As the title said, I'd like to get some information of the user who is executing the SQL statement in MySQL. For example, if some SQL statement is executed by a user called 'work', how could I got the user name and host with trigger before it is actually executed in MySQL.
Actually, I just want to monitor some actions, like DELETE, in MySQL. And I'm not sure the binlog can record the username and host who executed the SQL statement.
SELECT * FROM information_schema.PROCESSLIST WHERE USER="someuser";
Now it is up to you what you use. Write a cron job (linux) to store it into a file or write a MySQL event to enter it into a MySQL table.
The user#host that you appear to be looking for is available from the USER() information function.
https://dev.mysql.com/doc/refman/5.6/en/information-functions.html#function_user
Related
I'm looking for a stored procedure or something to log user-logins to mysql.
Users will have to be in a positive list.
I need to log user, login time, ip/hostname and query ( query not essential, but a nice-to-have).
My major problem is that I cannot do it via general query log, as is generates +23Gb of log per instance/day (i have 18 instances) and I don't have capacity for it.
I was thinking somewhat in lines of stored procedures, but cannot get my head around it, but not sure if it is the right way to go about it.
Capacity expansion is not an option.
Platform is:
CentOS Linux release 7.3.1611
mysql-community-server-5.6.36-2
Any thoughts on how to solve my issue are welcome.
You may be looking for the mysql init_connect system variable :
A string to be executed by the server for each client that connects. The string consists of one or more SQL statements, separated by semicolon characters.
So basically you want to create a table where logins will be logged, and set the init_connect system variable to something like :
INSERT INTO my_logging_audit
SELECT USER(), NOW()
WHERE USER() IN ('foo', 'bar');
I'm using wordpress and mysql, and i have to setup a MySQL trigger to verify data entered into the logged in users profile.
The only way I can see is by setting up a trigger so that when wordpress tries to UPDATE the data in the MYSQL database, the trigger will fire allowing me to check the data before its updated.
However the data verification depends on which user is logged in, and i cant figure out how to find out the current user ID using MYSQL alone without PHP wp_get_current_user() since i cant call that from MySQL trigger procedure.
Anybody knows how to do it?
Thanks
there is already a function called get_current_user_id()
Else you have to implement a SQL-Query like "SELECT ID from $tablename WHERE username=?"
I am monitoring a table in real-time, let's say the table name is user_stats, which keeps a record of users logging into my website and I am monitoring as to how many users have logged in, the query I am using is simple SELECT * FROM user_stats
Now, since the project is live and users are coming logging-in in real time, I am running the same script again and again. Is there a way such that I can tail the query and not run it manually, maybe like an infinite loop? I am using MySQL and running the query in ubuntu terminal.
If you want to run a Query,Stored Procedure in a Specific date and time without executing by a user you can do it by using:
Event
Mysql Event is a very powerful tool to execute a query or any, "Automatically" by setting up the execution date and time.
I've found that it's possible to grant user access to only specific tables in a DB. The next part of the puzzle is restricting the scope of select queries.
Should my frontend server ever be compromised by someone able to script, they may attempt to use mysql credentials from the server to dump the database.
If everything is limited to only select, update, and insert queries via mysql privileges, the supposed malicious user could still select * on the tables the mysql user has access to. Perhaps I'm overly paranoid, but I'm wondering if anything can be done to restrict that too.
The assumption here is that if the server is compromised, the mysql user can be used via a script on the server to get a copy of everything in the DB. I'm trying to find the options to protect my (and my users' data).
By design, the frontend application that will use this mysql user will never need to return more than 20 rows (mostly due to hardcoded . I'm therefore happy to restrict the mysql user from ever getting more than 20 rows from a select query.
Can this be done using mysql privileges for that mysql user?
You could create view as select ... limit 20, remove select privilege from the table and grant it only for the view instead.
Short version: How can I write an SQL procedure to list which of several tables in a MySQL database a particular user has access to?
Longer version:
I'm writing a multi-user app that accesses a database with data for several branches of a company. The database has a number of lookup tables that any user can access, and a table for each branch that only authorized users can access. My strategy is:
Write a stored procecure that returns a list of the relevant tables for which the user has SELECT privilege.
From the app, call the procedure. If there's only one table returned, use it, otherwise let the user select which branch they want to access (e.g. for managers).
I'm having trouble figuring out how to write such a stored procedure. SHOW GRANTS FOR CURRENT_USER is an obvious possibility, but parsing something like:
GRANT SELECT ON Company.BranchABC TO 'auser'#'%clientdomain.com'
in SQL to figure out what the tables are seems way too messy. Doing a SELECT from the actual tables that hold the permissions also seems problematic, because I'd have to duplicate MySQL's logic for combining the permissions from the various tables (user, db, host, etc.)
Any words of wisdom?
You can see what privileges on which tables a user has:
show grants for 'user'#'host';
For example, to see the privileges of user1 (all machines in the network 10.25), run:
show grants for 'user'#'10.25.%.%';
I have never granted per table permissions to MySQL users before, but to do this, you would check that the TABLE_PRIVILEGES table in the information_schema database.
That should point you in the right direction.
MySQL users list and its privilege can be check with the Query.
select * from mysql.user\G;
http://www.thedevheaven.com/2012/04/retrieve-mysql-users-list-and-its.html