Can't grant privileges to users on Azure MySQL database - mysql

yesterday I deployed a MySQL database image from the Azure marketplace. It is this one issued by Microsoft. I can connect with the user I specified in the Azure portal and was able to create an additional user for testing purposes and grant it all privileges on two different databases. However, if try to do the same today I get the infamous Error Code: 1044. Access denied for user 'admin'#'%' to database 'mysql'. I have read that some MySQL versions on Azure do not support user privilege handling, but I was already able to do it with this image version. I even verified that the created user had access to the specified databases and inserting/selecting data from it was also working. I have tried setting up a fresh database with a new testuser to no avail, as i received the same error. This is basically what I did:
CREATE USER 'user'#'%' IDENTIFIED BY 'pw';
GRANT INSERT ON db.* TO 'user'#'%' IDENTIFIED BY 'pw';
FLUSH PRIVILEGES;
After the user was created I also checked with SHOW GRANTS FOR 'user'#'%' for the given permissions and they were there. The admin user specified in the Azure portal also has grant_priv privileges. Can someone please help me to understand why all of a sudden it is not possible for me to grant even simple privileges to newly created users? It should be possible as this Blogpost from an Microsoft employee suggests. Clearly I am missing something as such a basic feature should be included.

Related

How to give all privileges to a new user that I created 'user#%'

I switch to MySQL 8 recently; earlier I was using MySQL 5.7 in GCP. I know questions like this have already been asked, but I didn't have any luck. My question is, I want to create a new user just say 'user1' and grant all privileges to a user account on all databases.
The query I am using for user creation:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
For privileges:
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
This privileges query used to work on MySQL 5.7, but when I try to run this query in MySQL 8, I get this error (I logged in as root user and MySQL is in GCP):
SQL Error (1045): Access denied for user 'root'#'%' (using password: YES)
I also tried to run this query one after another like this:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
But still I get the same error. I came to know that in MySQL 8 localhost root user have all the privileges, but my server is in Google Cloud, so how can I grant all the privileges to the user I created?
When I run this query in the mysql-8 (I am using HeidiSQL to connect the DB and run query)
SELECT * FROM mysql.user;
I got this output:
In this there are two root users:
For one host is localhost/127.0.0.1 (With all the privilege).
For other host is % (Not have any privilege).
I think I logged in as a user with host-% because my server is in GCP, that's why I cannot give any privilege to the user that I have created. So is there any way to give full permission to the
root#%
so that I can give full permission to the other users, Because I don't think there is any way to log in as a root#localhost
The problem here is that you are trying to create a super user, which is not something supported in cloud SQL, as you can see in this documentation:
Cloud SQL does not support SUPER privileges, which means that GRANT ALL PRIVILEGES statements will not work. As an alternative, you can use GRANT ALL ON %.*.
This alternative mentioned could be enough to grant the permissions you expected.

How to revoke and grant permissions to a user with GCP's new managed MySQL 8.0

I had no problems making a test MySQL server and applying permissions a week ago with their MySQL 5.7, but trying out the new 8.0 version, I can't seem to alter permissions as easily, if at all. I'm logged in as root remotely, but a local cloud shell instance does the same.
I'm trying to create a new user that only has access to one database, but I can't seem to get past the part where I revoke all default permissions first.
My method:
CREATE USER 'test_user'#'%' IDENTIFIED BY '{password}';
Gives no error. (I've also tried creating a user through GCP's admin panel)
SHOW GRANTS FOR 'test_user'#'%'; returns GRANT USAGE ON *.* TO `test_user`#`%` (I assume this means the new user has full permissions?)
Then, trying to remove all privileges to start fresh with the user,
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'test_user'#'%';
shows:
Error: UNKNOWN_CODE_PLEASE_REPORT: Access denied for AuthId `root`#`%` to database 'mysql'.
I'm pretty new to Mysql, so I'm unsure if this is my fault or just a bug. Thank you!
First, I would like to point out that GRANT USAGE ON *.* TO test_user#% means the inverse, it means that the user has no privileges ! ( more info: Mysql Reference )
Secondly, I think that's what causing the error is the ALL PRIVILEGES keyword, it may have been removed in v8.0, so just go straight after user creation and grant him the privileges that you want on a table/database.

Website connecting to database but not reading any data

I have four websites, each of which were being accessed with a singular username/password which had privileges on all of the databases.
However, for security reasons, I've finally set up a new user for each site, with each user only having access to the necessary database. Here is the code that I used to create the user and grant privileges for one particular database -
CREATE USER 'wedding1'#'localhost' IDENTIFIED BY 'somepass';
GRANT ALL PRIVILEGES ON wedding1.localhost TO 'wedding1'#'localhost';
However, when I log in to PHPMyAdmin using the credentials for the user I just created, the database is shown as expected but none of the tables are listed.
No entries are placed in my logs and I have tried to FLUSH PRIVILEGES;
Am I missing something from the above lines that could be causing this behaviour? Thanks.
You only granted privileges on a table called localhost within wedding1 DB. I am guessing this is not what you want. Change your grant statement as follows:
GRANT ALL PRIVILEGES ON wedding1.* TO 'wedding1'#'localhost';

mysql access denied while creating new user

I want to create a new mysql user and database demo in my company. Here is the commands i input in the mysql.exe :
create user 'admin'#'localhost' identified by 'admin';
create database dem;
Everytime i have that response:
access denied for user ''#'localhost' to database.
Actually i refered to that similar question :
MySQL - Access denied for user
Can anyone help please ???
I would suggest creating the database first then you can create a user, and use the GRANT option to allow permissions to that user for whatever you find necessary. However, creating a user first then a database while it's able to "potentially" work, isn't the best practice with MySQL. So you want to effectively do the Steps as such:
Create Database
Create User
GRANT permissions
???
Profit
You have to GRANT access to admin for dem.
GRANT ALL PRIVILEGES ON *.* TO 'admin'#'%' WITH GRANT OPTION;
You may have to also GRANT the same for admin#localhost as well. IIRC if you ever logon remotely with admin you would inherit the base privileges unless otherwise GRANTed
You can find many answers HERE.

Can not login as newly created MySQL user

I am working on a project for a client, and instead of using my usual 'root' SQL password, I needed to create a new User/Password with specific access rights. I looke up how to do this and found that I should use the following:
CREATE USER 'AppSrv'#'%' IDENTIFIED BY 'some_pass';
GRANT ALL PRIVILEGES ON some_db.* TO 'AppSrv'#'%' WITH GRANT OPTION;
When I run select * from mysql.user; I can see that the user has been added to the table, however when using PDO or PHPMyAdmin I get an error stating: Access denied for user 'AppSrv'#'localhost'
I have created users in the past without a problem, and am not sure why it is now not working. I have attempted rebooting the SQL server as well with no avail.
Running:
Linux version 3.2.0-24-virtual (buildd#crested) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) )
MySQL v5.5.28-0ubuntu0.12.04.3 - (Ubuntu)
What could be a possible fix to create new users for my SQL Server?
EDIT
I have also tried using PHPMyAdmin to create the user, and even that fails when trying to login.
Create the account with #'localhost':
CREATE USER 'AppSrv'#'localhost' IDENTIFIED BY 'some_pass';
GRANT ALL PRIVILEGES ON some_db.* TO 'AppSrv'#'localhost' WITH GRANT OPTION;
Otherwise the anonymous-user account for localhost that is created by mysql_install_db would take precedence - see mysql doc adding users or access denied