I have four websites, each of which were being accessed with a singular username/password which had privileges on all of the databases.
However, for security reasons, I've finally set up a new user for each site, with each user only having access to the necessary database. Here is the code that I used to create the user and grant privileges for one particular database -
CREATE USER 'wedding1'#'localhost' IDENTIFIED BY 'somepass';
GRANT ALL PRIVILEGES ON wedding1.localhost TO 'wedding1'#'localhost';
However, when I log in to PHPMyAdmin using the credentials for the user I just created, the database is shown as expected but none of the tables are listed.
No entries are placed in my logs and I have tried to FLUSH PRIVILEGES;
Am I missing something from the above lines that could be causing this behaviour? Thanks.
You only granted privileges on a table called localhost within wedding1 DB. I am guessing this is not what you want. Change your grant statement as follows:
GRANT ALL PRIVILEGES ON wedding1.* TO 'wedding1'#'localhost';
Related
I install phpMyAdmin on my subdomain for my clients to access their Databases, Because I can't give my Cpanel Login to them.
But my problem is when they need to create a new database, they can't do it from phpMyAdmin and they face this error
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password BY
'root';
And I try to create a DB using phpMyAdmin, login from cPanel but I had the same error.
No worry I can create and manage user and DB from cPanel, But the problem is I have to create a database myself when my client needs DBS.
So has I have an option for this, any type?
In your case, this error means the MySQL user does not have the required privilege to create a database. These are some options you could do:
Grant their user all privileges on all databases (not recommended):
GRANT ALL PRIVILEGES ON . TO 'sserver_sserver'#'localhost';
Create the database yourself and give their user all privileges on that specific database:
CREATE DATABASE my;
GRANT ALL PRIVILEGES ON my.* TO 'sserver_sserver'#'localhost';
Give their user all privileges to databases beginning with a certain prefix such as their business name which will allow them to create and work on as many databases as they need:
GRANT ALL PRIVILEGES ON 'businessname_%'.* TO 'sserver_sserver'#'localhost';
I'm logged into a MariaDB instance as a user admin. The admin user has got the GRANT and CREATE privileges because it is supposed to add new users to the instance, with non-global privileges for particular databases. The admin user misses DROP and DELETE privileges on purpose because I don't want him to be able to delete data by accident. On the other hand, I want users created by the admin user to have DROP and DELETE privileges on particular tables.
By default, MariaDB doesn't allow me to create users that have a privilege that admin hasn't at all. I see the security consideration here, since users could easily exploit that right and create users with more "power". But is there any possibility to achieve my desired behaviour in MariaDB/MySQL?
Try this one on your linux console:
mysql -u root -p
Then your root password.
First we create the database ( yes database first)
CREATE DATABASE newdatabase;
Then we create the newuser with GRANT only for THIS newdatabase:
GRANT ALL PRIVILEGES ON newdatabase.* TO newuser#'%' IDENTIFIED BY 'any_password';
flush privileges;
exit
I am trying to grant privileges to another user using phpmyadmin, I have access to the root user (cl43-flexfit) and have tried querying the following
GRANT ALL PRIVILEGES ON `cl43-flexfit`.* TO 'supuser'#'localhost';
But receive a response of:
Access denied for user 'cl43-flexfit'#'%' to database 'cl43-flexfit'
Although I use that database with the cl43-flexfit user frequently.
I have also looked at what the root users privileges are using SHOW GRANT
and was shown these:
GRANT USAGE ON *.* TO 'cl43-flexfit'#'%' IDENTIFIED BY PASSWORD 'password'
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, TRIGGER ON `cl43-flexfit`.* TO 'cl43-flexfit'#'%' WITH GRANT OPTION
and even when I try to add permissions to the user for every database (replacing cl43-flexfit.* with * .*) I get an error saying I do not have permission
Access denied for user 'cl43-flexfit'#'%' (using password: YES)
I have been in contact with my hosting service and they have said that everything is correct on their end.
I also do not have access to the privileges tab in PHPMyAdmin and therefore can not use the GUI, it must be done through written commands.
Thanks in advance and apologise if I have a lack of understanding
You cannot GRANT ALL unless you also hold all privileges, along with GRANT OPTION, which you do not.
You have to grant explictly, and list only the permissions that you have (and want to grant).
You can't grant anything ON *.* unless you globally hold the privilege you are trying to grant, on all objects, plus GRANT OPTION. Again, you don't have this.
USAGE means only that you are allowed to log in to the server, nothing more. This is a special case of ON *.* carrying no significant meaning, because merely logging into the server is associated with no particular object.
The hosting service is correct.
If you have other users, you can make only explicit grants of listed permissions, using the format shown in your own SHOW GRANTS output.
GRANT SELECT, INSERT, [more...], TRIGGER ON `cl43-flexfit`.* TO 'my-other-existing-user'#'%';
yesterday I deployed a MySQL database image from the Azure marketplace. It is this one issued by Microsoft. I can connect with the user I specified in the Azure portal and was able to create an additional user for testing purposes and grant it all privileges on two different databases. However, if try to do the same today I get the infamous Error Code: 1044. Access denied for user 'admin'#'%' to database 'mysql'. I have read that some MySQL versions on Azure do not support user privilege handling, but I was already able to do it with this image version. I even verified that the created user had access to the specified databases and inserting/selecting data from it was also working. I have tried setting up a fresh database with a new testuser to no avail, as i received the same error. This is basically what I did:
CREATE USER 'user'#'%' IDENTIFIED BY 'pw';
GRANT INSERT ON db.* TO 'user'#'%' IDENTIFIED BY 'pw';
FLUSH PRIVILEGES;
After the user was created I also checked with SHOW GRANTS FOR 'user'#'%' for the given permissions and they were there. The admin user specified in the Azure portal also has grant_priv privileges. Can someone please help me to understand why all of a sudden it is not possible for me to grant even simple privileges to newly created users? It should be possible as this Blogpost from an Microsoft employee suggests. Clearly I am missing something as such a basic feature should be included.
I want to code an application which, when it runs for the first time on a user's machine, will create a new database, then create a new user and grant it access to the database.
I can manage that, but I want only that user and no other to be able to access the database.
So, just in case the existing installation has superuser where root has access to everything, I would like to revoke for all but the newly created user.
How do I do that?
I am guessing something like
REVOKE ALL PRIVILEGES, GRANT OPTION FROM mysql.user WHERE user<>[single user name] but can't seem to get it right.
I guess that I have to FLUSH PRIVILEGES afterwards?
You can ONLY give privileges to access database for your user - using GRANT command.
All other users, except root users, should not have such privileges.
Do you need to run FLUSH PRIVILEGES after GRANT/REVORE? No, you do not need. That is all)