Hide MySQL database from unauthorised/different user - mysql

I am working on a SQL query using MySQL.
I had logged in to default user 'root', and created/ added two new user "user1" & "user2". Under each user I created one database "database1" and "database2" respectively and gave ALL PRIVILEGES.
Here goes my question now.
How can I hide "database1" from "user2" and "database2" from "user1"...?
Is it possible..? Please help thank you..

Instead of Grant all privileges on *.* to 'user1'#'IP'; & Grant all privileges on *.* to 'user2'#'IP'; You need to revoke all privileges on *.* from 'user1'#'IP'; & revoke all privileges on *.* from 'user1'#'IP'; That way they cannot see all databases.
Then only grant privileges on the databases that each user needs to see/access by executing GRANT ALL PRIVILEGES ON database1.* TO 'user1'#'IP'; & GRANT ALL PRIVILEGES ON database2.* TO 'user2'#'IP'; This is of course assuming you want each respective user to have All privileges on their databases.
Don't forget to flush privileges after running the other commands.
Note: not sure what your IP range is or if you are using wildcard (%), so I just put IP.
When in doubt in the future please refer to dev.mysql

Related

Not enough privileges to grant privileges leading to error 1045. AWS [duplicate]

i need to grant all privileges for user master to the database 'mysql'(i mean the database not the server) on amazon RDS
i am trying to use
GRANT ALL PRIVILEGES ON mysql.* To 'master'#'aurora-wqeqwe-rdscluster-1jjch50tq2n3s.qrwerw-2.rds.amazon
aws.com' IDENTIFIED BY 'm3vyrtywrsY026y';
You can't grant SUPER privilege on RDS, so you can't use the ALL PRIVILEGES shortcut.
Sorry, you must name the privileges you want to grant explicitly, even if it means listing every privilege except SUPER.
You also can't grant privileges you don't have. I'm not sure your user has privileges to the mysql database. You can find out what privileges you have with SHOW GRANTS.
In your example is "master" any user or is it the name of your RDS Master User account? For the latter take a look at https://aws.amazon.com/premiumsupport/knowledge-center/duplicate-master-user-mysql/
I was also stuck with the same problem a while ago ad came across with this solution GRANT ALL PRIVILEGES ON '%'.* To 'master'#'aurora-wqeqwe-rdscluster-1jjch50tq2n3s.qrwerw-2.rds.amazon
aws.com' IDENTIFIED BY 'm3vyrtywrsY026y';
This worked for me.
for more information you can check the following link
http://www.fidian.com/problems-only-tyler-has/using-grant-all-with-amazons-mysql-rds

MYSQL v8 Privileges

MySQL v8
command line and with phpmyadmin
I am logged into mysql as root (FULL Privileges) and I am trying to assign ALL privileges on a specific database to a user.
It gives them all privileges but DOES NOT allow Administration GRANT on the database (See Attached)
This is the same result for direct command line or phpmyadmin
Any ideas please?
Thanks in advance
P
You must GRANT ALL PRIVILEGES ... WITH GRANT OPTION.
That means you grant all the privileges to the target user, as well as the privilege to grant those privileges to others.
Read https://dev.mysql.com/doc/refman/8.0/en/grant.html:
The optional WITH clause is used to enable a user to grant privileges
to other users. The WITH GRANT OPTION clause gives the user the
ability to give to other users any privileges the user has at the
specified privilege level.
To grant the GRANT OPTION privilege to an account without otherwise
changing its privileges, do this:
GRANT USAGE ON *.* TO 'someuser'#'somehost' WITH GRANT OPTION;

Why won't my mysql grant privilege to user?

Oddly enough it seems my mysql will not allow creating a user with access to a specific database. Using MySQL Workbench:
CREATE USER 'testUser'#'localhost' IDENTIFIED BY 'thepasswordhere';
GRANT ALL PRIVILEGES ON testDatabaseName TO 'testUser'#'localhost' WITH GRANT OPTION;
SHOW GRANTS;
I see nothing mentioning granted privileges for the created user. This explains why I get mysqli::mysqli(): (28000/1045): Access denied for user 'testUser'
What step am I missing?? Update: Even when I mistype the username I still get a success with 0 rows affected: GRANT ALL PRIVILEGES ON testDatabaseName TO 'testkUser'#'%' WITH GRANT OPTION; so I think something's seriously wrong with my local mysql. Any ideas on a fix?
CREATE USER 'testUser'#'localhost' IDENTIFIED BY 'thepasswordhere';
GRANT ALL PRIVILEGES ON testDatabaseName.* TO 'testUser'#'localhost' WITH GRANT OPTION;
SELECT sql_grants FROM common_schema.sql_show_grants;
What changed? I simply added a .* after database name. It's necessary so the user has access to all tables inside the database.
Also for the latest mysql, I believe you need to put user password when using grant.
So do as follows:
CREATE USER 'testUser'#'localhost' IDENTIFIED BY 'thepasswordhere';
GRANT ALL PRIVILEGES ON testDatabaseName.* TO testUser#localhost IDENTIFIED BY 'pass' WITH GRANT OPTION;
FLUSH PRIVILEGES;
SELECT sql_grants FROM common_schema.sql_show_grants;
As mentioned by Michael in the question comments:
SHOW GRANTS FOR 'testUser'#'localhost';... otherwise, SHOW GRANTS;
shows your privileges -- the ones associated with the account that is
currently logged in.

Users and Privilages in Mysql Workbench

What could be the reason for the following cause. "I did press the revoke privileges button"
The REVOKE statement enables system administrators to revoke privileges from MySQL accounts.
With this, you deleted all the privileges of your user like global, database, table, column, and routine privileges for the user.
The database administrator must provide the privileges of your user with GRANT command.
GRANT ALL PRIVILEGES ON *.* TO 'myuser'#'%' WITH GRANT OPTION;

Grant privileges to user in MySQL

From the control panel of my website I have created a new MySQL(5) database Test and a new user admin with password 123. I have tried assigning privileges to the user admin using:
GRANT ALL PRIVILEGES ON *.* TO 'admin'#'localhost'
or
GRANT ALL PRIVILEGES ON *.* TO 'admin'#'Test'
I keep getting the following error:
#1045 - Access denied for user 'admin'#'%' (using password: YES)
I need the following privileges for the user admin:
CREATE, ALTER, DELETE, INSERT, SELECT, UPDATE, LOCK TABLES
How do I make that in a query from phpMyAdmin?
I guess you are trying to change privileges of 'admin'#''%' being logged in as that user. This is strange.
You can display which user you are logged in as using
SELECT USER();
Then check grants that account already has:
SHOW GRANTS FOR 'admin'#''%';
We came to the conclusion you have
GRANT ALL PRIVILEGES ON `Test`.* TO 'admin'#'%'
That says you already have all privileges on all tables in database Test. You cannot further grant those privileges to other users, though (otherwise there would be WITH GRANT OPTION).
During the installation of MySQL, root user is always created. Use it to grant privileges to other accounts.
More info in manual:
2.10.2. Securing the Initial MySQL Accounts
6.3.2. Adding User Accounts
After run these statements try to execute FLUSH:
FLUSH PRIVILEGES;
From MYSQL Reference Manual :
(...) If you change the grant tables directly but forget to reload them, your changes have no effect until you restart the server. This may leave you wondering why your changes do not seem to make any difference!
To tell the server to reload the grant tables, perform a flush-privileges operation. (...)
Login as a root user then grant all privileges to admin user.
GRANT ALL PRIVILEGES ON `test`.* TO 'admin'#'localhost';