I have two databases in mysql:
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| app |
| app_dev |
+--------------------+
I have two play framework servers running, one using app and one using app_dev. The server connecting to app is local to the machine running mysql. The server connecting to app_dev is remote. I think I've setup the permissions correctly:
mysql> show grants for 'app_dev';
+------------------------------------------------------------------+
| Grants for app_dev#% |
+------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'app_dev'#'%' IDENTIFIED BY PASSWORD 'pwd' |
| GRANT ALL PRIVILEGES ON `app_dev`.* TO 'app_dev'#'%' |
+------------------------------------------------------------------+
mysql> show grants for 'app'#'localhost';
+----------------------------------------------------------------------+
| Grants for app#localhost |
+----------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'app'#'localhost' IDENTIFIED BY PASSWORD 'pwd' |
| GRANT ALL PRIVILEGES ON `app`.* TO 'app'#'localhost' |
+----------------------------------------------------------------------+
Yet for some reason, when I try to start play on my development machine, I get the response: MySQLSyntaxErrorException: SELECT command denied to user 'app_dev'#'2.ipn.ipn.ipn' for table 'play_evolutions'.
Is it possible I've set up the permissions incorrectly? The only thing that's different here is the need for the % sign as this is a remote connection!
Related
I am getting an error (on MySQL 5.7.25-google in Google cloud while locally MySQL 5.7.29, it works fine)
Google Cloud, I run (NOTE: show tables shows this table existing from this same user!!!)
mysql> show index from customers;
ERROR 1146 (42S02): Table 'authtables.customers' doesn't exist
and locally (same user and password and setup), I get
mysql> SHOW INDEX FROM customers;
+-----------+------------+------------------------------+--------------+-------------+-----------+-------------+----------+--------+------+------------+---------+---------------+
| Table | Non_unique | Key_name | Seq_in_index | Column_name | Collation | Cardinality | Sub_part | Packed | Null | Index_type | Comment | Index_comment |
+-----------+------------+------------------------------+--------------+-------------+-----------+-------------+----------+--------+------+------------+---------+---------------+
| customers | 0 | PRIMARY | 1 | id | A | 2 | NULL | NULL | | BTREE | | |
Of course, the command SHOW TABLES; works the same on both and shows the CUSTOMERS table in both!!! grrrr.
I followed the accepted answer in the link below EXCEPT for 1 minor detail for setup of 'authservice' user to 'authtables' database...
Mysql adding user for remote access
The ONE detail is my grant statements were authtables.* so that the user had full access to the authtables database and nothing else.
NEXT is my show grants command in GCP and locally which yield the EXACT same result but in case I am missing a typo, here is the GCP then the local result
mysql> show grants for 'authservice'#'localhost';
+---------------------------------------------------------------------+
| Grants for authservice#localhost |
+---------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'authservice'#'localhost' |
| GRANT ALL PRIVILEGES ON `authtables`.* TO 'authservice'#'localhost' |
+---------------------------------------------------------------------+
2 rows in set (0.08 sec)
local result is
mysql> show grants for 'authservice'#'localhost';
+---------------------------------------------------------------------+
| Grants for authservice#localhost |
+---------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'authservice'#'localhost' |
| GRANT ALL PRIVILEGES ON `authtables`.* TO 'authservice'#'localhost' |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)
For completeness...
GCP version: Server version: 5.7.25-google-log (Google)
local version: Server version: 5.7.29 MySQL Community Server (GPL)
WOW, crap, what is 5.7.25-google-log...ICK. I wonder if it has a bug here.
Also, why is grant have . when I look at my history in mysql to verify, I clearly did authtables.* EVERY time!!!
Then, what happened to the 'authservice'#'%' grant as I don't see that either?
Anyone have any idea how to setup google cloud mysql so I have a user with full access to the database so he is restricted to that database? This seems kind of like some sort of google bug or am I doing something wrong?
thanks,
Dean
OMG, google's mysql 'table names' are CASE SENSITIVE!!! what the heck.
I have to do
show index from CUSTOMERS;
OR
SHOW INDEX FROM CUSTOMERS;
BUT THIS DOES NOT WORK
show index from customers;
ouch! posted this to help the next person out hopefully.
Dears ,
I have two Virtual machines App1 & db ...
I installed Mysql in db machine , and I am trying on App1 machine to build EAR for springboot-demo-app following steps in this link (https://github.com/Mhussein27/springboot-demo-app)
But I am stuck in the step (mvn package) on app1 machine after exporting Mysql Configuration like the below , I am facing Unknown database error :
export APP_DATABASE_USER=testuser
export APP_DATABASE_PASSWORD=XXX
export APP_DATABASE_URL='jdbc:mysql://db:3306/testdb'
admin#app1:~/springboot-demo-app$ mvn package
Error:
Unable to obtain database connection
------------------------------------
SQL State : 42000
Error Code : 1049
Message : Unknown database 'testdb'
on db machine I can see the testuser and the testdb schema and privileges are fine !
mysql> SELECT User,Host FROM mysql.user;
+---------------+-----------+
| User | Host |
+---------------+-----------+
| testuser | % |
| mysql.session | localhost |
| mysql.sys | localhost |
| root | localhost |
+---------------+-----------+
4 rows in set (0.00 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
| testdb |
+--------------------+
5 rows in set (0.00 sec)
mysql> SHOW GRANTS FOR 'testuser'#'%';
+------------------------------------------------------+
| Grants for testuser#% |
+------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'testuser'#'%' |
| GRANT ALL PRIVILEGES ON `testdb`.* TO 'testuser'#'%' |
+------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show tables;
+-----------------------+
| Tables_in_testdb |
+-----------------------+
| flyway_schema_history |
+-----------------------+
1 row in set (0.00 sec)
Please let me know what is wrong !!
This is from my terminal in mac.
130-229-0-129-dhcp:~ suyeshamatya$ mysql
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| test |
+--------------------+
2 rows in set (0.00 sec)
mysql> quit
Bye
130-229-0-129-dhcp:~ suyeshamatya$ mysql -u root -p
Enter password:
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| lportal |
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.00 sec)
Can someone please explain why mysql is showing different number of databases when connecting without any username/password and when connecting with root username/password?
UPDATE:
Connected without username/password
mysql> show grants;
+--------------------------------------+
| Grants for #localhost |
+--------------------------------------+
| GRANT USAGE ON *.* TO ''#'localhost' |
+--------------------------------------+
1 row in set (0.00 sec)
Connected with root username/password
mysql> show grants;
+----------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root#localhost |
+----------------------------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED BY PASSWORD '********************' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
Grant USAGE means no privileges for that user according to Manual. So when you login without username and password. It will show default mysql schema. If you want to user using following query:
select User from mysql.user;
It will throw error like
SELECT command denied to user ''#'localhost' for table 'user';
Which means you do not have permission on default database to view users details.
If you login with username and password then all the databases created by that User will show you.
I am not sure but I think that the the "unknown user" has no privileges to see the other databases. Please check this in the mysql database.
I have mysql Server version: 5.5.32-0ubuntu0.12.04.1 (Ubuntu) installed linux Ubuntu 12.04 LTS.
I seem to have all the permissions as root. I can create a user and a db. However, I cannot seem to give the user all the permissions to the db.
My .my.cnf:
[client]
user=root
password=test
I login through mysql -u root -h localhost -p, but I cannot login without the -p option though I have the .my.cnf (not an issue, but odd).
There were a bunch of root users, so I got rid of them and I have these users:
mysql> SELECT host,user,password FROM mysql.user;
+-----------+------------------+-------------------------------------------+
| host | user | password |
+-----------+------------------+-------------------------------------------+
| localhost | root | ***************************************** |
| localhost | debian-sys-maint | ***************************************** |
+-----------+------------------+-------------------------------------------+
mysql> SHOW GRANTS FOR 'root'#'localhost';
+----------------------------------------------------------------------------------------------------------------------+
| Grants for root#localhost |
+----------------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' IDENTIFIED BY PASSWORD '*****************************************' |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+----------------------------------------------------------------------------------------------------------------------+
Now, I create a db, a user. The last line shows an error when I grant permissions. Can you please let me know why I am getting this error and what I can do to make this work?
mysql> create database staging;
Query OK, 1 row affected (0.00 sec)
mysql> CREATE USER 'staging'#'localhost' IDENTIFIED BY 'test';
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON staging.* TO 'staging'#'localhost';
ERROR 1044 (42000): Access denied for user 'root'#'localhost' to database 'staging'
First, Identify the user you are logged in as:
select user(); select current_user();
The result for the first command is what you attempted to login as, the second is what you actually connected as. Confirm that you are logged in as root#localhost in mysql.
The issue was that the installation I came up with did not provide Grant_priv to root#localhost. Here is how you can check.
mysql> SELECT host,user,password,Grant_priv,Super_priv FROM mysql.user;
+-----------+------------------+-------------------------------------------+------------+------------+
| host | user | password | Grant_priv | Super_priv |
+-----------+------------------+-------------------------------------------+------------+------------+
| localhost | root | ***************************************** | N | Y |
| localhost | debian-sys-maint | ***************************************** | Y | Y |
| localhost | staging | ***************************************** | N | N |
+-----------+------------------+-------------------------------------------+------------+------------+
You can see that the Grant_priv is set to N for root#localhost. This needs to be Y. Here is how I fixed this:
UPDATE mysql.user SET Grant_priv='Y', Super_priv='Y' WHERE User='root';
FLUSH PRIVILEGES;
GRANT ALL ON *.* TO 'root'#'localhost';
I did get some permission error, but when I logged back in, it was fine.
try flushing privileges after granting permissions
GRANT ALL PRIVILEGES ON staging.* TO 'staging'#'localhost' IDENTIFIED BY 'test';
FLUSH PRIVILEGES;
For those who still stumble upon this like I did, it's worth checking to make sure the attempted GRANT does not already exist:
SHOW GRANTS FOR username;
In my case, the error was not actually because there was a permission error, but because the GRANT already existed.
I created a database from the mysql prompt. It is named "spring_security_tutorial".
Then, I created a user named "erdinc#localhost" and granted the user all the privileges for the "spring_security_tutorial" db.
Here is the "show databases" result when I am connected as root:
mysql> show databases;
+--------------------------+
| Database |
+--------------------------+
| information_schema |
| mysql |
| performance_schema |
| spring_security_tutorial |
| springsecurity |
| test |
+--------------------------+
6 rows in set (0.00 sec)
Here is the result of the command "use spring_security_tutorial" when I am connected as root:
mysql> use spring_security_tutorial;
ERROR 1049 (42000): Unknown database 'spring_security_tutorial'
Here is the result of the command "select user(), current_user()":
mysql> select user(), current_user()
+----------------+----------------+
| user() | current_user() |
+----------------+----------------+
| root#localhost | root#localhost |
+----------------+----------------+
1 row in set (0.00 sec)
Here are the privileges of the root and erdinc users:
mysql> show grants for 'root'#'localhost';
+---------------------------------------------------------------------+
| Grants for root#localhost |
+---------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'root'#'localhost' WITH GRANT OPTION |
| GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql> show grants for 'erdinc'#'localhost';
+---------------------------------------------------------------------------------------------------------------+
| Grants for erdinc#localhost |
+---------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'erdinc'#'localhost' IDENTIFIED BY PASSWORD '*8DCDD69CE7D121DE8013062AEAEB2A148910D50E' |
| GRANT ALL PRIVILEGES ON `spring_security_tutorial`.* TO 'erdinc'#'localhost' WITH GRANT OPTION |
+---------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
I cannot use the spring_security_tutorial database as root user even if I can see it with "show databases".
Also, when I am connected as "erdinc#localhost", I cannot even show the mentioned database.
It just shows the test and information_schema databases.
I am looking up for this for a couple of hours now. Actually I used to use mysql in the past, either something changed in the usage or I am missing something very obvious because this used to be a trivial task.
Thanks in advance.