Grant all privileges to root user in MySQL 8.0.21 - mysql

I am aware that this question has been asked already on stackoverflow but I don't see any answer for the actual question posted. Hence posting again.
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED BY PASSWORD 'abcd' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'::1' IDENTIFIED BY PASSWORD 'abcd' WITH GRANT OPTION;
Above lines throw
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED BY PASSWORD 'abcd' WITH GRANT OP' at line 1
I am trying to upgrade mysql from 5.7 to latest 8.0.21
Thanks!

For GRANT ALL privileges to root user use the following syntax:
GRANT ALL PRIVILEGES ON database_name.* TO 'root'#'localhost';
FLUSH PRIVILEGES;
The above grant mysql command defines that:
GRANT the PRIVILEGES of type ALL
These privileges are for a particular database named dbname and it applies to all tables of that database indicated by the .* that follows the dbname.
These privileges are assigned to username when that username is connected through locally, as specified by #'localhost'.
You can change to specify any valid host, replace 'localhost' with '%'.

Related

How to grant all privileges to root user in MySQL 8.0

Tried
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'root' WITH GRANT OPTION;
Getting
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near 'IDENTIFIED BY 'root' WITH GRANT OPTION' at line 1.
Note: The same is working when tried in previous versions.
Also tried
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
Getting
ERROR 1410 (42000): You are not allowed to create a user with GRANT
MySQL (8.0.11.0) username/password is root/root.
Starting with MySQL 8 you no longer can (implicitly) create a user using the GRANT command. Use CREATE USER instead, followed by the GRANT statement:
mysql> CREATE USER 'root'#'%' IDENTIFIED BY 'PASSWORD';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
Caution about the security risks about WITH GRANT OPTION, see:
Grant all privileges on database
I see a lot of (wrong) answers, it is just as simple as this:
USE mysql;
CREATE USER 'user'#'localhost' IDENTIFIED BY 'P#ssW0rd';
GRANT ALL ON *.* TO 'user'#'localhost';
FLUSH PRIVILEGES;
Note: instead of a self-created user you can use root to connect to the database. However, using the default root account to let an application connect to the database is not the preferred way. Alternative privileges can be applied as follows (be careful and remember the least-privilege principle):
-- Grant user permissions to all tables in my_database from localhost --
GRANT ALL ON my_database.* TO 'user'#'localhost';
-- Grant user permissions to my_table in my_database from localhost --
GRANT ALL ON my_database.my_table TO 'user'#'localhost';
-- Grant user permissions to all tables and databases from all hosts --
GRANT ALL ON *.* TO 'user'#'*';
If you would somehow run into the following error:
ERROR 1130 (HY000): Host ‘1.2.3.4’ is not allowed to connect to this
MySQL server
You need add/change the following two lines in /etc/mysql/my.cnf and restart mysql:
bind-address = 0.0.0.0
skip-networking
You could run into the following error, which is a bit confusing:
ERROR 1410 (42000): You are not allowed to create a user with GRANT
This means that either the user does not exist at all OR that the user#host combination does not exist. You can easily check for this with the following command:
SELECT host, user FROM user
1) This worked for me. First, create a new user. Example: User foo with password bar
> mysql> CREATE USER 'foo'#'localhost' IDENTIFIED WITH mysql_native_password BY 'bar';
2) Replace the below code with a username with 'foo'.
> mysql> GRANT ALL PRIVILEGES ON database_name.* TO'foo'#'localhost';
Note: database_name is the database that you want to have privileges, . means all on all
3) Login as user foo
mysql> mysql -u foo -p
Password: bar
4) Make sure your initial connection from Sequelize is set to foo with pw bar.
Just my 2 cents on the subject. I was having the exact same issue with trying to connect from MySQL Workbench. I'm running a bitnami-mysql virtual machine to set up a local sandbox for development.
Bitnami's tutorial said to run the 'Grant All Privileges' command:
/opt/bitnami/mysql/bin/mysql -u root -p -e "grant all privileges on *.* to 'root'#'%' identified by 'PASSWORD' with grant option";
This was clearly not working, I finally got it to work using Mike Lischke's answer.
What I think happened was that the root#% user had the wrong credentials associated to it. So if you've tried to modify the user's privileges and with no luck try:
Dropping the user.
Create the user again.
Make sure you have the correct binding on your MySQL config file.
In my case I've commented the line out since it's just for a sandbox environment.
1. Dropping the user.
From Mysql Console:
List Users (helpful to see all your users):
select user, host from mysql.user;
Drop Desired User:
drop user '{{ username }}'#'%';
2. Create the user again.
Create User and Grant Permissions:
CREATE USER '{{ username }}'#'%' IDENTIFIED BY '{{ password }}';
GRANT ALL PRIVILEGES ON *.* TO '{{ username }}'#'%' WITH GRANT OPTION;
Run this command:
FLUSH PRIVILEGES;
3. Make sure you have the correct binding on your MySQL config file.
Locate your MySQL config file (additional notes at the end). If you want to have MySQL listen for connections on more than one network find the following line on the config file:
bind-address=127.0.0.1
and comment it using a '#':
#bind-address=127.0.0.1
For production environments you might want to use limit the network access (additional notes at the end).
Then restart your MySQL service.
Hope this helps someone having the same issue!
Binding: If you want to know more about this I suggest looking at the following
solution How to bind MySQL server to more than one IP address. It
basically says you can leave MySQL open and limit connections by using
a firewall, or natively if you have MySQL version 8.0.13 and above.
MySQL Config File The file could have different locations depending on your
Linux distribution and installation. On my system it was located at
'/etc/my.cnf'. Here are other suggested locations:
/etc/mysql/mysql.conf.d
/etc/mysql/my.cnf
You can also search for the config locations as shown in this website:
How to find locations of MySQL config files.
For those who've been confused by CREATE USER 'root'#'localhost' when you already have a root account on the server machine, keep in mind that your 'root'#'localhost' and 'root'#'your_remote_ip' are two different users (same user name, yet different scope) in mysql server. Hence, creating a new user with your_remote_ip postfix will actually create a new valid root user that you can use to access the mysql server from a remote machine.
For example, if you're using root to connect to your mysql server from a remote machine whose IP is 10.154.10.241 and you want to set a password for the remote root account which is 'Abcdef123!##', here are steps you would want to follow:
On your mysql server machine, do mysql -u root -p, then enter your password for root to login.
Once in mysql> session, do this to create root user for the remote scope:
mysql> CREATE USER 'root'#'10.154.10.241' IDENTIFIED BY 'Abcdef123!##';
After the Query OK message, do this to grant the newly created root user all privileges:
mysql> GRANT ALL ON *.* TO 'root'#'10.154.10.241';
And then:
FLUSH PRIVILEGES;
Restart the mysqld service:
sudo service mysqld restart
Confirm that the server has successfully restarted:
sudo service mysqld status
If the steps above were executed without any error, you can now access to the mysql server from a remote machine using root.
My Specs:
mysql --version
mysql Ver 8.0.16 for Linux on x86_64 (MySQL Community Server - GPL)
What worked for me:
mysql> CREATE USER 'username'#'localhost' IDENTIFIED BY 'desired_password';
mysql> GRANT ALL PRIVILEGES ON db_name.* TO 'username'#'localhost' WITH GRANT OPTION;
Response in both queries:
Query OK, O rows affected (0.10 sec*)
N.B: I created a database (db_name) earlier and was creating a user credential with all privileges granted to all tables in the DB in place of using the default root user which I read somewhere is a best practice.
The specified user just doesn't exist on your MySQL (so, MySQL is trying to create it with GRANT as it did before version 8, but fails with the limitations, introduced in this version).
MySQL's pretty dumb at this point, so if you have 'root'#'localhost' and trying to grant privileges to 'root'#'%' it treats them as different users, rather than generalized notion for root user on any host, including localhost.
The error message is also misleading.
So, if you're getting the error message, check your existing users with something like this
SELECT CONCAT("'", user, "'#'", host, "'") FROM mysql.user;
and then create missing user (as Mike advised) or adjust your GRANT command to the actual exisiting user specificaion.
You will get this error
ERROR 1410 (42000): You are not allowed to create a user with GRANT
If you are trying to run a GRANT on a user that doesn't exist!
Therefore, first run this to make sure the user you use in your GRANT matches exactly to what you have:
select User, Host from user;
In particular pay attention whether the user you created is at localhost but the one you are trying to grant to is %
Copy this and use it at once:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
GRANT ALL ON *.* TO 'username'#'localhost';
FLUSH PRIVILEGES;
Instead of using single lines of code such as:
CREATE USER 'username'#'localhost' IDENTIFIED BY 'password';
Then:
GRANT ALL ON *.* TO 'username'#'localhost';
Then:
FLUSH PRIVILEGES;
Many thanks #Nebulastic
If you want to only allow remote IP using following command
CREATE USER 'user_test'#'113.yy.xx.94' IDENTIFIED BY 'YOUR_PWD';
GRANT ALL ON *.* TO 'user_test'#'113.yy.xx.94';
FLUSH PRIVILEGES;
This worked for me:
mysql> FLUSH PRIVILEGES
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES
Check out your username and domain is the same as created before. Mysql select account by the two colums in user table.If it is different, mysql may think you want to create a new account by grant,which is not supported after 8.0 version.
My Specs:
mysql --version
mysql Ver 8.0.19 for Linux on x86_64 (MySQL Community Server - GPL)
What worked for me:
mysql> USE mysql;
mysql> UPDATE User SET Host='%' WHERE User='root' AND Host='localhost';
this commands work for me:
1-login to mysql and see all users
sudo mysql -u root
select user, host from mysql.user;
2-delete old user
drop user root#localhost;
3-create new user
CREATE USER 'root'#'localhost' IDENTIFIED BY 'mypassword'
4-add all privileges to it:
GRANT ALL ON *.* TO 'root'#'localhost'
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password
BY 'mypassword';
5-finally flush privileges
FLUSH PRIVILEGES;
in select statement, changing 'user'#'%' to 'user'#'localhost' solved my problem
In my case I wanted to do something similar, I followed some steps from here but the best way was as #nebulasic mentioned:
USE mysql;
CREATE USER 'user'#'localhost' IDENTIFIED BY 'P#ssW0rd';
GRANT ALL ON *.* TO 'user'#'localhost';
FLUSH PRIVILEGES;
After this I encountered an error while trying to query the database or connect with SQLTools from VSCode.
Client does not support authentication protocol requested by server; consider upgrading MySQL client
Running this query will fix the problem:
ALTER USER 'user'#'localhost' IDENTIFIED WITH mysql_native_password BY 'Your_newP#s$w0Rd';
I also want to mention that these steps are ok to work in a local environment, when doing something in production is recommended to allocate each user to each database with generated password accordingly and different other security measures if necessary.
Well, I just had the same problem. Even if route had '%' could not connect remotely. Now, having a look at my.ini file (config file in windows) the bind-address statement was missed.
So... I putted this bind-address = * after [mysqld] and restarted the service. Now it works!
1. grant privileges
mysql> GRANT ALL PRIVILEGES ON . TO 'root'#'%'WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES
2. check user table:
mysql> use mysql
mysql> select host,user from user
3.Modify the configuration file
mysql default bind ip:127.0.0.1, if we want to remote visit services,just delete config
#Modify the configuration file
vi /usr/local/etc/my.cnf
#Comment out the ip-address option
[mysqld]
# Only allow connections from localhost
#bind-address = 127.0.0.1
4.finally restart the services
brew services restart mysql
Try this, i had the same issue and i tried few options, but the below worked.
GRANT ALL ON . TO 'root'#'%';
Reference used - https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04#step-6-%E2%80%94-testing-database-connection-from-php-optional
ubuntu 22.04.1
Mysql Ver 8.0.31-0
My root had no GRANT privileges so I could not grant new users any previligies.
Solution was to Drop current root user and create new one using 'mysql_native_password'.
Commands as follows
Login to mysql with as root
mysql> DROP USER 'root'#'localhost' IDENTIFIED BY 'PASSWORD' FROM mysql.user;
mysql> CREATE USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'locahost' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
This may work:
grant all on dbtest.* to 'dbuser'#'%' identified by 'mysql_password';
I had this same issue, which led me here. In particular, for local development, I wanted to be able to do mysql -u root -p without sudo. I don't want to create a new user. I want to use root from a local PHP web app.
The error message is misleading, as there was nothing wrong with the default 'root'#'%' user privileges.
Instead, as several people mentioned in the other answers, the solution was simply to set bind-address=0.0.0.0 instead of bind-address=127.0.0.1 in my /etc/mysql/mysql.conf.d/mysqld.cnf config. No changes were otherwise required.
I had the same problem on CentOS and this worked for me (version: 8.0.11):
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'#'%'
Stary mysql with sudo
sudo mysql

Can't grant all privileges to root in MySQL 5.7. Syntax error

This one is really baffling. I hope I'm not doing something stupid, but it just doesn't make sense. I installed a fresh MySQL 5.7 on Ubuntu, logged in locally to mysql as root and ran the following:
CREATE USER 'root'#'%' IDENTIFIED BY 'password';
Success!
Next, I ran this:
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
No bueno. This resulted in the following error:
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '*.* TO 'root'#'%' WITH GRANT OPTION' at line 1
WTF? I've been running that command on MySQL servers for 2 years. Why didn't it work? As any good little developer would do, I decided to RTM. Here's the example given in the 5.7 manual (http://dev.mysql.com/doc/refman/5.7/en/adding-users.html):
mysql> GRANT ALL PRIVILEGES ON *.* TO 'finley'#'%'
-> WITH GRANT OPTION;
Am I taking crazy pills? Except for the username, that's exactly what I did. This should just work, right??? There's a baffling lack of other people on the Internet reporting this problem, so I assume I must just be glossing over something obvious, but I'm 2 hours deep into this and just plain can't figure it out. Thanks in advance.
After kicking my own brain for several minutes, remembered that, by default in a new install, the user "root#%" doesn't exists and must be created separately.
This must work for you:
CREATE USER 'root'#'%' IDENTIFIED BY 'yourpassword';
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
on mysql syntax has been changed
GRANT ALL ON *.* TO 'root'#'%' WITH GRANT OPTION;

The MySQL server crashed when I try to set remote access using 'grant'

I type the commands below:
mysql –u root -p
Grant all privileges on *.* to root#”%” identified by “rootpassword” with grant option;
Grant all privileges on mysitedb.* to root#localhost;
then the server crashed:
Could not establish database connection. Please check the username,
password and hostname in the config file, and if necessary set up the
appropriate MySQL user and privileges.
change the grand statement in to below one, then solved:
mysql –u root -p
Grant all privileges on *.* to root#”%” identified by “rootpassword” with grant option;
Grant all privileges on mysitedb.* to root#localhost identified by “rootpassword” with grant option;

what's wrong with the grant all command?

grant all privileges on 'bbs' to 'userone'#'localhost' IDENTIFIED BY PASSWORD 'user2012';
It shows ERROR 1064 (42000): You have an error in your SQL syntax; check the manual
I want to add a user userone and grant all privileges to the database bbs.
How to correct it?
You need to include an indicator for the tables in the database you want to grant the privilege. Change the query:
grant all privileges on bbs.* to 'userone'#'localhost' IDENTIFIED BY PASSWORD 'user2012';
to grant it for all the tables in the 'bbs' database.
Leave the ' at the table name:
grant all privileges on bbs to 'userone'#'localhost' IDENTIFIED BY PASSWORD 'user2012';
grant all privileges on 'bbs.*' to 'userone'#'localhost' identified by ‘user2012’;

MySQL: Grant **all** privileges on database

I've created database, for example 'mydb'.
CREATE DATABASE mydb CHARACTER SET utf8 COLLATE utf8_bin;
CREATE USER 'myuser'#'%' IDENTIFIED BY PASSWORD '*HASH';
GRANT ALL ON mydb.* TO 'myuser'#'%';
GRANT ALL ON mydb TO 'myuser'#'%';
GRANT CREATE ON mydb TO 'myuser'#'%';
FLUSH PRIVILEGES;
Now i can login to database from everywhere, but can't create tables.
How to grant all privileges on that database and (in the future) tables. I can't create tables in 'mydb' database. I always get:
CREATE TABLE t (c CHAR(20) CHARACTER SET utf8 COLLATE utf8_bin);
ERROR 1142 (42000): CREATE command denied to user 'myuser'#'...' for table 't'
GRANT ALL PRIVILEGES ON mydb.* TO 'myuser'#'%' WITH GRANT OPTION;
This is how I create my "Super User" privileges (although I would normally specify a host).
IMPORTANT NOTE
While this answer can solve the problem of access, WITH GRANT OPTION creates a MySQL user that can edit the permissions of other users.
The GRANT OPTION privilege enables you to give to other users or remove from other users those privileges that you yourself possess.
For security reasons, you should not use this type of user account for any process that the public will have access to (i.e. a website). It is recommended that you create a user with only database privileges for that kind of use.
This is old question but I don't think the accepted answer is safe. It's good for creating a super user but not good if you want to grant privileges on a single database.
grant all privileges on mydb.* to myuser#'%' identified by 'mypasswd';
grant all privileges on mydb.* to myuser#localhost identified by 'mypasswd';
% seems to not cover socket communications, that the localhost is for. WITH GRANT OPTION is only good for the super user, otherwise it is usually a security risk.
Update for MySQL 5.7+ seems like this warns about:
Using GRANT statement to modify existing user's properties other than
privileges is deprecated and will be removed in future release. Use
ALTER USER statement for this operation.
So setting password should be with separate commands. Thanks to comment from #scary-wombat.
ALTER USER 'myuser'#'%' IDENTIFIED BY 'mypassword';
ALTER USER 'myuser'#'localhost' IDENTIFIED BY 'mypassword';
This will be helpful for some people:
From MySQL command line:
CREATE USER 'newuser'#'localhost' IDENTIFIED BY 'password';
Sadly, at this point newuser has no permissions to do anything with the databases. In fact, if newuser even tries to login (with the password, password), they will not be able to reach the MySQL shell.
Therefore, the first thing to do is to provide the user with access to the information they will need.
GRANT ALL PRIVILEGES ON * . * TO 'newuser'#'localhost';
The asterisks in this command refer to the database and table (respectively) that they can access—this specific command allows to the user to read, edit, execute and perform all tasks across all the databases and tables.
Once you have finalized the permissions that you want to set up for your new users, always be sure to reload all the privileges.
FLUSH PRIVILEGES;
Your changes will now be in effect.
For more information: http://dev.mysql.com/doc/refman/5.6/en/grant.html
If you are not comfortable with the command line then you can use a client like MySQL workbench, Navicat or SQLyog
1. Create the database
CREATE DATABASE db_name;
2. Create the username for the database db_name
GRANT ALL PRIVILEGES ON db_name.* TO 'username'#'localhost' IDENTIFIED BY 'password';
3. Use the database
USE db_name;
4. Finally you are in database db_name and then execute the commands like create , select and insert operations.
This SQL grants on all databases but just basic privileges. They're enough for Drupal or Wordpress and as a nicety, allows one developer account for local projects.
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP,
INDEX, ALTER, CREATE TEMPORARY TABLES
ON *.* TO 'username'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON mydb.* TO myuser#localhost IDENTIFIED BY 'mypasswd';
Works for privileges on schema :)
Optional: after mypasswd you can add WITH GRANT OPTION
I could able to make it work only by adding GRANT OPTION, without that always receive permission denied error
GRANT ALL PRIVILEGES ON mydb.* TO 'myuser'#'localhost' WITH GRANT OPTION;
Hello I used this code to have the super user in mysql
GRANT EXECUTE, PROCESS, SELECT, SHOW DATABASES, SHOW VIEW, ALTER, ALTER ROUTINE,
CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP,
EVENT, INDEX, INSERT, REFERENCES, TRIGGER, UPDATE, CREATE USER, FILE,
LOCK TABLES, RELOAD, REPLICATION CLIENT, REPLICATION SLAVE, SHUTDOWN,
SUPER
ON *.* TO mysql#'%'
WITH GRANT OPTION;
and then
FLUSH PRIVILEGES;
I had this challenge when working on MySQL Ver 8.0.21
I wanted to grant permissions of a database named my_app_db to the root user running on localhost host.
But when I run the command:
use my_app_db;
GRANT ALL PRIVILEGES ON my_app_db.* TO 'root'#'localhost';
I get the error:
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'my_app_db.* TO 'root'#'localhost'' at line 1>
Here's how I fixed:
Login to your MySQL console. You can change root to the user you want to login with:
mysql -u root -p
Enter your mysql root password
Next, list out all the users and their host on the MySQL server. Unlike PostgreSQL this is often stored in the mysql database. So we need to select the mysql database first:
use mysql;
SELECT user, host FROM user;
Note: if you don't run the use mysql, you get the no database selected error.
This should give you an output of this sort:
+------------------+-----------+
| user | host |
+------------------+-----------+
| mysql.infoschema | localhost |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+------------------+-----------+
4 rows in set (0.00 sec)
Next, based on the information gotten from the list, grant privileges to the user that you want. We will need to first select the database before granting permission to it. For me, I am using the root user that runs on the localhost host:
use my_app_db;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost';
Note: The GRANT ALL PRIVILEGES ON database_name.* TO 'root'#'localhost'; command may not work for modern versions of MySQL. Most modern versions of MyQL replace the database_name with * in the grant privileges command after you select the database that you want to use.
You can then exit the MySQL console:
exit
That's it.
I hope this helps
To access from remote server to mydb database only
GRANT ALL PRIVILEGES ON mydb.* TO 'root'#'192.168.2.21';
To access from remote server to all databases.
GRANT ALL PRIVILEGES ON * . * TO 'root'#'192.168.2.21';
To grant all priveleges on the database: mydb to the user: myuser, just execute:
GRANT ALL ON mydb.* TO 'myuser'#'localhost';
or:
GRANT ALL PRIVILEGES ON mydb.* TO 'myuser'#'localhost';
The PRIVILEGES keyword is not necessary.
Also I do not know why the other answers suggest that the IDENTIFIED BY 'password' be put on the end of the command. I believe that it is not required.