Mysql / Mariadb user grant to multiple database - mysql

Would like to grant permission to a user on multiple databases in single command. I am getting syntax error when I try
grant all on abc.*, xyz.* TO 'user'#'10.10.0.10';
Please guide. Thanks.

You need to use multiple grant statements, one for each database:
grant all on abc.* TO 'user'#'10.10.0.10';
grant all on xyz.* TO 'user'#'10.10.0.10';

You can either use single database or . for all databases in single statement like below:
grant all on abc.* TO 'user'#'10.10.0.10'; --- For abc database.
grant all on . TO' user'#'10.10.0.10'; --- for all databases

Related

mysql grant permissions on all but system tables

I am trying to grant a set of permissions to " all databases all tables" . excepted mysql system databases (mysql,information_schema,performance_schema, and sys (I believed I named them all?)).
I am not sure how to do that.
I need for instance a GRANT SELECT ON . excepted system tables.
Use:
SELECT CONCAT("GRANT ALL PRIVILEGES ON ",SCHEMA_NAME,".* TO 'test_user'#'localhost';") FROM information_schema.SCHEMATA WHERE SCHEMA_NAME NOT IN ('mysql','information_schema',
'performance_schema','sys')
This will provide you queries for individual databases that you can use to grant the privileges to a particular user.
After that, use:
FLUSH PRIVILEGES;
I hope this helps!

How can I grant to the limited users to see the structure of mysql routines?

How can I grant somebody to see the structure of mysql routines?
The following command can be used to show the structure of routines:
show create function FUNCTION_NAME
or
show create procedure PROCEDURE_NAME
but It should be run by the user with grant all permission. I don't want to give grant all to the user. What is the exact grant I need or what is the alternative solutions?
from the manual
To use either statement, you must be the user named in the routine DEFINER clause or have SELECT access to the mysql.proc table.
So granting SELECT to the mysql.proc table should be sufficient.
For MySQL 8.20+ you can use:
GRANT SHOW_ROUTINE ON . TO username
MySQL 8 Reference

grant to multiple db using one command

I have many mariaDB databases that has same prefix. Such as
apple1
apple2
apple3
....
apple5000
apple5001
banana1
banana2
...
banana100
And I want create new user USER who can SELECT databases has apple prefix.
So I grant SELECT to new user USER using multiple command below to.
GRANT SELECT ON `apple1` TO 'USER'#'%';
GRANT SELECT ON `apple2` TO 'USER'#'%';
GRANT SELECT ON `apple3` TO 'USER'#'%';
...
GRANT SELECT ON `apple5001` TO 'USER'#'%';
Is there any solution grant to multiple databases has specify prefix using one command like wildcard(%) of LIKE statement?
GRANT SELECT ON `apple%`.* TO 'USER'#'192.168.0.227';
The real problem is having thousands of databases. You are likely to be slowing things down by having so many. (This is an OS problem, since MySQL instantiates each database via a directory.)
Write a Stored Procedure to query against information_schema to discover all the databases (using LIKE) and generate (using SELECT ... CONCAT) the desired GRANT statements. Then manually copy that output into the mysql commandline tool to execute them.
as this came up on a google search, I ended up doing a for loop & piping it into mysql:
for i in var1 var2 var3 ; do echo "grant all on db_$i.* to user#host;" | mysql ; done
if using numbers then for i in 1..1000
if you have no login details in mycnf file & you have to login to mysql mysql -u user -password <Password>
Only issue with the above is your password being in the command history.
Hope this helps anyone looking for a solution.

MySQL user with limited admin permission

I would like to create a MySQL user that can create new databases and manage only them (create/drop tables,) without the possibility of managing other schemas.
Is that possible? What permission does he require?
I tried mixing DBDesigner and DBManager but it seems that he can edit everything or nothing (neither his databases).
May be this will help. Check this out: MySQL RefMan
Replace tester123 by a PHP variable or anything you'd like as the username and database name.
Replace % next to tester123# with your desired hostname.
lines explained:
create user
let user login but don't do anything
create database
let user access this database
commit changes
here we go:
CREATE USER 'tester123'#'%' IDENTIFIED BY '***';
GRANT USAGE ON * . * TO 'tester123'#'%' IDENTIFIED BY '***' WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
CREATE DATABASE IF NOT EXISTS `tester123` ;
GRANT ALL PRIVILEGES ON `tester123` . * TO 'tester123'#'%';
FLUSH PRIVILEGES;
Hint:
This can easily be done and gets explained by phpMyAdmin, users -> create user -> grant access to database named after the user or <user_*>
Download mysql workbench. In the server manager you will find users / priviliges. Here you can tailor make your users very easily.

Make a single table in mysql read-only

How can I make a single table in mysql read only for a user while he still has write access to other tables in the same db?
Additional info
I have root access to the server
Tables are MyISAM
Server version is 5.0.51a-24+lenny2
thanks!
Revoke all previous privileges and then grant the specific new privileges:
REVOKE ALL ON db.table FROM user;
REVOKE ALL ON db.othertable FROM user;
GRANT SELECT ON db.table TO user;
GRANT SELECT, INSERT, UPDATE, DELETE ON db.othertable TO user;
You can make a single MyISAM table read only by compressing the table. Use myisampack on the command line to pack the table.
More info can be found in the MySQL Manual: http://dev.mysql.com/doc/refman/5.0/en/myisampack.html