This question already has an answer here:
CREATE command denied to user?
(1 answer)
Closed 6 years ago.
I am trying to do the right thing (?) and not run MySQL as root all the time. So I have create a user 'jonathan'#'localhost' for which the following privileges are listed:
mysql> SHOW GRANTS FOR CURRENT_USER;
+-------------------------------------------------------------------------+
| Grants for jonathan#localhost |
+-------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'jonathan'#'localhost' |
| GRANT ALL PRIVILEGES ON `sampledb`.`sampledb` TO 'jonathan'#'localhost' |
+-------------------------------------------------------------------------+
2 rows in set (0.00 sec)
However, when I do:
mysql> use sampledb;
Database changed
Followed by:
mysql> CREATE TABLE Person (
-> id int NOT NULL AUTO_INCREMENT,
-> name VARCHAR(100),
-> address VARCHAR(200),
-> birthdate DATE,
-> PRIMARY KEY (id)
-> );
ERROR 1142 (42000): CREATE command denied to user 'jonathan'#'localhost' for table 'person'
It says CREATE command denied as visible above. Why doesn't this work? Shouldn't I have 'ALL PRIVILEGES' and doesn't that include CREATE?
Did you flush privileges after the grant statement?
Have you flushed MySQL's privileges after the GRANT by running the following command?
FLUSH PRIVILEGES;
Related
how do I grant a new user the privilege to create a new database in MySQL
Specifically:
the database does not exist yet
I have successfuly created a new DB user account (that is not admin)
I want that non-admin user to create a new database
I do NOT want the 'admin' user to create the database and then grant privs to the database to the new user
as 'admin', I want to grant the new user the privilege to create a new database
I do not want to grant the new user any additional privileges on existing databases
This is not covered anywhere in the documentation that I can find.
Monday 2022-04-04
Update:
I created user 'scott' and then logged in as MySQL user 'admin' When I run this command
Note: The 'test' database does not yet exist
mysql>GRANT CREATE ON test.* to 'scott'#'localhost';
I get an error
==> ERROR 1410 (42000): You are not allowed to create a user with GRANT
Why do I get this error? I am not attempting to create a user, but rather grant a user access to a non-existent database (as is the approach with MySQL to grant a user privileges to create a database).
If up update the SQL statement to:
mysql>GRANT CREATE ON test.* to scott;
It runs OK
Query OK, 0 rows affected (0.07 sec)
And so now I login as user 'scott and run this statement:
mysql>create database rum;
==> ERROR 1049 (42000): Unknown database 'test'
Why do I get this error?
At this point, I am still not able to create a database as a non-admin user.
Example: grant "scott" the privilege to create the test3 database, which does not exist yet:
mysql> select user();
+----------------+
| user() |
+----------------+
| root#localhost |
+----------------+
mysql> grant create on test3.* to 'scott'#'localhost';
Query OK, 0 rows affected (0.01 sec)
Now try as scott to create the database:
mysql> select user();
+-----------------+
| user() |
+-----------------+
| scott#localhost |
+-----------------+
mysql> show grants;
+---------------------------------------------------------+
| Grants for scott#localhost |
+---------------------------------------------------------+
| GRANT USAGE ON *.* TO `scott`#`localhost` |
| GRANT ALL PRIVILEGES ON `test`.* TO `scott`#`localhost` |
| GRANT CREATE ON `test3`.* TO `scott`#`localhost` |
+---------------------------------------------------------+
mysql> create database test3;
Query OK, 1 row affected (0.00 sec)
mysql> use test3;
Database changed
MySQL has one privilege called CREATE which is for creating both databases and tables. See https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_create
You can either grant the user privilege to create a database of a specific name, or else grant them the privilege to create a database of any name, but that means they can also create other tables, either in the new database or in other existing databases. Sorry, there may not be a solution for you to allow them to create any new database without specifying the name when you grant the privilege, but then only have privilege in that database.
You are not allowed to create a user with GRANT
You did not create the user scott. Older versions of MySQL allows GRANT to implicitly create a user if one does not exist, but that has been disabled on more recent versions because folks realized it is a security weakness.
To be clear, the user "scott" is just an example I used. Don't literally use the name "scott" if that's not the user to whom you want to grant privileges.
The other errors you got seem to be that you granted the user privileges on a database named test.* but then you tried to create a database with a different name. The example I showed only grants the privilege to create the specific named database, not a database named rum or any other database.
I understand you want to grant privilege to create a database of any name. The syntax for that would be GRANT CREATE ON *.* TO... but that would grant the user privileges on all the other existing databases too.
There is no combination of syntax to grant privileges on any database name wildcard that means any database, provided that it is not yet created.
This question already has answers here:
Can't find any matching row in the user table
(4 answers)
Closed 3 years ago.
I logged in as root with
sudo mysql -u root
and created a database xxx with this command:
CREATE DATABASE xxx;
I want to give privileges to user webuser on xxx with this command:
GRANT ALL PRIVILEGES ON xxx.* TO 'webuser'#'localhost';
I'm getting this messages:
ERROR 1133 (42000): Can't find any matching row in the user table
What am I doing wrong?
Additional information:
The user already exists. This:
mysql> SELECT User, Host FROM mysql.user WHERE User='webuser';
outputs as:
+---------+------+
| User | Host |
+---------+------+
| webuser | % |
+---------+------+
1 row in set (0.00 sec)
it's better to use this link create user and add privileges
or just before run this command
GRANT ALL PRIVILEGES ON xxx.* TO 'webuser'#'localhost'
you should do this
CREATE USER 'webuser'#'localhost' IDENTIFIED BY 'password'
with this command you add the webuser in the mysql user on localhost with the password of 'password'
and after that add privileges to your user
This is the user privileges:
GRANT USAGE ON *.* TO 'LMMXT'#'localhost' IDENTIFIED BY PASSWORD '*...'
GRANT ALL PRIVILEGES ON `LMMXT`.`*` TO 'LMMXT'#'localhost'
I can LOGIN with the user, USE Database, but always when I want CREATE TABLE:
# mysql -u LMMXT -p -h localhost
mysql> use LMMXT
Database changed
mysql> create table test;
ERROR 1142 (42000): CREATE command denied to user 'LMMXT'#'localhost' for table 'test'
And:
mysql> SELECT USER(),CURRENT_USER();
+---------------------+---------------------+
| USER() | CURRENT_USER() |
+---------------------+---------------------+
| LMMXT#localhost | LMMXT#localhost |
+---------------------+---------------------+
1 row in set (0.00 sec)
So, also I've tried with:
mysql> FLUSH PRIVILEGES;
User is set for host access from 'localhost' and '%'
I've seen other solutions on StackOverflow, but none works.
Thanks in advance
Try changing your grant statement to
GRANT ALL PRIVILEGES ON LMMXT.* TO 'LMMXT'#'localhost'
I'm not sure if the ` characters around the statement are causing a problem
I'd like to create a user who has all privileges with his own database in MySQL.
When I use this user to create a table, MySQL returns that the SQL server is running with read-only option.
However when I changed to an another existing user with all privileges on *.*, I can create table without error.
I'm wondering if the read-only option is global or what?
The following is my MySQL commands using MySQL root:
mysql> create user 'demo'#'localhost' identified by 'demo';
mysql> create database demo;
mysql> grant all privileges on demo.* to demo#localhost;
mysql> show grants for demo#localhost;
+-------------------------------------------------------------------------------------------------------------------+
| Grants for demo#localhost |
+-------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'demo'#'localhost' IDENTIFIED BY PASSWORD '*demo-hashed*' |
| GRANT ALL PRIVILEGES ON `demo`.* TO 'demo'#'localhost' |
+-------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
Then I switched to user "demo":
mysql> use demo;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> create table t(t1 int);
ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement
So I checked the read-only option, and it seems to be on.
However then I tried using another user with privileges on *.* and I can create tables successfully.
The another user grant setting:
mysql> show grants for demo2#'%';
+-----------------------------------------------------------------------------------------------------------------+
| Grants for demo2#% |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'demo2'#'%' IDENTIFIED BY PASSWORD '*demo2-hased*' |
+-----------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
MySQL version:
mysql> select version();
+------------------------+
| version() |
+------------------------+
| 5.1.68.0 |
+------------------------+
1 row in set (0.00 sec)
BTW, after I set read_only = 0 I can use demo to create table. I just don't know why the demo2 can create table while read-only is on.
Thanks!
Please check the My.cnf for Linux or My.ini for windows under [mysqld] remove read only parameters then restart the service and try again that will solve the read only problem, but if you create table in read only that will be a temp table.
I have created a user in mysql. Now i want to delete the user ? How to do that? I am getting this error :
ERROR 1396 (HY000): Operation DROP USER failed for 'user'#'localhost'
I am using this command :
DROP USER 'user'#'localhost';
Its an amazon machine.
Thanks
It was because i created the user using command :
CREATE USER 'user'#'%' IDENTIFIED BY 'passwd';
and i was deleting it using :
drop user 'user'#'localhost';
and i should have used this command :
drop user 'user'#'%';
It is likely that the user you are trying to drop does not exist. You can confirm (or not) whether this is the case by running:
select user,host
from mysql.user
where user = '<your-user>';
If the user does exist then try running:
flush privileges;
drop user 'user'#'localhost';
Another thing to check is to make sure you are logged in as root user
If all else fails then you can manually remove the user like this:
delete from mysql.user
where user='<your-user>'
and host = 'localhost';
flush privileges;
How to solve problem like this:
mysql> drop user 'q10'#'localhost';
ERROR 1396 (HY000): Operation DROP USER failed for 'q10'#'localhost'
First:you should check what host of your user,such as:
mysql> select host,user from user;
+-----------+------+
| host | user |
+-----------+------+
| % | q10 |
| localhost | root |
| localhost | sy |
| localhost | tom |
+-----------+------+
if I drop user 'q10',the command is :
mysql> drop user 'q10'#'%';
Query OK, 0 rows affected (0.00 sec)
And if I drop user 'tom',the command as follow:
mysql> drop user 'tom'#'localhost';
Query OK, 0 rows affected (0.00 sec)
Try using 'user'#'localhost' without quotes:
DROP USER user#localhost;
It should work that way in MySQL 8. I also had that problem.
delete from mysql.user where user='user_name' and host = 'localhost';
flush privileges;
Working for me...