Hey I'm trying to grant my USER in mySQL the DBA role, because we are connecting to a AWS amazon server but no matter what we do, we can't grant that role to our user admin5 that's in the only user that we created. So please help because we need that privilege to create a Job that sends emails automatically at midnight.
This is how you can grant privileges to other users:
WITH GRANT OPTION clause gives the user the ability to give to other users any privileges the user has at the specified privilege level.
You can check if your user has this option by running show grants for 'youruser'#'yourhost';
The root user usually has these privileges by default. Try logging in with root and granting the permissions you need.
Also, presumably your cron that you are going to be running does not need to have DBA permissions. Here is a list of Mysql permissions and what they do. Select and execute privileges would probably be sufficient enough for what you need.
Related
I switch to MySQL 8 recently; earlier I was using MySQL 5.7 in GCP. I know questions like this have already been asked, but I didn't have any luck. My question is, I want to create a new user just say 'user1' and grant all privileges to a user account on all databases.
The query I am using for user creation:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
For privileges:
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
This privileges query used to work on MySQL 5.7, but when I try to run this query in MySQL 8, I get this error (I logged in as root user and MySQL is in GCP):
SQL Error (1045): Access denied for user 'root'#'%' (using password: YES)
I also tried to run this query one after another like this:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
But still I get the same error. I came to know that in MySQL 8 localhost root user have all the privileges, but my server is in Google Cloud, so how can I grant all the privileges to the user I created?
When I run this query in the mysql-8 (I am using HeidiSQL to connect the DB and run query)
SELECT * FROM mysql.user;
I got this output:
In this there are two root users:
For one host is localhost/127.0.0.1 (With all the privilege).
For other host is % (Not have any privilege).
I think I logged in as a user with host-% because my server is in GCP, that's why I cannot give any privilege to the user that I have created. So is there any way to give full permission to the
root#%
so that I can give full permission to the other users, Because I don't think there is any way to log in as a root#localhost
The problem here is that you are trying to create a super user, which is not something supported in cloud SQL, as you can see in this documentation:
Cloud SQL does not support SUPER privileges, which means that GRANT ALL PRIVILEGES statements will not work. As an alternative, you can use GRANT ALL ON %.*.
This alternative mentioned could be enough to grant the permissions you expected.
I had no problems making a test MySQL server and applying permissions a week ago with their MySQL 5.7, but trying out the new 8.0 version, I can't seem to alter permissions as easily, if at all. I'm logged in as root remotely, but a local cloud shell instance does the same.
I'm trying to create a new user that only has access to one database, but I can't seem to get past the part where I revoke all default permissions first.
My method:
CREATE USER 'test_user'#'%' IDENTIFIED BY '{password}';
Gives no error. (I've also tried creating a user through GCP's admin panel)
SHOW GRANTS FOR 'test_user'#'%'; returns GRANT USAGE ON *.* TO `test_user`#`%` (I assume this means the new user has full permissions?)
Then, trying to remove all privileges to start fresh with the user,
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'test_user'#'%';
shows:
Error: UNKNOWN_CODE_PLEASE_REPORT: Access denied for AuthId `root`#`%` to database 'mysql'.
I'm pretty new to Mysql, so I'm unsure if this is my fault or just a bug. Thank you!
First, I would like to point out that GRANT USAGE ON *.* TO test_user#% means the inverse, it means that the user has no privileges ! ( more info: Mysql Reference )
Secondly, I think that's what causing the error is the ALL PRIVILEGES keyword, it may have been removed in v8.0, so just go straight after user creation and grant him the privileges that you want on a table/database.
I have a MySQL database which is hosted in Azure, and I'm accessing it through MySQL Workbench in my laptop. The point is that when I want to execute some commands I get error message saying I don't have enough privileges. I tried to access the Users and Privileges section in MySQL Workbench, but I got the message saying:
The account you are currently using does not have sufficient
privileges to make changes to MySQL users and privileges.
Where can I give superuser privileges, so that I can execute every command from my MySQL Workbench?
The privileges is only related to the user, the client you use has
nothing to do with it, so whether you use a workbench or a CLI, it
does not matter.
In MySQL privileges are arranged to different "user", and "user" are composed by "username" and "host" (from where you login the mysql), so basically, a user in mysql who own specific privilege looks like:
'foo'#'192.16.22.231', 'bar'#'10.3.243.%' ..
How to improve all the privileges to a specific user? do this as a super user:
GRANT ALL PRIVILEGES ON \*.* TO YOUR_USER
super user is usually 'root'#'127.0.0.1', since you have to grant to your specific 'user', you have to know the IP address from which you login
If you think above is a little complicated and your mysql is just fast-installed and simple configured, you can just try this and maybe it helps:
login as 'root' or mysql
execute this:
GRANT ALL PRIVILEGES ON \*.* TO 'your_user'#'%';
Execute SELECT * FROM mysql.user WHERE user = 'your account'\G in your client. If All the priv column is 'Y', your account has superuser privileges.
You can also try UPDATE mysql.user. Then, execute flush privileges; to make your changes effective.
Execute GRANT ALL PRIVILEGES ON \*.* TO 'your_user'#'%'; to add a new superuser privilege account.
If all the above operations are not allowed, please call the Azure support. In cloud database, some system databases may be not be allowed to access.
I had solved this issue by doing:
UPDATE mysql.user SET Grant_priv = 'Y' WHERE User = 'root';
This can be "dangerous" if you do not know what are you doing ;-)
I want to code an application which, when it runs for the first time on a user's machine, will create a new database, then create a new user and grant it access to the database.
I can manage that, but I want only that user and no other to be able to access the database.
So, just in case the existing installation has superuser where root has access to everything, I would like to revoke for all but the newly created user.
How do I do that?
I am guessing something like
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysql.user WHERE user<>[single user name] but can't seem to get it right.
I guess that I have to FLUSH PRIVILEGES afterwards?
You can ONLY give privileges to access database for your user - using GRANT command.
All other users, except root users, should not have such privileges.
Do you need to run FLUSH PRIVILEGES after GRANT/REVORE? No, you do not need. That is all)
creating users through mysql admin, but unable to login mysql command line
following on-line suggestions, as root issued
grant all on *.* to new_user;
it worked, but security-wise was a mess, so issued
revoke all on *.* from new_user;
now new_user can still connect, but security is sane as set in mysql admin
to me this is thoroughly hocus-pocus. what's really going on, and how do you really enable login?
this seems to be a MySQL Administrator problem (thanks #marco). if the same GRANT is issued in mysql command line, the user can log in; but it the grant is issued in Administrator, the user cannot log in.
as #marco pointed out, any access will grant mysql login access to the user, eg, SELECT privileges - but they need to be entered in msql command line.
That's because when you first use GRANT, user is created automatically; when you revoke privileges, user remains...
Check this link.
First you should give your user only the privileges he really needs.
Second: give the user access only to db or tables he should see/work on.
Example:
GRANT SELECT,INSERT,UPDATE ON mydb.* TO 'jeffrey'#'localhost';
or
GRANT SELECT ON db2.invoice TO 'jeffrey'#'localhost'
IDENTIFIED BY PASSWORD 'sdsd';
EDITED:
Just to prove what I'm saying:
enter mysql console (mysql -u root -p) and type
USE mysql;
SELECT * FROM user;
You'll see users MySql has inside.
Well, now use GRANT as you please on a user which does not exists yet; then repeat SELECT * FROM user;: you'll see new user created!!