I am trying to grant a newly created user the ability to create tables.
I would have thought it would be
GRANT CREATE TABLE ON databaseName.* TO userName_3;
However, I receive a syntax error while trying to execute this SQL statement.
Would anyone be able to tell me why it is not working?
Thanks
Read this
SQL Server grand permission
GRANT CREATE ON SCHEMA :: databaseName TO userName_3;
For MySQL
GRANT CREATE ON databaseName.* TO userName_3;
You can't use the TABLE in the query
Table Privileges
Table privileges apply to all columns in a given table. To assign
table-level privileges, use ON db_name.tbl_name syntax:
GRANT ALL ON mydb.mytbl TO 'someuser'#'somehost'; GRANT SELECT, INSERT
ON mydb.mytbl TO 'someuser'#'somehost'; If you specify tbl_name rather
than db_name.tbl_name, the statement applies to tbl_name in the
default database. An error occurs if there is no default database.
The permissible priv_type values at the table level are ALTER, CREATE
VIEW, CREATE, DELETE, DROP, GRANT OPTION, INDEX, INSERT, REFERENCES,
SELECT, SHOW VIEW, TRIGGER, and UPDATE.
Table-level privileges apply to base tables and views. They do not
apply to tables created with CREATE TEMPORARY TABLE, even if the table
names match. For information about TEMPORARY table privileges, see
Section 13.1.18.3, “CREATE TEMPORARY TABLE Syntax”.
MySQL stores table privileges in the mysql.tables_priv table.
Related
I am building a database for students. I want the students to be able to perform any action on the database, create tables etc. I do not want them to delete the master table.
So far, I granted them almost all the permissions using this grant
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD,
PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES,
CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE,
REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW,
CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER
ON *.*
TO 'mta_student'#'%' WITH GRANT OPTION
However, how can I keep them from interfering with master_table I have?
a data table?
You can't revoke a specific privilege that hasn't been granted specifically. In this case, you haven't granted access per table, so you can't revoke access per table.
The only way to accomplish what you describe is to locate your master_table in a separate schema:
create schema main;
rename table master_table to main.master_table;
Then grant your students privileges on other schemas, but not the main schema.
grant ... on student_schema.* to 'mta_student'#'%';
Problem: I have a program that backs-up databases by creating a copy of a live database and then epoch time stamps it.
query = `CREATE DATABASE IF NOT EXISTS myDb-${dateStamp} `;
When I later try to delete that newly created database with the same credentials as used to create it result is Access denied for user.
Is there a query that can do the following?
create a table \ Schema with a user account
simultaneously give full privileges to the creating user
creating user does not have root MySQL privileges
enable multi query and write them all in your query variable. separated by semicolon, that will execute them sequentially. but never simultaneous
query = "CREATE DATABASE IF NOT EXISTS myDb-${dateStamp}; GRANT ALL ON myDb-${dateStamp}.* TO 'ROOT'#'localhost'; CREATE USER 'TESTUSER'#'localhost' IDENTIFIED WITH mysql_native_password BY 'my-strong-password-h'; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, INDEX, DROP, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON myDb-${dateStamp}.* TO 'TESTUSER'#'localhOST'; USE myDb-${dateStamp}; CREATE TABLE Tablex SELECT * FROM Table1;"
And so on.
Mysql doesn't mind a singe query or multiple, as long the basic language like php can handles multi querys.
Or you do them one by one
Its been a while since I've done mysql. What I want to do is to get rid of all the "prs_db" redundancy from the following database creation script. How do I do this?
CREATE DATABASE `prs_db`;
GRANT
SELECT, INSERT, UPDATE, DELETE, LOCK TABLES, EXECUTE
ON
`prs_db`.*
TO
'prs'#'%' IDENTIFIED BY 'freakingSecret';
GRANT
ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE,
DROP, EXECUTE, INDEX, INSERT, LOCK TABLES, SELECT, SHOW VIEW, TRIGGER, UPDATE
ON
`prs_db`.*
TO
'prs_admin'#'%' IDENTIFIED BY 'evenMoreSecretShhhh';
FLUSH PRIVILEGES;
Add a USE statement after your CREATE like
CREATE DATABASE `prs_db`;
USE `prs_db`;
the USE statement causes MySQL to use the db_name database as the default (current) database for subsequent statements
grant LOCK TABLES, SELECT,ALTER,INSERT,CREATE ON `databasetoupgrade%`.* to 'someuser'#'localhost';
those are the privileges I gave a users that needs to be able to ALTER a table (add columns, ...)
the mysql documentation states that alter, insert, create is needed, but even with lock tables and select permissions, I still get the error that the user does not have enough permissions to do ALTER.
When I give the user all privileges on those tables/databases is works.
Does anyone know what the EXACT privileges are that I need to do ALTER? Of which one did I forget in the list above?
This post can be closed, this fixed it:
grant ALTER, LOCK TABLES, SELECT, INSERT, CREATE
I might have screwed up somewhere in my previous commands...
These grants now work fine (for backups) + ALTER command:
grant ALTER, LOCK TABLES, SELECT, INSERT, CREATE
Our users log into the production database as a fairly low-level user, with SELECT granted at the database level, and INSERT/UPDATE/DELETE granted on the specific tables they need access to.
They also have permissions to create temporary tables (we need them for some of the more complicated queries). The problem is that whilst they can create the temporary tables, they don't have access to INSERT into them!
A workaround we have found is to create a "real" (persistent?) table of the same name (but with only one field) and grant access for them to insert into that. Then, when the temporary table is created with the same name, the system will use that, not the persistent table.
mysql> CREATE TEMPORARY TABLE `testing` (`id` INTEGER AUTO_INCREMENT PRIMARY KEY, `name` VARCHAR(30));
Query OK, 0 rows affected (0.04 sec)
mysql> INSERT INTO `testing` (`name`) VALUES ('testing');
ERROR 1142 (42000): INSERT command denied to user 'stduser'#'office.companyname.co.uk' for table 'testing'
If you try to grant access to the table (in another session, as root), you can't:
mysql> GRANT INSERT ON testdb.testing TO 'stduser'#'%';
ERROR 1146 (42S02): Table 'testdb.testing' doesn't exist
So my question is, basically, can we grant INSERT/UPDATE/DELETE on temporary tables without having a "persistent" table of the same name hanging around?
According to the MySQL reference :
MySQL enables you to grant privileges
on databases or tables that do not
exist. For tables, the privileges to
be granted must include the CREATE
privilege.
So, try including CREATE permission on the grant statement above.
One way around this will be to create a special database and grant the user write access to it, and then have it create those temporary tables in that special database.
MySQL grants are independent of the object actually existing - you can grant on tables which don't (yet) exist and those permissions would be assigned to a table if it were to be created. This means that you can grant a user permission to create a specific table.
I'd be tempted to create a database just for temp tables, (called, say, temp) and grant the users access to that database. Database-based permissions are much easier to manage than per-object ones.