I have a MySQL database hosted on Dreamhost. I've defined a single user for that database, with full rights.
I've just started using MySQL Workbench. I had no trouble connecting to the database. But when I try to view the contents of stored procedures that I created using the web client provided by Dreamhost, I get nothing. By nothing, I mean that right-click | Send to SQL Editor | Create statement does nothing. No new tab, no error message, nothing. Ditto for right-click | Send to SQL Editor | Procedure Call. Ditto when clicking the wrench or lightning icons.
Based on something I found online, it appears to be a rights issue. But when I choose Server | Users and Privileges to try to fix it, I get this message:
"The account you are currently using does not have sufficient privileges to make changes to MySQL users and privileges."
How can that be when there's only one user and that user has all rights?
For me although I granted full privilege on that database, I still cannot view it's store procedure.
So I have to run this:
GRANT SELECT ON mysql.proc TO yourusername#'%';
Problem solved !!
On mysql 8.0.20+ run this to give a user permission to view the procedure:
grant show_routine on *.* to <MYUSER>;
Run this to give the user permission to edit and run procedures:
grant execute, create routine, alter routine on <MYDB>.* to <MYUSER>;
I was able to solve the immediate problem by opening the SP in phpAdmin on the Dreamhost site and cutting and pasting the code into MySQL Workbench, recreating the SP from there. That does seem, however, to keep me from editing the SP on Dreamhost. Clearly something's still wrong, but I can move forward.
Related
After years of no problems with my PHP webapp running MySQL 5.5 on the backend, suddenly today I'm having permissions problems.
Whenever I try to run an INSERT statement (either from PHP or from Workbench or Heidi), I get this error message: The user specified as a definer ('my_user'#'1.2.3.%') does not exist
One symptom is that INSERT statements cannot be executed by my PHP nor by remote clients such as Workbench or Heidi. I have tried various solutions suggested by:
MySQL error 1449: The user specified as a definer does not exist
Error: 1449, "The user specified as a definer ('root'#'localhost') does not exist"
Everything points to running a GRANT statement. I have tried various GRANTs as suggested, but I always get this error:
Access denied for user
It seems like my permissions got corrupted or something. So I created a brand new DB user inside BlueHost control panel on my VPS and gave full privileges. I get the same exact errors on this brand new user.
BlueHost support has no idea what to do.
Some Stack articles say to go mess around with TRIGGERS or STORED PROCS permissions - but I don't have any of these types of objects. Simple INSERT statements cause this error, and perhaps UPDATEs as well, but I'm not sure of that at this moment.
The user has FULL PRIVILEGES, as always.
What else can I try? Is there some way to fix corrupted permissions? I can run SELECT statements with no problems.
I tried connecting to the DB with root (using the same pwd as I use when connecting to WHM), but it didn't like my password or maybe the user in general. I never set up root as a specific user against this DB and I'm not sure that's a good idea. I have always used a specific user created just for this DB. Again, past 5 years no problems at all. The DB has not been upgraded, no DB changes, no user changes, nothing.
I sort of solved it. I ended up creating a new database with a different name, and created a new admin user to go with it. Then I ran my db backup/dump script against it. Everything works perfectly again, with this new DB. The old DB is still jacked.
I'm thinking that permissions got corrupted in the old database.
Error in processing request: No routine with name 'daily_difference' found in database 'chamelis_wp'. You might be lacking the necessary privileges to edit this routine.
If you are using phpMyAdMin (pma) under cPanel, this error results from the fact that cPanel creates a temporary user for every session to log into pma, and therefore the database. If you are working in a hosted environment where you cannot be granted SUPER privileges, and you are creating routines, you are in trouble. Read on.
Stored routines (procedures and functions) in MySQL/Mariadb have a property called DEFINER. This stores the username of the the database user who "owns" that routine. If a db user opens phpMyAdmin (pma) and creates a new routine without explicitly declaring the DEFINER, DEFINER will be populated with the current username. Only a db user that has SUPER permissions can create a routine and declare another user as the DEFINER. Non-SUPER users can only declare themselves as the DEFINER, or leave it blank and the db does it for them. So the db user that you are logged in as gets to be the DEFINER for all routines you create during that session.
The problem you have encountered arises because
a. only the DEFINER of a routine, or a user with SUPER permissions, can edit or export a routine. If a (non-SUPER) user logs in to pma and tries to edit or export an existing routine, then unless they are the DEFINER of that routine they get the error you are seeing, and they cannot access the routine.
b. Even if you have created database user accounts in cPanel, cPanel will not use any of these to launch pma. Under cPanel you are automatically logged using a temp username that it generates. You do not get to see the pma login page - the login happens off-screen - and you are taken straight into the pma home page. You have no control over the username/password used.
d. When you start a new cPanel session (e.g. at the start of each day's work), cPanel changes the temp db user name that it uses to log you into pma. cPanel usernames all have this pattern: "cpses_db...#localhost", where the dots are filled alphanumerics like "hmxbj8s2". I have just logged in and the pma home page tells me that the current database user is "cpses_dbhmxbj8s2#localhost". If I close pma, log out of cPanel, log back into cPanel then reopen pma, the db user name will change. I just did that and the db user for this new session is "cpses_db0z35t107#localhost".
e. If I had created a new routine during my previous session, then the DEFINER for that routine would still be "cpses_dbhmxbj8s2#localhost". Now that I am logged in as "cpses_db0z35t107#localhost", I cannot edit or export that routine. Without a backup or copy of that routine, I have completely lost access to it (it is now, effectively, "orphaned"). The only way to get access is to recreate it using a script without a DEFINER statement in the current session so the the current db user becomes the DEFINER. That user can now edit the routine. This means that every day you would have to recreate all the procedures you want to work on. If you forget to export all the routines changed during the previous session, then you have LOST THOSE CHANGES.
f. Another problem is that if you are also connecting to the database externally using e.g. MySQL Workbench, logging in using a db user you have created, then you can do everything except edit any routines created under pma because these have "cpses_db..." user as the DEFINER.
THE SOLUTIONS:
Install your own copy of pma in your hosted enviroment if that option is available in cPanel. This will have to be installed in a folder in the public-html section of the site so you can access it directly from your browser e.g. https://example.com/pmamyadmin/index.php. Login using a user you have created for your database. This user becomes the DEFINER for all your routines and so long as you always use this username, you can always access your routines. (Never use cPanel's pma!)
Be aware that having a copy of pma in the public_html section of your site introduces security issues. Definitely require passwords in pma's config and if practical use .htaccess to limit access to just your IP, etc. But that's another topic.
Always access the database externally (assuming your host permits this) using a local copy of pma or another client like MySQL Workbench. Again, this allows you to control the username for every session.
FINALLY
If neither of these works for you and you must use cPanel's pma, then export all your routines at the end of every session and recreate them (with no DEFINER statement) at the start of the next session. Currently pma doesn't include the DROP in the routine export function (there a change request in for this) so you have to use a database export to get them included. Unless you want a full backup anyway, you just need to export the structure of one table to get this export to work. Make sure you click the "Include DROP..." and "Include Routines..." in the export definition. Edit the export to delete the table definition and globally replace the "DEFINER=cpses_db...#localhost" with "" before using it to recreate the routines next session.
Hope that helps.
I FIX THIS ISSUE IN CPANEL
This shows that there is lack of routines ( Function, Procedures ) privilege for the current user. This will cause even the edit button of routines to be disabled.
In CPanel there is default user that you can not manage their privileges, So, you can not add or remove their privileges.
<<<<< HOW I FIX IT >>>>>:
FIRST
Drop all routines(Function, Procedure) that you have no privilege from your database
SECOND ( import sql file again )
Find the sql file used to import database and remove DEFINER=root#localhost everywhere.
Then import Edited sql file after remove DEFINER=root#localhost .
I think this solution can help someone.
Thanks
It sounds like you don't have permission to edit it, or you're trying to edit it from the wrong DB (schema). Run the following to see which DB it is on:
show function status like '%daily%';
show procedure status like '%daily%';
Are you trying to edit it by executing a statement or by using the gui? If by executing a statement, can you provide your statement? If by statement, make sure you've run this first:
use db_name_here;
Then try to edit your routine again.
Did your user create the procedure, or another user created it? You may not have permission to modify an user's procedure. You can see who created it by running:
show create procedure daily_difference;
Then see if you have permission to edit procedures by running the below statement - you need "ALTER ROUTINE" privilege:
show grants for Your_username_here;
If a user with super privilege created it, you won't be able to edit it - you'll need them to, or you will need to get super privilege.
I'm replying partly as I have a work around and partly for the comedy, as GoDaddy sent me this page as a solution to this problem where, yes the problem is defined but no, there's no solution.
I had to rebuild my SPs in phpMyadmin but for the DEFINER where root#localhost was present, using an account I had created and could use - account#localhost. cPanel doesn't expose the root account AFAIK.
I didn't have all my SPs' definitions elsewhere. But I found that in cPanel \ files \ backup \ the files from there of the MySQL DBs had the SP definitions. That may not be in your hosting package. Backing up from phpMyAdmin didn't help as I still lacked the privileges to make the back up with the definitions.
Deployed a new version of our app on heroku and migrated over database from previous free jawsdb instance. However now every time user signs up gives
(Mysql2::Error: INSERT command denied to user <username for instance
what have i missed
migrated using a dump and re-import using mysql command line. eye balled exported data and it seems to be there (user emails etc)
all config vars look ok (DATABASE_URL is mysql2...)
i can login to the database via the url
I have not had to grant access or anything like that before, anyone come across this?
thanks
Ben
My guess is they disabled your INSERT grant because you have reached your max Storage Capacity for your plan.
To validate this is a permissions problem, log into a MySQL prompt with the user the app is running as, and enter this query:
SHOW GRANTS;
It probably list many, but no INSERT.
See this link. As explained in given link, jawsdb preliminary plan does not give you permission to add a new database. You are provided with one schema with some random name and you have to work with that only.
Check your migration
e.g. Make sure the database name matches.
For me, I got the same error as OP when trying to migrate my data. This was a fresh account with only a 50kb'ish database; nowhere close to the free-plan 5mb limit.
In my SQL export statement, my local database name is being used, however the remote MySQL (ie JawsDB) service auto-generates a db name, which will obviously not be the same. Simply used find-replace to change the database name to match remote; everything works.
I am using mysqlworkbench to connect to a remote mysql database using a user 'userA'. I am able to select from tables, see the list of functions and stored procedures. I am not able to view/see the code of these functions and stored procedures. Is this because they are defined on the mysql server by user 'root#localhost'? How can I get the user 'usera' to edit view and edit these using mysqlqorkbench?
I assume you have MySQL Workbench.
Just log in with the root user. Go to the Menu "Server->User and Privileges". There you'll see all the users in the left panel. Select 'userA' and then select 'Schema Privileges' from the tab right. Now select the schema on which you want to grant the rights. At the bottom you can see possible rights that can be assigned to the user. Select appropriate rights and Save.
I have MySQL Workbench 6.2.5.0. If you have a different version, please locate the User and Privileges accordingly. Hope that helps!
I am logging in with my main DB user, into Phpmyadmin page/ workbench remote access application and I have permissions issues.
It all started when I tried to alter routines that I have stored in the DB. when trying to alter those routines from the workbench applications nothing just happens.
I can call these routines and execute them, but not alter or get to the scripts.
I searched for hours in distinct forums and get some answers regarding grant access commands
but then I got again permissions issues with error #1142 , command denied to user(main user).
I am really lost here, and already lost hours of work in order to get to the scripts of my routines.
one last note - I have created these routines while I was connected with the same user but from different remote connection (different IP address).
Would really appreciate the help.
here is a solution how I fixed this:
1) Add "mysql" database to the user, you are logged in with
Advice: now you can alter functions and procedures
2) Add the global privilege "SUPER" to your user
Advice: otherwise you will get the following error if you save the procedure/function: "ERROR 1227: Access denied; you need (at least one of) the SUPER privilege(s) for this operation"
CREATE DEFINER = 'admin'#'localhost' PROCEDURE account_count()
SQL SECURITY INVOKER
BEGIN
SELECT 'Number of accounts:', COUNT(*) FROM mysql.user;
END;
See the above example.
You need to login using super user and change the definer parameter in the procedure based on your new username and hostname. The same definer who created can edit the stored procedure.