITH GRANT OPTION;
And the following code is executed every time a new intern is created (again, names substituted):
#Executed as manager
CREATE TABLE `Manager1Section`.`Intern1Data`(`Value` INT NOT NULL);
CREATE USER 'Intern1'#'localhost' IDENTIFIED BY 'Something';
GRANT SELECT, INSERT, UPDATE, DELETE ON `Manager1Section`.`Intern1Data` TO 'Intern1'#'localhost';
(Mind that this is just an example to show the hierarchical structure. I am not actually modeling a company's personnel structure.)
The manager manages a single database (Manager1Section in this example) and has a table to work with. The manager can only read and write to that table but not e.g. drop it. (Actually nevermind, I just realized that the manager can, in fact, drop the table. Not a big deal though.).
Each intern in this database also has a table to work with, and again, can only read and write to it but not drop it. Additionally, interns can only access their own tables, but not the manager's table and not other interns' tables.
And very importantly: The manager cannot read and write to interns' tables.
The above code would achieve this, but it is not valid. The last line in the second snippet fails. The manager does not have the SELECT, INSERT, UPDATE and DELETE privileges to interns' tables and therefore cannot grant those privileges to the interns. Changing the second-to-last line in the first snippet (GRANT CREATE, DROP ON `Manager1Section`.* TO 'Manager1'#'localhost';) to GRANT CREATE, DROP, SELECT, INSERT, UPDATE, DELETE ON `Manager1Section`.* TO 'Manager1'#'localhost'; makes that work but it also allows the manager to read and write to interns' tables, which I want to avoid.
How can I make the manager not able to read and write to interns' tables but still grant read and write privileges to interns?
Or alternatively: How can I avoid that problem altogether?
Only allowing users to grant privileges they already have is generally a good idea and my gut feeling tells me that my intended solution is not possible because the manager could circumvent the situation by creating a spoof intern account, executing GRANT SELECT, INSERT, UPDATE, DELETE ON `Manager1Section`.`Intern1Data` TO 'SpoofIntern'#'localhost'; (mind the mismatched user names) and then access the data through that account. But I could be missing something, so I am asking for ideas.
I want to create a user and only allow them to use select statements on the cameracircle database. So I have the following code:
CREATE USER 'hoeym'#'localhost' IDENTIFIED BY 'password';
CREATE DATABASE cameracircle;
GRANT SELECT ON cameracircle TO 'hoeym'#'localhost';
But the phpmyadmin doesn't like that. If I run this it says there is an error cause I don't have a databases selected, and if I add in USE cameracircle; before the GRANT statement it says that there is no table inside the database with the same name as the database. What have I done wrong?
Before you issue a GRANT statement, check that the
derby.database.sqlAuthorization
property is set to true. The derby.database.sqlAuthorization property enables the SQL Authorization mode.
Solved it with
GRANT SELECT ON cameracircle.* TO 'hoeym'#'localhost';
phpMyAdmin lets you do this graphically. From the Users tab, look for Add User then don't select anything for the Global Privileges area. Go ahead and create the user, then edit the privileges. Halfway down the page there's a area for "Database-specific privileges" where you can specify the permissions on a database (or even table-) level.
I talked to the developer of HeidiSQL about it and he told me I can query it by "show grants" command of sql, but i don't understand the result set coming from it.
show grants // I execute query here
GRANT USAGE ON . TO 'fsdb1user1'#'%' IDENTIFIED BY PASSWORD
'something'
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP,
REFERENCES, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON
fsdb1.* TO 'fsdb1user1'#'%'
mysql documentation says
SHOW GRANTS displays only the privileges granted explicitly to the
named account. Other privileges might be available to the account, but
they are not displayed. For example, if an anonymous account exists,
the named account might be able to use its privileges, but SHOW GRANTS
will not display them.
I think there might be some software somewhere trying some queries and checks grants that way.
It appears that this user is allowed to do a lot. Here is actually a good reference on all of these http://dev.mysql.com/doc/refman/5.1/en/grant.html#grant-privileges.
The user in question can run SELECT, UPDATE, and DELETE queries. They can CREATE tables and databases. They can DROP tables, databases, and views. They can create and alter INDEXes. They can ALTER table structures. They can use CREATE TEMPORARY TABLE. And finally, they can LOCK TABLES that they have SELECT privileges on. In this case, the user can do this on any table in this database (fsdb1) and from any host.