Error in processing request: No routine with name 'daily_difference' found in database 'chamelis_wp'. You might be lacking the necessary privileges to edit this routine.
If you are using phpMyAdMin (pma) under cPanel, this error results from the fact that cPanel creates a temporary user for every session to log into pma, and therefore the database. If you are working in a hosted environment where you cannot be granted SUPER privileges, and you are creating routines, you are in trouble. Read on.
Stored routines (procedures and functions) in MySQL/Mariadb have a property called DEFINER. This stores the username of the the database user who "owns" that routine. If a db user opens phpMyAdmin (pma) and creates a new routine without explicitly declaring the DEFINER, DEFINER will be populated with the current username. Only a db user that has SUPER permissions can create a routine and declare another user as the DEFINER. Non-SUPER users can only declare themselves as the DEFINER, or leave it blank and the db does it for them. So the db user that you are logged in as gets to be the DEFINER for all routines you create during that session.
The problem you have encountered arises because
a. only the DEFINER of a routine, or a user with SUPER permissions, can edit or export a routine. If a (non-SUPER) user logs in to pma and tries to edit or export an existing routine, then unless they are the DEFINER of that routine they get the error you are seeing, and they cannot access the routine.
b. Even if you have created database user accounts in cPanel, cPanel will not use any of these to launch pma. Under cPanel you are automatically logged using a temp username that it generates. You do not get to see the pma login page - the login happens off-screen - and you are taken straight into the pma home page. You have no control over the username/password used.
d. When you start a new cPanel session (e.g. at the start of each day's work), cPanel changes the temp db user name that it uses to log you into pma. cPanel usernames all have this pattern: "cpses_db...#localhost", where the dots are filled alphanumerics like "hmxbj8s2". I have just logged in and the pma home page tells me that the current database user is "cpses_dbhmxbj8s2#localhost". If I close pma, log out of cPanel, log back into cPanel then reopen pma, the db user name will change. I just did that and the db user for this new session is "cpses_db0z35t107#localhost".
e. If I had created a new routine during my previous session, then the DEFINER for that routine would still be "cpses_dbhmxbj8s2#localhost". Now that I am logged in as "cpses_db0z35t107#localhost", I cannot edit or export that routine. Without a backup or copy of that routine, I have completely lost access to it (it is now, effectively, "orphaned"). The only way to get access is to recreate it using a script without a DEFINER statement in the current session so the the current db user becomes the DEFINER. That user can now edit the routine. This means that every day you would have to recreate all the procedures you want to work on. If you forget to export all the routines changed during the previous session, then you have LOST THOSE CHANGES.
f. Another problem is that if you are also connecting to the database externally using e.g. MySQL Workbench, logging in using a db user you have created, then you can do everything except edit any routines created under pma because these have "cpses_db..." user as the DEFINER.
THE SOLUTIONS:
Install your own copy of pma in your hosted enviroment if that option is available in cPanel. This will have to be installed in a folder in the public-html section of the site so you can access it directly from your browser e.g. https://example.com/pmamyadmin/index.php. Login using a user you have created for your database. This user becomes the DEFINER for all your routines and so long as you always use this username, you can always access your routines. (Never use cPanel's pma!)
Be aware that having a copy of pma in the public_html section of your site introduces security issues. Definitely require passwords in pma's config and if practical use .htaccess to limit access to just your IP, etc. But that's another topic.
Always access the database externally (assuming your host permits this) using a local copy of pma or another client like MySQL Workbench. Again, this allows you to control the username for every session.
FINALLY
If neither of these works for you and you must use cPanel's pma, then export all your routines at the end of every session and recreate them (with no DEFINER statement) at the start of the next session. Currently pma doesn't include the DROP in the routine export function (there a change request in for this) so you have to use a database export to get them included. Unless you want a full backup anyway, you just need to export the structure of one table to get this export to work. Make sure you click the "Include DROP..." and "Include Routines..." in the export definition. Edit the export to delete the table definition and globally replace the "DEFINER=cpses_db...#localhost" with "" before using it to recreate the routines next session.
Hope that helps.
I FIX THIS ISSUE IN CPANEL
This shows that there is lack of routines ( Function, Procedures ) privilege for the current user. This will cause even the edit button of routines to be disabled.
In CPanel there is default user that you can not manage their privileges, So, you can not add or remove their privileges.
<<<<< HOW I FIX IT >>>>>:
FIRST
Drop all routines(Function, Procedure) that you have no privilege from your database
SECOND ( import sql file again )
Find the sql file used to import database and remove DEFINER=root#localhost everywhere.
Then import Edited sql file after remove DEFINER=root#localhost .
I think this solution can help someone.
Thanks
It sounds like you don't have permission to edit it, or you're trying to edit it from the wrong DB (schema). Run the following to see which DB it is on:
show function status like '%daily%';
show procedure status like '%daily%';
Are you trying to edit it by executing a statement or by using the gui? If by executing a statement, can you provide your statement? If by statement, make sure you've run this first:
use db_name_here;
Then try to edit your routine again.
Did your user create the procedure, or another user created it? You may not have permission to modify an user's procedure. You can see who created it by running:
show create procedure daily_difference;
Then see if you have permission to edit procedures by running the below statement - you need "ALTER ROUTINE" privilege:
show grants for Your_username_here;
If a user with super privilege created it, you won't be able to edit it - you'll need them to, or you will need to get super privilege.
I'm replying partly as I have a work around and partly for the comedy, as GoDaddy sent me this page as a solution to this problem where, yes the problem is defined but no, there's no solution.
I had to rebuild my SPs in phpMyadmin but for the DEFINER where root#localhost was present, using an account I had created and could use - account#localhost. cPanel doesn't expose the root account AFAIK.
I didn't have all my SPs' definitions elsewhere. But I found that in cPanel \ files \ backup \ the files from there of the MySQL DBs had the SP definitions. That may not be in your hosting package. Backing up from phpMyAdmin didn't help as I still lacked the privileges to make the back up with the definitions.
Related
I have one MySQL 5.6 running in production with a legacy root account that is used for years. As part of a hardening program, I wanted to remove this root account - make it available via another account not named root basically.
After creating another account named adminacc with full accesses on the DB, I deleted the account named root.
Right after this action, all (adminacc could still log in) my others accounts could not log in anymore receiving the below message
SQL State 28000 Error 1045: Access denied for user 'XXX'#'wathever' (using password: YES)
I granted the denied account full accesses on the DB - without success.
I finally recreated my root account (with the same previous password, not sure if relevant here) and my DB accounts went back.
How can it be there is a dependency between an account (would it be the initial root) and another in MySQL? Would it be because I created this other account while connected as root user? Or the other account is trying to query a view created by the root account? I believe not, just throwing thoughts trying to understand.
What I found the most weird in my senario is that the connection from the denied account was not completely denied. When testing the connection from a Windows odbcad32.exe utility, it succeedded! But whenever used in app context (running from the same windows host), it failed.
I did run a capture and here is the output (this is from the app context)
You can see the login actually happens well; few queries are executed properly (basically init statments at session opening like SET NAMES utf8 or SET SQL_AUTO_IS_NULL = 0).
Then the error is thrown when the user tries to execute a SELECT against one of the DB views.
Nota: I found no recommendation from MySQL docs to not delete the initial root account. Nothing describing such situation. Browsing a bit on the internet, I found this previous StackOverflow question but it remained unanswered.
As explained by Akina, this issue was tied to Stored Object Access Control in MySQL. Not only this applies to procedures, functions, triggers but views as well, read this
For stored routines (procedures and functions) and views, the object
definition can include an SQL SECURITY characteristic with a value of
DEFINER or INVOKER to specify whether the object executes in definer
or invoker context. If the definition omits the SQL SECURITY
characteristic, the default is definer context.
My errors actually appear whenever a view was called (and because all of the views were created via this root account and with the SQL SECURITY set to DEFINER - default behavior).
Making a lot of sense now. That being said, the MySQL error message could have been more descriptive on the actual issue!
After years of no problems with my PHP webapp running MySQL 5.5 on the backend, suddenly today I'm having permissions problems.
Whenever I try to run an INSERT statement (either from PHP or from Workbench or Heidi), I get this error message: The user specified as a definer ('my_user'#'1.2.3.%') does not exist
One symptom is that INSERT statements cannot be executed by my PHP nor by remote clients such as Workbench or Heidi. I have tried various solutions suggested by:
MySQL error 1449: The user specified as a definer does not exist
Error: 1449, "The user specified as a definer ('root'#'localhost') does not exist"
Everything points to running a GRANT statement. I have tried various GRANTs as suggested, but I always get this error:
Access denied for user
It seems like my permissions got corrupted or something. So I created a brand new DB user inside BlueHost control panel on my VPS and gave full privileges. I get the same exact errors on this brand new user.
BlueHost support has no idea what to do.
Some Stack articles say to go mess around with TRIGGERS or STORED PROCS permissions - but I don't have any of these types of objects. Simple INSERT statements cause this error, and perhaps UPDATEs as well, but I'm not sure of that at this moment.
The user has FULL PRIVILEGES, as always.
What else can I try? Is there some way to fix corrupted permissions? I can run SELECT statements with no problems.
I tried connecting to the DB with root (using the same pwd as I use when connecting to WHM), but it didn't like my password or maybe the user in general. I never set up root as a specific user against this DB and I'm not sure that's a good idea. I have always used a specific user created just for this DB. Again, past 5 years no problems at all. The DB has not been upgraded, no DB changes, no user changes, nothing.
I sort of solved it. I ended up creating a new database with a different name, and created a new admin user to go with it. Then I ran my db backup/dump script against it. Everything works perfectly again, with this new DB. The old DB is still jacked.
I'm thinking that permissions got corrupted in the old database.
I have a MySQL database hosted on Dreamhost. I've defined a single user for that database, with full rights.
I've just started using MySQL Workbench. I had no trouble connecting to the database. But when I try to view the contents of stored procedures that I created using the web client provided by Dreamhost, I get nothing. By nothing, I mean that right-click | Send to SQL Editor | Create statement does nothing. No new tab, no error message, nothing. Ditto for right-click | Send to SQL Editor | Procedure Call. Ditto when clicking the wrench or lightning icons.
Based on something I found online, it appears to be a rights issue. But when I choose Server | Users and Privileges to try to fix it, I get this message:
"The account you are currently using does not have sufficient privileges to make changes to MySQL users and privileges."
How can that be when there's only one user and that user has all rights?
For me although I granted full privilege on that database, I still cannot view it's store procedure.
So I have to run this:
GRANT SELECT ON mysql.proc TO yourusername#'%';
Problem solved !!
On mysql 8.0.20+ run this to give a user permission to view the procedure:
grant show_routine on *.* to <MYUSER>;
Run this to give the user permission to edit and run procedures:
grant execute, create routine, alter routine on <MYDB>.* to <MYUSER>;
I was able to solve the immediate problem by opening the SP in phpAdmin on the Dreamhost site and cutting and pasting the code into MySQL Workbench, recreating the SP from there. That does seem, however, to keep me from editing the SP on Dreamhost. Clearly something's still wrong, but I can move forward.
Deployed a new version of our app on heroku and migrated over database from previous free jawsdb instance. However now every time user signs up gives
(Mysql2::Error: INSERT command denied to user <username for instance
what have i missed
migrated using a dump and re-import using mysql command line. eye balled exported data and it seems to be there (user emails etc)
all config vars look ok (DATABASE_URL is mysql2...)
i can login to the database via the url
I have not had to grant access or anything like that before, anyone come across this?
thanks
Ben
My guess is they disabled your INSERT grant because you have reached your max Storage Capacity for your plan.
To validate this is a permissions problem, log into a MySQL prompt with the user the app is running as, and enter this query:
SHOW GRANTS;
It probably list many, but no INSERT.
See this link. As explained in given link, jawsdb preliminary plan does not give you permission to add a new database. You are provided with one schema with some random name and you have to work with that only.
Check your migration
e.g. Make sure the database name matches.
For me, I got the same error as OP when trying to migrate my data. This was a fresh account with only a 50kb'ish database; nowhere close to the free-plan 5mb limit.
In my SQL export statement, my local database name is being used, however the remote MySQL (ie JawsDB) service auto-generates a db name, which will obviously not be the same. Simply used find-replace to change the database name to match remote; everything works.
Suppose a user has full read/write access to MySQL database. Is there any way (some parameter in connection string) to connect to database by the same username and password in read-only mode?
I want this without changing this user's permissions because the same user might require write permission too at some other time. This would be useful (if possible) to prevent accidental modification to database.
The answer to your question is
No, there's no way to specify read-only access in the connection string.
Alternatives are
1. Create sql user with read permission
MVC3 Read-Only MySql Connection String
2. create views or stored procedures with permissions checking logic in them
MS SQL Grant permission to only a view
MySQL Grant a user permission to only view a mysql view
3. Implement permissions layer in your business logic
Good Luck!
The best solution here is to create another account on the mysql server with readonly permissions, and connect using that.
Depending on your use case and what control you have you could have the code call "set transaction read only" immediately after connecting, or use the --init-command parameter on connect. This worked for a testing use case we have,
Here's the set transaction doc: https://dev.mysql.com/doc/refman/5.7/en/set-transaction.html, similarly you can also set it as a session variable if that makes a difference https://dev.mysql.com/doc/refman/5.7/en/server-system-variables.html#sysvar_transaction_read_only.