I am using mysqlworkbench to connect to a remote mysql database using a user 'userA'. I am able to select from tables, see the list of functions and stored procedures. I am not able to view/see the code of these functions and stored procedures. Is this because they are defined on the mysql server by user 'root#localhost'? How can I get the user 'usera' to edit view and edit these using mysqlqorkbench?
I assume you have MySQL Workbench.
Just log in with the root user. Go to the Menu "Server->User and Privileges". There you'll see all the users in the left panel. Select 'userA' and then select 'Schema Privileges' from the tab right. Now select the schema on which you want to grant the rights. At the bottom you can see possible rights that can be assigned to the user. Select appropriate rights and Save.
I have MySQL Workbench 6.2.5.0. If you have a different version, please locate the User and Privileges accordingly. Hope that helps!
Related
Why would a user with permission to only select be able to edit a record in phpMyAdmin? How can I prevent the edit?
This is the permissions screen:
If the user is able to edit and save the row in phpMyAdmin, it's because the rights at the MySQL level permit this action. Ultimately it's MySQL that controls what is possible, not phpMyAdmin. Note that it's a combination of username + hostname that applies, so maybe there is the same username with a different hostname that is defined. Also, there can be rights at the global, database, table and column levels.
Error in processing request: No routine with name 'daily_difference' found in database 'chamelis_wp'. You might be lacking the necessary privileges to edit this routine.
If you are using phpMyAdMin (pma) under cPanel, this error results from the fact that cPanel creates a temporary user for every session to log into pma, and therefore the database. If you are working in a hosted environment where you cannot be granted SUPER privileges, and you are creating routines, you are in trouble. Read on.
Stored routines (procedures and functions) in MySQL/Mariadb have a property called DEFINER. This stores the username of the the database user who "owns" that routine. If a db user opens phpMyAdmin (pma) and creates a new routine without explicitly declaring the DEFINER, DEFINER will be populated with the current username. Only a db user that has SUPER permissions can create a routine and declare another user as the DEFINER. Non-SUPER users can only declare themselves as the DEFINER, or leave it blank and the db does it for them. So the db user that you are logged in as gets to be the DEFINER for all routines you create during that session.
The problem you have encountered arises because
a. only the DEFINER of a routine, or a user with SUPER permissions, can edit or export a routine. If a (non-SUPER) user logs in to pma and tries to edit or export an existing routine, then unless they are the DEFINER of that routine they get the error you are seeing, and they cannot access the routine.
b. Even if you have created database user accounts in cPanel, cPanel will not use any of these to launch pma. Under cPanel you are automatically logged using a temp username that it generates. You do not get to see the pma login page - the login happens off-screen - and you are taken straight into the pma home page. You have no control over the username/password used.
d. When you start a new cPanel session (e.g. at the start of each day's work), cPanel changes the temp db user name that it uses to log you into pma. cPanel usernames all have this pattern: "cpses_db...#localhost", where the dots are filled alphanumerics like "hmxbj8s2". I have just logged in and the pma home page tells me that the current database user is "cpses_dbhmxbj8s2#localhost". If I close pma, log out of cPanel, log back into cPanel then reopen pma, the db user name will change. I just did that and the db user for this new session is "cpses_db0z35t107#localhost".
e. If I had created a new routine during my previous session, then the DEFINER for that routine would still be "cpses_dbhmxbj8s2#localhost". Now that I am logged in as "cpses_db0z35t107#localhost", I cannot edit or export that routine. Without a backup or copy of that routine, I have completely lost access to it (it is now, effectively, "orphaned"). The only way to get access is to recreate it using a script without a DEFINER statement in the current session so the the current db user becomes the DEFINER. That user can now edit the routine. This means that every day you would have to recreate all the procedures you want to work on. If you forget to export all the routines changed during the previous session, then you have LOST THOSE CHANGES.
f. Another problem is that if you are also connecting to the database externally using e.g. MySQL Workbench, logging in using a db user you have created, then you can do everything except edit any routines created under pma because these have "cpses_db..." user as the DEFINER.
THE SOLUTIONS:
Install your own copy of pma in your hosted enviroment if that option is available in cPanel. This will have to be installed in a folder in the public-html section of the site so you can access it directly from your browser e.g. https://example.com/pmamyadmin/index.php. Login using a user you have created for your database. This user becomes the DEFINER for all your routines and so long as you always use this username, you can always access your routines. (Never use cPanel's pma!)
Be aware that having a copy of pma in the public_html section of your site introduces security issues. Definitely require passwords in pma's config and if practical use .htaccess to limit access to just your IP, etc. But that's another topic.
Always access the database externally (assuming your host permits this) using a local copy of pma or another client like MySQL Workbench. Again, this allows you to control the username for every session.
FINALLY
If neither of these works for you and you must use cPanel's pma, then export all your routines at the end of every session and recreate them (with no DEFINER statement) at the start of the next session. Currently pma doesn't include the DROP in the routine export function (there a change request in for this) so you have to use a database export to get them included. Unless you want a full backup anyway, you just need to export the structure of one table to get this export to work. Make sure you click the "Include DROP..." and "Include Routines..." in the export definition. Edit the export to delete the table definition and globally replace the "DEFINER=cpses_db...#localhost" with "" before using it to recreate the routines next session.
Hope that helps.
I FIX THIS ISSUE IN CPANEL
This shows that there is lack of routines ( Function, Procedures ) privilege for the current user. This will cause even the edit button of routines to be disabled.
In CPanel there is default user that you can not manage their privileges, So, you can not add or remove their privileges.
<<<<< HOW I FIX IT >>>>>:
FIRST
Drop all routines(Function, Procedure) that you have no privilege from your database
SECOND ( import sql file again )
Find the sql file used to import database and remove DEFINER=root#localhost everywhere.
Then import Edited sql file after remove DEFINER=root#localhost .
I think this solution can help someone.
Thanks
It sounds like you don't have permission to edit it, or you're trying to edit it from the wrong DB (schema). Run the following to see which DB it is on:
show function status like '%daily%';
show procedure status like '%daily%';
Are you trying to edit it by executing a statement or by using the gui? If by executing a statement, can you provide your statement? If by statement, make sure you've run this first:
use db_name_here;
Then try to edit your routine again.
Did your user create the procedure, or another user created it? You may not have permission to modify an user's procedure. You can see who created it by running:
show create procedure daily_difference;
Then see if you have permission to edit procedures by running the below statement - you need "ALTER ROUTINE" privilege:
show grants for Your_username_here;
If a user with super privilege created it, you won't be able to edit it - you'll need them to, or you will need to get super privilege.
I'm replying partly as I have a work around and partly for the comedy, as GoDaddy sent me this page as a solution to this problem where, yes the problem is defined but no, there's no solution.
I had to rebuild my SPs in phpMyadmin but for the DEFINER where root#localhost was present, using an account I had created and could use - account#localhost. cPanel doesn't expose the root account AFAIK.
I didn't have all my SPs' definitions elsewhere. But I found that in cPanel \ files \ backup \ the files from there of the MySQL DBs had the SP definitions. That may not be in your hosting package. Backing up from phpMyAdmin didn't help as I still lacked the privileges to make the back up with the definitions.
I have a MySQL database hosted on Dreamhost. I've defined a single user for that database, with full rights.
I've just started using MySQL Workbench. I had no trouble connecting to the database. But when I try to view the contents of stored procedures that I created using the web client provided by Dreamhost, I get nothing. By nothing, I mean that right-click | Send to SQL Editor | Create statement does nothing. No new tab, no error message, nothing. Ditto for right-click | Send to SQL Editor | Procedure Call. Ditto when clicking the wrench or lightning icons.
Based on something I found online, it appears to be a rights issue. But when I choose Server | Users and Privileges to try to fix it, I get this message:
"The account you are currently using does not have sufficient privileges to make changes to MySQL users and privileges."
How can that be when there's only one user and that user has all rights?
For me although I granted full privilege on that database, I still cannot view it's store procedure.
So I have to run this:
GRANT SELECT ON mysql.proc TO yourusername#'%';
Problem solved !!
On mysql 8.0.20+ run this to give a user permission to view the procedure:
grant show_routine on *.* to <MYUSER>;
Run this to give the user permission to edit and run procedures:
grant execute, create routine, alter routine on <MYDB>.* to <MYUSER>;
I was able to solve the immediate problem by opening the SP in phpAdmin on the Dreamhost site and cutting and pasting the code into MySQL Workbench, recreating the SP from there. That does seem, however, to keep me from editing the SP on Dreamhost. Clearly something's still wrong, but I can move forward.
I was wondering if it was possible to have 1 database, but multiple logins (so that when a developer leaves, we don't have to change the entire db password and all instances of it).
If that's possible, how would I do it? (I have NO experience with phpmyadmin aside from code related queries, I'm doing research for a friend who would be able to implement it)
Thanks in advanced!
phpMyAdmin has a simple way of creating new SQL users. From the home screen, click on the database in the left column for which you want to add a new user. Click on the Privileges tab. At the bottom, there is a command labeled, "Add new user"; click that. Type in the username and password that you want to assign to the account. To restrict the user to that database, select "Grant all privileges on database."
Note: I'm using phpMyAdmin 3.4.7.1.
Yes that is possible. If you are using localhost, just login and create a new user and give the privileges for the database.
http://wiki.phpmyadmin.net/pma/user_management#Creating_a_new_user
If you are hosted server on Linux, there is an option to create new users and and assign to the databases with different privileges.
Yes, it's quite simple. PhpMyAdmin validates logins against MySQL's user permissions list. Simply create multiple MySQL users with full privileges on the DB in question and give each admin their own user.
It's easy to set this up from directly inside PhpMyAdmin. Just log in as a high-privilege user and click the "Privileges" tab. Then "Add New User" and specify the username, the host (generally localhost), a password and then create the user (with no privileges checked). Once the user is created, go back to the user list on the Privileges tab and click the edit button next to your new user. Then, under "Database-specific privileges", select the database you'd like to grant privileges... then just select all the rights you want to give this user and click "Go". This new MySQL user and password can now be issued to an admin so he/she can log into PhpMyAdmin, and it revoked at any time in the future.
Using SQL Server 2008 Express
I created a new database then restored a copy of a database over it. A sql user exists in the database backup so has been added to the database through the restore operation. When I try and delete this user I get:
"The database principal owns a schema in the database, and cannot be dropped"
This is confusing. The user doesn't exist yet, but it owns a schema? Why can't it be deleted?
Next if I add a user with that user name and a valid password, then the user can't even connect to the database.
This has always bugged me, what is the reason and how do I fix this?
It's probably because you restored the database and the user was already in that database at the time of backup. Repair the user-login association with
sp_change_users_login 'Auto_Fix', 'username'
http://msdn.microsoft.com/en-us/library/ms174378.aspx
also see
http://www.fileformat.info/tip/microsoft/sql_orphan_user.htm
sp_change_users_login didn't work for me.
But this did:
SELECT s.name
FROM sys.schemas s
WHERE s.principal_id = USER_ID('user')
Then, take each record listed above and replace SCHEMA_NAME with the schema returned with the following statement
ALTER AUTHORIZATION ON SCHEMA::SCHEMA_NAME TO dbo
After I did that for each record, I was able to delete the account.