How can I give one user the identical set of privileges as another (pre-existing) user?
I can do:
SHOW GRANTS FOR 'user1'
But not:
GRANT (SHOW GRANTS for 'user1') to 'user2';
or
CREATE USER 'user1' LIKE 'user2'
So I can't see a way programmatically add all these grants a different user2 in an SQL way (other than writing a script in an app language to iterate thru that SHOW GRANTS)
Maybe there is a way going to the mysql.user table? Or is that a bad idea in general? I am not particularly knowledgeable about, or comfortable messing around with, that table.
Related
I have made a database called hospitals but when I try and grant my user privileges to the database I get an error back.
My code:
input:
CREATE USER 'axel'#'%' IDENTIFIED BY '123'
output:
Query OK, 0 rows affected (0.19 sec)
input:
grant all on hospitals.* to 'axel'#'localhost';
output:
You are not allowed to create a user with GRANT
How do I fix this? I have tried different things but nothing seems to work and I keep getting the same error message.
The user 'axel'#'%' is not the same user as 'axel'#'localhost'.
You created the former with CREATE USER, then you try to use grant for the latter user, but that user doesn't exist.
MySQL used to allow you to create a user implicitly by granting privileges, but they disabled that specifically for cases like yours. The problem being that since you didn't realize these are different users, your GRANT would have inadvertently created 'axel'#'localhost' as a new user with no password. This was considered a security risk.
I am trying to revoke select privilege from a particular table from a MySQL DB.
Database level restriction is working but table level is not.
When I write "show grants"
This is what I get :
| GRANT USAGE ON *.* TO 'rachit'#'localhost' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |
| GRANT ALL PRIVILEGES ON `test123`.* TO 'rachit'#'localhost' |
| GRANT INSERT, UPDATE, DELETE ON `test123`.`names123` TO 'rachit'#'localhost'
As you can see above I want to
revoke select privilege from rachit user on 'names123' table of 'test123' database, but SELECT is working.
I have attached a screenshot below for better understanding.
https://ibb.co/GRtjXX7
If you GRANT ALL ON test123.* TO 'rachit'#'localhost' you cannot remove one table by running REVOKE ALL ON test123.* TO 'rachit'#'localhost'.
some DBMS systems specifically DENY option for specifically denying access to specific table but this is not the case for mysql.
you may consider to write script and give access to each table one by one
Discussion:
If it wasn't specifically GRANTed, it can't be REVOKEd. This is an unfortunate side effect of the not-so-user-friendly Grant/Revoke syntax and implementation.
You can use a SELECT against information_schema.TABLES to automate the discovery of all the other tables. And have the SELECT build the desired GRANTs.
Possible workaround:
Another approach to your particular problem is to move that one table to a different database. Then GRANT different permissions to that db.
I want to see the GRANTS for all the users on a concrete DATABASE.
I use
SELECT * FROM mysql.user;
but it shows the GRANTS for all the databases (I suppose).
I want to see, for example, if I apply:
GRANT ALL ON Movies TO 'jNavarro';
I want to see how the GRANTS are changed to Y on the Movies Database, because If i apply the SELECT shown before the Grants for jNavarro doesn't change.
Thanks
If you are an admin then running this will get you what you want
select user from mysql.db where db='DB_NAME';
I have created the user on MySQL and grant SELECT access on some tables. I only want this user has SELECT access on these tables, nothing else. This is my query for creating the user and granting access:
create user 'test'#'localhost' identified by '123test';
grant select on APE.CertificationAttachment to 'test'#'localhost';
The problem is when I use this user login, I can not see anything under schema in Workbench. I try to login at other tools such as Dbeaver but the table and schema still don't show up. I tried to give schema privilege to the user, but that action will either give select access to all table or show the entire schema.
So my question is how should I do to make the users see the table and only these table that they have SELECT access to.
i'm looking for a way to find all privileges for a specific user.
Provided I have a User "John" who has read-only rights on some tables, is there any "select" or "show" to retrieve me the names of the tables "john" has the rights for? So far, i looked in information_schema but couldn't find any specific information on grants for tables.
Or if i set up a role via mysqlworkbench, where is the formation on this role stored in?
how can i manually assign a new user to this role?
Thank you!
SHOW GRANT FOR user will display multiple rows of data for the user.
SELECT * from mysql.user where User = 'user'
will get the grants for the whole server.
SELECT * from mysql.db where User = 'user'
will get the grants by database.
mysql.tables_priv mysql.columns_priv, and mysql.procs_priv show the fine-grained grants if any happen to exist.