I have granted all permissions on a database to a user 'demo' with this command:
grant all privileges on wordpress.* to demo#localhost;
Now i want to revoke the user permissions on the table wp_users. I used this command:
revoke all privileges on wordpress.wp_users from demo#localhost;
But i get this error:
ERROR 1147 (42000): There is no such grant defined for user 'demo' on host 'localhost' on table 'wp_users'
Why i am getting this error?
Because, as indicated, you're trying to revoke a grant that doesn't exist.
Making a broad grant makes a broad grant; it doesn't automatically make lots of individual grants that you can then cherry-pick away afterwards.
Simply grant access to the tables you want.
Related
There is a MySQL user with database level privileges, as shown in the screen shot below. However, when an attempt is made to revoke privileges for this user, an error 1141 is the result. Why is this error being generated? How can the privileges be revoked?
I entered show grants for 'api_user'#'localhost'; and got the ERROR 1141 message.
Edit:
Here I entered REVOKE ALL PRIVILEGES FROM 'api_user'#'localhost'; and got a syntax error message.
Since the user only has grants on a single database, I think you need to specify that database in the REVOKE command:
REVOKE ALL PRIVILEGES ON api_example.* FROM api_user#localhost;
If that doesn't work, try dropping the user:
DROP USER api_user#localhost;
From the documentation:
The DROP USER statement removes one or more MySQL accounts and their privileges. It removes privilege rows for the account from all grant tables.
If the grant tables hold privilege rows that contain mixed-case database or table names and the lower_case_table_names system variable is set to a nonzero value, REVOKE cannot be used to revoke these privileges. It will be necessary to manipulate the grant tables directly. (GRANT will not create such rows when lower_case_table_names is set, but such rows might have been created prior to setting the variable.)
MySQL Revoke LowerCase
I am trying to grant privileges to another user using phpmyadmin, I have access to the root user (cl43-flexfit) and have tried querying the following
GRANT ALL PRIVILEGES ON `cl43-flexfit`.* TO 'supuser'#'localhost';
But receive a response of:
Access denied for user 'cl43-flexfit'#'%' to database 'cl43-flexfit'
Although I use that database with the cl43-flexfit user frequently.
I have also looked at what the root users privileges are using SHOW GRANT
and was shown these:
GRANT USAGE ON *.* TO 'cl43-flexfit'#'%' IDENTIFIED BY PASSWORD 'password'
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON `cl43-flexfit`.* TO 'cl43-flexfit'#'%' WITH GRANT OPTION
and even when I try to add permissions to the user for every database (replacing cl43-flexfit.* with * .*) I get an error saying I do not have permission
Access denied for user 'cl43-flexfit'#'%' (using password: YES)
I have been in contact with my hosting service and they have said that everything is correct on their end.
I also do not have access to the privileges tab in PHPMyAdmin and therefore can not use the GUI, it must be done through written commands.
Thanks in advance and apologise if I have a lack of understanding
You cannot GRANT ALL unless you also hold all privileges, along with GRANT OPTION, which you do not.
You have to grant explictly, and list only the permissions that you have (and want to grant).
You can't grant anything ON *.* unless you globally hold the privilege you are trying to grant, on all objects, plus GRANT OPTION. Again, you don't have this.
USAGE means only that you are allowed to log in to the server, nothing more. This is a special case of ON *.* carrying no significant meaning, because merely logging into the server is associated with no particular object.
The hosting service is correct.
If you have other users, you can make only explicit grants of listed permissions, using the format shown in your own SHOW GRANTS output.
GRANT SELECT, INSERT, [more...], TRIGGER ON `cl43-flexfit`.* TO 'my-other-existing-user'#'%';
I want to have a non-root mysql user that can create another databases and users and grant access to that users to created databases. To do this as root I firstly created a user
CREATE USER asusi_admin#localhost IDENTIFIED BY '123';
Then I grant create user PRIVILEGE to this user
GRANT CREATE USER ON *.* TO 'asusi_admin'#localhost';
Then I grant all privileges to this user for the every database he creates
GRANT ALL PRIVILEGES ON `asusi\_%`.* TO 'asusi_admin'#'localhost WITH GRANT OPTION;
Now I'm flushing privileges
FLUSH PRIVILEGES;
Now I'm logging on to MySQL as newly created user asusi_admin and creating a new database
Now I'm creating a new database
CREATE DATABASE asusi_database;
Now I'm checking that I can use this database
USE asusi_database;
I can use this database, good
Now I'm creating a new user
CREATE USER 'asusi_user'#'localhost' IDENTIFIED '123';
Now I want to grant select privilege to the created user
GRANT select on `asusi_database`.* 'asusi_user'#'localhost'
And here I'm getting an error: 'Access denied for user 'asusi_admin'#'localhost' to database 'asusi_superdb'
Should I relogin as root and explicitly grant access to this database to a asusi_user
GRANT ALL PRIVILEGES ON `asusi_database`.* TO 'asusi_admin'#'localhost WITH GRANT OPTION;
and then relog in as asusi_admin and run the command again
GRANT select on `asusi_database`.* 'asusi_user'#'localhost'
this time it gives me no error and user asusi_user can read database asusi_database. Apparently MySQL wants me to explicitly grant access to the user asusi_admin for the every created database via root account. But I don't want to use the root account. I thought that after executing this command
GRANT ALL PRIVILEGES ON `asusi\_%`.* TO 'asusi_admin'#'localhost WITH GRANT OPTION;
user asusi_admin will be able to grant access to other users to the ecery database that stats with 'asusi_' prefix. May be I missed something or this behavior is designed to be that way?
It seems this is a confirmed bug, that was not fixed yet https://bugs.mysql.com/bug.php?id=75097, so nothing you can do right now with it.
I want to allow remote connection from a certain IP.
I have a use coszi_crawl and DB name is same too.
I am logged into server using coszi_crawl user.
I have run this command
GRANT ALL PRIVILEGES ON coszi_crawl.* TO 'coszi_crawl'#'39.32.%' IDENTIFIED BY 'abcqwe' WITH GRANT OPTION;
But this is giving me this error
ERROR 1044 (42000): Access denied for user 'coszi_crawl'#'localhost' to database 'coszi_crawl'
P.S.:
Though I can access coszi_crawl DB from Browser using PHPmyadmin with user coszi_crawl
How can I can solve this problem?
You should use the root account on your database server to update the priviledges, by default the user coszi_crawldoes not have access to granting priviledges on databases.
It means You don't have GRANT OPTION privilege. Login to user having GRANT OPTION privileges, only that user can give grant to other users.
Generally or by default root user has all the privileges so use that user.
Grant privilege
From the control panel of my website I have created a new MySQL(5) database Test and a new user admin with password 123. I have tried assigning privileges to the user admin using:
GRANT ALL PRIVILEGES ON *.* TO 'admin'#'localhost'
or
GRANT ALL PRIVILEGES ON *.* TO 'admin'#'Test'
I keep getting the following error:
#1045 - Access denied for user 'admin'#'%' (using password: YES)
I need the following privileges for the user admin:
CREATE, ALTER, DELETE, INSERT, SELECT, UPDATE, LOCK TABLES
How do I make that in a query from phpMyAdmin?
I guess you are trying to change privileges of 'admin'#''%' being logged in as that user. This is strange.
You can display which user you are logged in as using
SELECT USER();
Then check grants that account already has:
SHOW GRANTS FOR 'admin'#''%';
We came to the conclusion you have
GRANT ALL PRIVILEGES ON `Test`.* TO 'admin'#'%'
That says you already have all privileges on all tables in database Test. You cannot further grant those privileges to other users, though (otherwise there would be WITH GRANT OPTION).
During the installation of MySQL, root user is always created. Use it to grant privileges to other accounts.
More info in manual:
2.10.2. Securing the Initial MySQL Accounts
6.3.2. Adding User Accounts
After run these statements try to execute FLUSH:
FLUSH PRIVILEGES;
From MYSQL Reference Manual :
(...) If you change the grant tables directly but forget to reload them, your changes have no effect until you restart the server. This may leave you wondering why your changes do not seem to make any difference!
To tell the server to reload the grant tables, perform a flush-privileges operation. (...)
Login as a root user then grant all privileges to admin user.
GRANT ALL PRIVILEGES ON `test`.* TO 'admin'#'localhost';