Grant permissions to mysql user for future databases - mysql

I followed this post Grant on multiple databases. MySQL to be able to grant permissions over multiple databases to a mysql user. But I also want to make sure that these permissions persist when a new databases is added to the mysql server. Is there a way to do this?

If you grant all database and all table access to any MySQL user while creating then user can access all database/table created after creation of user account.
GRANT ALL PRIVILEGES ON *.* TO 'user'#'host' WITH GRANT OPTION;

You can use
GRANT ALL PRIVILEGES ON *.* TO 'user'#'hostname';
. represents database.table. * indicates all databases and all their tables.

Related

Not enough privileges to grant privileges leading to error 1045. AWS [duplicate]

i need to grant all privileges for user master to the database 'mysql'(i mean the database not the server) on amazon RDS
i am trying to use
GRANT ALL PRIVILEGES ON mysql.* To 'master'#'aurora-wqeqwe-rdscluster-1jjch50tq2n3s.qrwerw-2.rds.amazon
aws.com' IDENTIFIED BY 'm3vyrtywrsY026y';
You can't grant SUPER privilege on RDS, so you can't use the ALL PRIVILEGES shortcut.
Sorry, you must name the privileges you want to grant explicitly, even if it means listing every privilege except SUPER.
You also can't grant privileges you don't have. I'm not sure your user has privileges to the mysql database. You can find out what privileges you have with SHOW GRANTS.
In your example is "master" any user or is it the name of your RDS Master User account? For the latter take a look at https://aws.amazon.com/premiumsupport/knowledge-center/duplicate-master-user-mysql/
I was also stuck with the same problem a while ago ad came across with this solution GRANT ALL PRIVILEGES ON '%'.* To 'master'#'aurora-wqeqwe-rdscluster-1jjch50tq2n3s.qrwerw-2.rds.amazon
aws.com' IDENTIFIED BY 'm3vyrtywrsY026y';
This worked for me.
for more information you can check the following link
http://www.fidian.com/problems-only-tyler-has/using-grant-all-with-amazons-mysql-rds

mysql: database specific user permission delegation with grant option and wildcard

I want to have a non-root mysql user that can create another databases and users and grant access to that users to created databases. To do this as root I firstly created a user
CREATE USER asusi_admin#localhost IDENTIFIED BY '123';
Then I grant create user PRIVILEGE to this user
GRANT CREATE USER ON *.* TO 'asusi_admin'#localhost';
Then I grant all privileges to this user for the every database he creates
GRANT ALL PRIVILEGES ON `asusi\_%`.* TO 'asusi_admin'#'localhost WITH GRANT OPTION;
Now I'm flushing privileges
FLUSH PRIVILEGES;
Now I'm logging on to MySQL as newly created user asusi_admin and creating a new database
Now I'm creating a new database
CREATE DATABASE asusi_database;
Now I'm checking that I can use this database
USE asusi_database;
I can use this database, good
Now I'm creating a new user
CREATE USER 'asusi_user'#'localhost' IDENTIFIED '123';
Now I want to grant select privilege to the created user
GRANT select on `asusi_database`.* 'asusi_user'#'localhost'
And here I'm getting an error: 'Access denied for user 'asusi_admin'#'localhost' to database 'asusi_superdb'
Should I relogin as root and explicitly grant access to this database to a asusi_user
GRANT ALL PRIVILEGES ON `asusi_database`.* TO 'asusi_admin'#'localhost WITH GRANT OPTION;
and then relog in as asusi_admin and run the command again
GRANT select on `asusi_database`.* 'asusi_user'#'localhost'
this time it gives me no error and user asusi_user can read database asusi_database. Apparently MySQL wants me to explicitly grant access to the user asusi_admin for the every created database via root account. But I don't want to use the root account. I thought that after executing this command
GRANT ALL PRIVILEGES ON `asusi\_%`.* TO 'asusi_admin'#'localhost WITH GRANT OPTION;
user asusi_admin will be able to grant access to other users to the ecery database that stats with 'asusi_' prefix. May be I missed something or this behavior is designed to be that way?
It seems this is a confirmed bug, that was not fixed yet https://bugs.mysql.com/bug.php?id=75097, so nothing you can do right now with it.

grant access to user on amazon RDS server

i need to grant all privileges for user master to the database 'mysql'(i mean the database not the server) on amazon RDS
i am trying to use
GRANT ALL PRIVILEGES ON mysql.* To 'master'#'aurora-wqeqwe-rdscluster-1jjch50tq2n3s.qrwerw-2.rds.amazon
aws.com' IDENTIFIED BY 'm3vyrtywrsY026y';
You can't grant SUPER privilege on RDS, so you can't use the ALL PRIVILEGES shortcut.
Sorry, you must name the privileges you want to grant explicitly, even if it means listing every privilege except SUPER.
You also can't grant privileges you don't have. I'm not sure your user has privileges to the mysql database. You can find out what privileges you have with SHOW GRANTS.
In your example is "master" any user or is it the name of your RDS Master User account? For the latter take a look at https://aws.amazon.com/premiumsupport/knowledge-center/duplicate-master-user-mysql/
I was also stuck with the same problem a while ago ad came across with this solution GRANT ALL PRIVILEGES ON '%'.* To 'master'#'aurora-wqeqwe-rdscluster-1jjch50tq2n3s.qrwerw-2.rds.amazon
aws.com' IDENTIFIED BY 'm3vyrtywrsY026y';
This worked for me.
for more information you can check the following link
http://www.fidian.com/problems-only-tyler-has/using-grant-all-with-amazons-mysql-rds

How to enable mysql remote access without grant all privileges

Need to access one mysql database for a user remotely. I know it will work if grant all privileges on all databases to that user, like:
grant all on \*.* to 'someone'#'%'
But I just want grant access permission to that user on the database specified, not every database, like:
grant all on mydb.* to 'someone'#'%'.
Unfortunately, remote access will be failed in this case.
Any idea to solve this? Thanks a lot.
Try this,
GRANT SELECT,UPDATE,INSERT,DELETE ON yourdb.* To your_user#'192.162.1.1' identified by 'password';

Let MySQL users create databases, but allow access to only their own databases

I want to have multiple a MySQL users to be able to issue commands like
CREATE DATABASE dbTest;
But I also want each of these users to be able to see and access only their own databases.
All I could find was how to either create the databases by a DBA and grant the privileges on this database to the specific user:
GRANT ALL PRIVILEGES ON dbTest.* TO 'user';
or grant privileges on all databases to a user:
GRANT ALL PRIVILEGES ON *.* TO 'user';
But neither is what I want, because it needs to scale and be secure.
You can use
GRANT ALL PRIVILEGES ON `testuser\_%` . * TO 'testuser'#'%';
to grant the user testuser privileges on all databases with names beginning with testuser_.
This allows the testuser to create databases limited to names starting with testuser_
You can use
GRANT ALL PRIVILEGES ON `testuser_%` . * TO 'testuser'#'%';
to grant the user testuser privileges on all databases with names beginning with testuser_.
EDIT: I'm not sure if this user is now also allowed to create databases.
Yes, this allows the testuser to create databases limited to names starting with testuser_
Create a stored procedure that is defined by the admin user and invokes with the admin user privileges by using SQL SECURITY DEFINER. In the stored procedure,
Create the database.
Set the privileges on the database so only the current user has access.
Execute FLUSH PRIVILEGES to reload the privileges from the grant tables.
Use USER() to get the current user login details.
Find out more about SQL SECURITY DEFINER.
It is impossible to do this using permissions only .
The workaround as suggested in another answer:
GRANT ALL PRIVILEGES ONtestuser_%. * TO 'testuser'#'%';
has the problem that the users must then be very careful in naming their databases.
For example if user aaa creates database bbb_xyz, it can then be accessed exclusively by user bbb but not by user aaa.