So I'm trying to export a schema/DB out of mysql and I'm getting a weird error.
I also ran several grant commands (see below) which I believe should be enough to let me export the data. On MySQLWorkbench, I logged in as a user mentioned in the grand commands.
Any ideas what I could be doing wrong? Thanks a lot
Error:
Unhandled exception: Error querying security information: Error executing 'SELECT * FROM mysql.user WHERE User='mydb' AND Host='myhost.com' ORDER BY User, Host'
SELECT command denied to user 'mydb'#'my-ip-here' for table 'user'.
SQL Error: 1142
grant commands:
mysql> use mysql;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> grant all privileges on mydb.* to 'mydb'#'%' identified by 'mypassword';
Query OK, 0 rows affected (0.05 sec)
mysql> grant show databases on *.* to 'mydb'#'%';
Query OK, 0 rows affected (0.01 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)
mysql> show grants for 'mydb'#'%';
+--------------------------------------------------------------------------------------------------------------+
| Grants for mydb#% |
+--------------------------------------------------------------------------------------------------------------+
| GRANT SHOW DATABASES ON *.* TO 'mydb'#'%' IDENTIFIED BY PASSWORD 'mypassword' |
| GRANT ALL PRIVILEGES ON `mydb`.* TO 'mydb'#'%' |
+--------------------------------------------------------------------------------------------------------------+
Related
I'm trying to create a MySQL user with permissions from anywhere, but the command is failing:
MariaDB [(none)]> create user 'accounts'#'%' identified by 'password';
ERROR 1396 (HY000): Operation CREATE USER failed for 'accounts'#'%'
But if I change the permissions to access it from only localhost it works:
MariaDB [(none)]> CREATE USER 'accounts'#'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.01 sec)
I have a database called accounts:
MariaDB [(none)]> show databases like 'accounts';
+---------------------+
| Database (accounts) |
+---------------------+
| accounts |
+---------------------+
1 row in set (0.02 sec)
But I have to also create a user called accounts as well.
Note, I am doing this for work so I do not make decisions on who can access the DB from where.
Why does the first command fail?
I'm trying to grant all privileges to a specific IP but when I try to get the list of privileged IPs it always shows only localhost, I followed the instructions in this question but it doesn't do any changes, what am I doing wrong?
MariaDB [(none)]> GRANT ALL ON database.* TO 'root'#'192.168.3.1' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show grants;
+---------------------------------------------------------------------+
| Grants for root#localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show slave status;
ERROR 1227 (42000): Access denied; you need (at least one of) the SUPER,REPLICATION CLIENT privilege(s) for this operation
mysql> show grants;
+------------------------------------------------------------------+
| Grants for root#192.168.1.5 |
+------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'root'#'192.168.1.5' |
| GRANT ALL PRIVILEGES ON `western_star`.* TO 'root'#'192.168.1.5' |
+------------------------------------------------------------------+
2 rows in set (0.00 sec)
Note:
I still get denied even though I logged in with my user remotely and I have the permissions.
mysql> show slave status;
ERROR 1227 (42000): Access denied; you need (at least one of) the SUPER,REPLICATION CLIENT privilege(s) for this operation
mysql> show grants;
+------------------------------------------------------------------+
| Grants for root#192.168.1.5 |
+------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'root'#'192.168.1.5' |
| GRANT ALL PRIVILEGES ON `western_star`.* TO 'root'#'192.168.1.5' |
+------------------------------------------------------------------+
2 rows in set (0.00 sec)
Try running this statement:
SHOW GRANTS FOR 'root'#'192.168.3.1' ;
And compare to the return from this:
SHOW GRANTS FOR 'root'#'localhost' ;
SHOW GRANTS shows the grants for the current user.
Note that "root#localhost" is not the same user as "root#192.168.3.1". MySQL identifies a user by both user AND host. (Those are two different users.)
FOLLOWUP
The SUPER and REPLICATION CLIENT privileges are global privileges, not database privileges. Syntax for granting those privileges is ON *.*. For example:
GRANT REPLICATION CLIENT ON *.* TO 'root'#'192.168.1.5' ;
I want to grant a user (my program) all access rights to a given database - read/write, even delete.
It is important that, after deletion (and, initially, before it ever exists), the user be able to create the database - but only with a given database name and the user should have no access to anything other than this database.
I am at a loss of the GRANT ...
The database does not have to exist to grant access to it. As a privileged user such as root you can do
mysql> grant all on dooda.* to 'dooda'#'localhost' identified by 'dooda';
mysql> exit
then
jason:>mysql -u dooda -p
Enter password:
etc
mysql> create database dooda;
Query OK, 1 row affected (0.00 sec)
but you can't
mysql> create database somethingelse;
ERROR 1044 (42000): Access denied for user 'dooda'#'localhost' to database 'somethingelse'
and if you
mysql> drop database dooda;
Query OK, 0 rows affected (0.00 sec)
mysql> create database dooda;
Query OK, 1 row affected (0.01 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| dooda |
| test |
+--------------------+
I'm trying to revoke privileges from a given user, say mysqluser1. I try, as root, revoke all privileges, grant option for mysqluser1#localhost;, then I flush privileges. When I check grants, I see that mysquser1 still has privileges. What am I doing wrong?
Below is the excerpt in question:
mysql> show grants for mysqluser1#localhost;
+---------------------------------------------------------------------------------------------------------------------+
| Grants for mysqluser1#localhost |
+---------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'mysqluser1'#'localhost' IDENTIFIED BY PASSWORD '*ALPHANUMSTRINGHERE' |
+---------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> revoke all privileges, grant option from mysqluser1#localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for mysqluser1#localhost;
+---------------------------------------------------------------------------------------------------------------------+
| Grants for mysqluser1#localhost |
+---------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'mysqluser1'#'localhost' IDENTIFIED BY PASSWORD '*ALPHANUMSTRINGHERE' |
+---------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql>
#spencer was faster, but I was also going to ask, if you are trying to get rid of all privileges, then why do you need the user?
To remove a user account entirely, use DELETE. As of MySQL 4.1.1, you can also use DROP USER to remove users
The USAGE privilege specifier stands for "no privileges." It is used at the global level with GRANT to modify account attributes such as resource limits or SSL characteristics without affecting existing account privileges.
http://dev.mysql.com/doc/refman/5.5/en/privileges-provided.html
AFTER update user set host='%' where user='root, I lost some of the privileges from my MySQL root user. So I stopped the server and started it with --skip-grant-tables
msqld --skip-grant-tables
and I tried
mysql>update mysql.user set grant_priv = 'Y' where user = 'root';
Query OK, 0 rows affected (0.00 sec)
mysql>FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)
This doesn't work for me. When I log in as root, I still can't see the MYSQL database.
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.00 sec)
Please help. I've tried all the solutions still can't restore the privileges for ROOT, always got the "0 row affected" result.
Try
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
Update
Run this command to check your current privileges
SHOW GRANTS FOR CURRENT_USER;
It is a bad practice to insert/update/delete from mysql.* tables and information_schema.* tables using direct SQL DML statements.
Update 2
Can you post the results of this command
SELECT (
Host,
Grant_priv,
Super_priv
)
FROM mysql.user
WHERE user = 'root';
All of the _priv columns should have a value Y. And the Host should be localhost.