How to give superuser privileges to MySQL? - mysql

I have a MySQL database which is hosted in Azure, and I'm accessing it through MySQL Workbench in my laptop. The point is that when I want to execute some commands I get error message saying I don't have enough privileges. I tried to access the Users and Privileges section in MySQL Workbench, but I got the message saying:
The account you are currently using does not have sufficient
privileges to make changes to MySQL users and privileges.
Where can I give superuser privileges, so that I can execute every command from my MySQL Workbench?

The privileges is only related to the user, the client you use has
nothing to do with it, so whether you use a workbench or a CLI, it
does not matter.
In MySQL privileges are arranged to different "user", and "user" are composed by "username" and "host" (from where you login the mysql), so basically, a user in mysql who own specific privilege looks like:
'foo'#'192.16.22.231', 'bar'#'10.3.243.%' ..
How to improve all the privileges to a specific user? do this as a super user:
GRANT ALL PRIVILEGES ON \*.* TO YOUR_USER
super user is usually 'root'#'127.0.0.1', since you have to grant to your specific 'user', you have to know the IP address from which you login
If you think above is a little complicated and your mysql is just fast-installed and simple configured, you can just try this and maybe it helps:
login as 'root' or mysql
execute this:
GRANT ALL PRIVILEGES ON \*.* TO 'your_user'#'%';

Execute SELECT * FROM mysql.user WHERE user = 'your account'\G in your client. If All the priv column is 'Y', your account has superuser privileges.
You can also try UPDATE mysql.user. Then, execute flush privileges; to make your changes effective.
Execute GRANT ALL PRIVILEGES ON \*.* TO 'your_user'#'%'; to add a new superuser privilege account.
If all the above operations are not allowed, please call the Azure support. In cloud database, some system databases may be not be allowed to access.

I had solved this issue by doing:
UPDATE mysql.user SET Grant_priv = 'Y' WHERE User = 'root';
This can be "dangerous" if you do not know what are you doing ;-)

Related

How to give all privileges to a new user that I created 'user#%'

I switch to MySQL 8 recently; earlier I was using MySQL 5.7 in GCP. I know questions like this have already been asked, but I didn't have any luck. My question is, I want to create a new user just say 'user1' and grant all privileges to a user account on all databases.
The query I am using for user creation:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
For privileges:
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
This privileges query used to work on MySQL 5.7, but when I try to run this query in MySQL 8, I get this error (I logged in as root user and MySQL is in GCP):
SQL Error (1045): Access denied for user 'root'#'%' (using password: YES)
I also tried to run this query one after another like this:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
But still I get the same error. I came to know that in MySQL 8 localhost root user have all the privileges, but my server is in Google Cloud, so how can I grant all the privileges to the user I created?
When I run this query in the mysql-8 (I am using HeidiSQL to connect the DB and run query)
SELECT * FROM mysql.user;
I got this output:
In this there are two root users:
For one host is localhost/127.0.0.1 (With all the privilege).
For other host is % (Not have any privilege).
I think I logged in as a user with host-% because my server is in GCP, that's why I cannot give any privilege to the user that I have created. So is there any way to give full permission to the
root#%
so that I can give full permission to the other users, Because I don't think there is any way to log in as a root#localhost
The problem here is that you are trying to create a super user, which is not something supported in cloud SQL, as you can see in this documentation:
Cloud SQL does not support SUPER privileges, which means that GRANT ALL PRIVILEGES statements will not work. As an alternative, you can use GRANT ALL ON %.*.
This alternative mentioned could be enough to grant the permissions you expected.

AWS Grant DBA MySQL

Hey I'm trying to grant my USER in mySQL the DBA role, because we are connecting to a AWS amazon server but no matter what we do, we can't grant that role to our user admin5 that's in the only user that we created. So please help because we need that privilege to create a Job that sends emails automatically at midnight.
This is how you can grant privileges to other users:
WITH GRANT OPTION clause gives the user the ability to give to other users any privileges the user has at the specified privilege level.
You can check if your user has this option by running show grants for 'youruser'#'yourhost';
The root user usually has these privileges by default. Try logging in with root and granting the permissions you need.
Also, presumably your cron that you are going to be running does not need to have DBA permissions. Here is a list of Mysql permissions and what they do. Select and execute privileges would probably be sufficient enough for what you need.

How to see all databases in phpMyAdmin as phpmyadmin user?

I have been using MySQL successfully using the command line, and have created various databases (mostly for CMS).
I decided to try using phpMyAdmin which I saw mentioned in a book on Joomla!.
But when I click on Databases, I only see information_schema, phpMyAdmin, and test.
I want to be able to administer all of my databases (presumably giving appropriate credentials). Probably related is the fact that if I log into mysql as the phpmyadmin user and do a show databases; query, I see only those three databases.
Do I need some sort of a grant involving the show_db_priv (granting to the phpmyadmin user)? If that's it, what is the exact syntax for doing that? When I do a show grants for this user, I can see that show_db_priv is not one of them.
Login as MySQL root user in phpMyAdmin. If you're not able to login as root in-spite of providing correct password, then make sure that you have this line in your phpMyAdmin's config.inc.php and is set to true.
$cfg['Servers'][$i]['AllowRoot'] = true;
If you've not assigned password to MySQL root account, then default password is blank. In that case check that AllowNoPassword is set to true in phpMyAdmin's config.inc.php
$cfg['Servers'][$i]['AllowNoPassword'] = true;
Not sure if this answer is relevant, as I am using phpMyAdmin as part of WAMP on a single site machine. Still, it might help someone else running into the problem of phpMyAdmin not displaying existing databases.
After installing WAMP on a new machine (with phpMyAdmin 4.0.4), and using a php script of mine to create some databases, phpMyAdmin would only show the information_schema and test databases.
When I ran mysql from a command prompt, the databases were there, so wtf??
After some experimenting I discovered that adding the following line cured the problem:
$cfg['Servers'][$i]['auth_type'] = 'config';
Note that the config.inc.php already had
$cfg['Servers'][$i]['user'] = 'root';
$cfg['Servers'][$i]['AllowNoPassword'] = true;
$cfg['Servers'][$i]['AllowNoPasswordRoot'] = false;
$cfg['Servers'][$i]['password'] = 'mypwd';
Note: The auth_type parameter is discussed in http://wiki.phpmyadmin.net/pma/auth_types,
but I don't see any comment on failure to show user created databases.
More details:
Without the auth_type line, a SHOW GRANTS (from phpMyAdmin) yields:
GRANT USAGE ON . TO ''#'localhost' IDENTIFIED BY PASSWORD '*CF74EB88D030BC86A14151B7CE22C8808A19AA4B'
With the auth_type line, SHOW GRANTS yields:
GRANT ALL PRIVILEGES ON . TO 'root'#'localhost' IDENTIFIED BY PASSWORD '*CF74EB88D030BC86A14151B7CE22C8808A19AA4B' WITH GRANT OPTION
GRANT PROXY ON ''#'' TO 'root'#'localhost' WITH GRANT OPTION
The easy way:
GRANT ALL PRIVILEGES ON *.* TO 'phpmyadmin'#'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
Those two lines will grant all privileges for the user phpmyadmin. You might need to restart mysql service.
If you didn't have a user named phpmyadmin in the first place, you can create it with the following:
CREATE USER 'phpmyadmin'#'localhost' IDENTIFIED BY 'your_secret_password';
This answer definitely exists somewhere else, but I can't find it to give it credit.

MySQL Error #1133 - Can't find any matching row in the user table

Unable to set password for a user using 3.5.2.2 - phpMyAdmin for 5.5.27 - MySQL. When trying to set the password while logged onto phpMyAdmin as the user, it pops up the following error:
#1133 - Can't find any matching row in the user table
When logged on as root, following password set successfully message pops up.
SET PASSWORD FOR 'user'#'%' = PASSWORD( '***' )
In either case, password does not set and stays as it currently is, blank.
I encountered this error using MySQL in a different context (not within phpMyAdmin). GRANT and SET PASSWORD commands failed on a particular existing user, who was listed in the mysql.user table. In my case, it was fixed by running
FLUSH PRIVILEGES;
The documentation for this command says
Reloads the privileges from the grant tables in the mysql database.
The server caches information in memory as a result of GRANT and CREATE USER statements.
This memory is not released by the corresponding REVOKE and DROP USER statements, so for
a server that executes many instances of the statements that cause caching, there will be
an increase in memory use. This cached memory can be freed with FLUSH PRIVILEGES.
Apparently the user table cache had reached an inconsistent state, causing this weird error message. More information is available here.
This error can occur if trying to grant privileges for a non-existing user.
It is not clear to me what MySQL considers a non-existing user. But I suspect MySQL considers a user to exist if it can be found by a name (column User) and a host (column Host) in the user table.
If trying to grant privileges to a user that can be found with his name (column User) but not by his name and host (columns User and Host), and not provide a password, then the error occurs.
For example, the following statement triggers the error:
grant all privileges on mydb.* to myuser#'xxx.xxx.xxx.xxx';
This is because, with no password being specified, MySQL cannot create a new user, and thus tries to find an existing user. But no user with the name myuser and the host xxx.xxx.xxx.xxx can be found in the user table.
Whereas providing a password, allows the statement to be executed successfully:
grant all privileges on mydb.* to myuser#'xxx.xxx.xxx.xxx' identified by 'mypassword';
Make sure to reuse the same password of that user you consider exists, if that new "MySQL user" is the same "application user".
Complete the operation by flushing the privileges:
flush privileges;
I encountered this issue, but in my case the password for the 'phpmyadmin' user did not match the contents of /etc/phpmyadmin/config-db.php
Once I updated the password for the 'phpmyadmin' user the error went away.
These are the steps I took:
Log in to mysql as root: mysql -uroot -pYOUR_ROOT_PASS
Change to the 'mysql' db: use mysql;
Update the password for the 'phpmyadmin' user:
UPDATE mysql.user SET Password=PASSWORD('YOUR_PASS_HERE') WHERE User='phpmyadmin' AND Host='localhost';
Flush privileges: FLUSH PRIVILEGES;
DONE!! It worked for me.
It turns out, the error is very vague indeed!
1) Password was setting while logged on as root, as it was updating the user/password field in the users table under MySql.
2) When logged on as user, password was in fact not changing and even though there was one specified in the users table in MySql, config.inc.php file allowed authentication without password.
Solution:
Change following value to false in the config.inc.php.
$cfg['Servers'][$i]['AllowNoPassword'] = true;
So that it reads
$cfg['Servers'][$i]['AllowNoPassword'] = false;
Change user's host from Any or % to localhost in MySql users table. This could easily be achieved via phpMyAdmin console.
These two changes allowed me to authenticate as user with it's password and disallowed authentication without password.
It also allowed user to change its password while logged on as user.
Seems all permissions and the rest was fixed with these two changes.
To expound on Stephane's answer.
I got this error when I tried to grant remote connections privileges of a particular database to a root user on MySQL server by running the command:
USE database_name;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%';
This gave an error:
ERROR 1133 (42000): Can't find any matching row in the user table
Here's how I fixed it:
First, confirm that your MySQL server allows for remote connections. Use your preferred text editor to open the MySQL server configuration file:
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
Scroll down to the bind-address line and ensure that is either commented out or replaced with 0.0.0.0 (to allow all remote connections) or replaced with Ip-Addresses that you want remote connections from.
Once you make the necessary changes, save and exit the configuration file. Apply the changes made to the MySQL config file by restarting the MySQL service:
sudo systemctl restart mysql
Next, log into the MySQL server console on the server it was installed:
mysql -u root -p
Enter your mysql user password
Check the hosts that the user you want has access to already. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| localhost |
+-----------+
Next, I ran the command below which is similar to the previous one that was throwing errors, but notice that I added a password to it this time:
USE database_name;
GRANT ALL PRIVILEGES ON *.* TO 'root'#'%' IDENTIFIED BY 'my-password';
Note: % grants a user remote access from all hosts on a network. You can specify the Ip-Address of the individual hosts that you want to grant the user access from using the command - GRANT ALL PRIVILEGES ON *.* TO 'root'#'Ip-Address' IDENTIFIED BY 'my-password';
Afterwhich I checked the hosts that the user now has access to. In my case the user is root:
SELECT host FROM mysql.user WHERE user = "root";
This gave me this output:
+-----------+
| host |
+-----------+
| % |
| localhost |
+-----------+
Finally, you can try connecting to the MySQL server from another server using the command:
mysql -u username -h mysql-server-ip-address -p
Where u represents user, h represents mysql-server-ip-address and p represents password. So in my case it was:
mysql -u root -h 34.69.261.158 -p
Enter your mysql user password
You should get this output depending on your MySQL server version:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 4
Server version: 5.7.31 MySQL Community Server (GPL)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
Resources: How to Allow Remote Connections to MySQL
That's all.
I hope this helps
grant all on newdb.* to newuser#localhost identified by 'password';
For someone who is doing a mistake like me.
I was using command
SET PASSWORD FOR root = 'elephant7'
to update the password for the root user and I was getting the same error. I tried every thing mention above in all the answer but I got no success then after searching a bit I found out the ans,
MySQL account names consist of a user name and a host name. This enables creation of accounts for users with the same name who can connect from different hosts.
on https://dba.stackexchange.com/
and then I used the command
SET PASSWORD FOR 'root'#'localhost'=PASSWORD('mynewpasword');
here 'root'#'localhost' did the trick and the command worked.
Hope this be beneficial for someone.
If you're using PHPMyAdmin you have to be logged in as root to be able to change root password. in user put root than leave password blank than change your password.
In my case I had just renamed the Mysql user which was going to change his password on a gui based db tool (DbVisualizer). The terminal in which I tried to 'SET PASSWORD' did not work(MySQL Error #1133).
However this answer worked for me, even after changing the password the 'SET PASSWORD' command did not work yet.
After closing the terminal and opening new one the command worked very well.
I think the answer is here now : https://bugs.mysql.com/bug.php?id=83822
So, you should write :
GRANT ALL PRIVILEGES ON mydb.* to myuser#'xxx.xxx.xxx.xxx' IDENTIFIED BY 'mypassword';
And i think that could be work :
SET PASSWORD FOR myuser#'xxx.xxx.xxx.xxx' IDENTIFIED BY 'old_password' = PASSWORD('new_password');

in mysql, set permission to connect mysql command line

creating users through mysql admin, but unable to login mysql command line
following on-line suggestions, as root issued
grant all on *.* to new_user;
it worked, but security-wise was a mess, so issued
revoke all on *.* from new_user;
now new_user can still connect, but security is sane as set in mysql admin
to me this is thoroughly hocus-pocus. what's really going on, and how do you really enable login?
this seems to be a MySQL Administrator problem (thanks #marco). if the same GRANT is issued in mysql command line, the user can log in; but it the grant is issued in Administrator, the user cannot log in.
as #marco pointed out, any access will grant mysql login access to the user, eg, SELECT privileges - but they need to be entered in msql command line.
That's because when you first use GRANT, user is created automatically; when you revoke privileges, user remains...
Check this link.
First you should give your user only the privileges he really needs.
Second: give the user access only to db or tables he should see/work on.
Example:
GRANT SELECT,INSERT,UPDATE ON mydb.* TO 'jeffrey'#'localhost';
or
GRANT SELECT ON db2.invoice TO 'jeffrey'#'localhost'
IDENTIFIED BY PASSWORD 'sdsd';
EDITED:
Just to prove what I'm saying:
enter mysql console (mysql -u root -p) and type
USE mysql;
SELECT * FROM user;
You'll see users MySql has inside.
Well, now use GRANT as you please on a user which does not exists yet; then repeat SELECT * FROM user;: you'll see new user created!!