We Keep Coding

MYSQL v8 Privileges

MySQL v8
command line and with phpmyadmin
I am logged into mysql as root (FULL Privileges) and I am trying to assign ALL privileges on a specific database to a user.
It gives them all privileges but DOES NOT allow Administration GRANT on the database (See Attached)
This is the same result for direct command line or phpmyadmin
Any ideas please?
Thanks in advance
P

You must GRANT ALL PRIVILEGES ... WITH GRANT OPTION.
That means you grant all the privileges to the target user, as well as the privilege to grant those privileges to others.
Read https://dev.mysql.com/doc/refman/8.0/en/grant.html:
The optional WITH clause is used to enable a user to grant privileges
to other users. The WITH GRANT OPTION clause gives the user the
ability to give to other users any privileges the user has at the
specified privilege level.
To grant the GRANT OPTION privilege to an account without otherwise
changing its privileges, do this:
GRANT USAGE ON *.* TO 'someuser'#'somehost' WITH GRANT OPTION;

What does each part of this command to grant all privileges mean?

Can someone explain the following command?
mysql> GRANT ALL PRIVILEGES ON *.* TO 'user1'#'localhost' WITH GRANT OPTION;

GRANT ALL PRIVILEGES
This gives the user specified later in the command all privileges.
http://dev.mysql.com/doc/refman/5.7/en/grant.html
ON *.*
Matches everything.
TO 'user1'#'localhost'
The user with name ‘user1’ on localhost which is to be granted the privileges.
WITH GRANT OPTION
The GRANT OPTION privilege enables you to give to other users or remove from other users those privileges that you yourself possess.
https://dev.mysql.com/doc/refman/5.6/en/privileges-provided.html#priv_grant-option

Hide MySQL database from unauthorised/different user

I am working on a SQL query using MySQL.
I had logged in to default user 'root', and created/ added two new user "user1" & "user2". Under each user I created one database "database1" and "database2" respectively and gave ALL PRIVILEGES.
Here goes my question now.
How can I hide "database1" from "user2" and "database2" from "user1"...?
Is it possible..? Please help thank you..

Instead of Grant all privileges on *.* to 'user1'#'IP'; & Grant all privileges on *.* to 'user2'#'IP'; You need to revoke all privileges on *.* from 'user1'#'IP'; & revoke all privileges on *.* from 'user1'#'IP'; That way they cannot see all databases.
Then only grant privileges on the databases that each user needs to see/access by executing GRANT ALL PRIVILEGES ON database1.* TO 'user1'#'IP'; & GRANT ALL PRIVILEGES ON database2.* TO 'user2'#'IP'; This is of course assuming you want each respective user to have All privileges on their databases.
Don't forget to flush privileges after running the other commands.
Note: not sure what your IP range is or if you are using wildcard (%), so I just put IP.
When in doubt in the future please refer to dev.mysql

Grant privileges to user in MySQL

From the control panel of my website I have created a new MySQL(5) database Test and a new user admin with password 123. I have tried assigning privileges to the user admin using:
GRANT ALL PRIVILEGES ON *.* TO 'admin'#'localhost'
or
GRANT ALL PRIVILEGES ON *.* TO 'admin'#'Test'
I keep getting the following error:
#1045 - Access denied for user 'admin'#'%' (using password: YES)
I need the following privileges for the user admin:
CREATE, ALTER, DELETE, INSERT, SELECT, UPDATE, LOCK TABLES
How do I make that in a query from phpMyAdmin?

I guess you are trying to change privileges of 'admin'#''%' being logged in as that user. This is strange.
You can display which user you are logged in as using
SELECT USER();
Then check grants that account already has:
SHOW GRANTS FOR 'admin'#''%';
We came to the conclusion you have
GRANT ALL PRIVILEGES ON `Test`.* TO 'admin'#'%'
That says you already have all privileges on all tables in database Test. You cannot further grant those privileges to other users, though (otherwise there would be WITH GRANT OPTION).
During the installation of MySQL, root user is always created. Use it to grant privileges to other accounts.
More info in manual:
2.10.2. Securing the Initial MySQL Accounts
6.3.2. Adding User Accounts

After run these statements try to execute FLUSH:
FLUSH PRIVILEGES;
From MYSQL Reference Manual :
(...) If you change the grant tables directly but forget to reload them, your changes have no effect until you restart the server. This may leave you wondering why your changes do not seem to make any difference!
To tell the server to reload the grant tables, perform a flush-privileges operation. (...)

Login as a root user then grant all privileges to admin user.
GRANT ALL PRIVILEGES ON `test`.* TO 'admin'#'localhost';

Revoke all privileges for all users on a MySQL DB

From: http://dev.mysql.com/doc/refman/5.0/en/drop-database.html
...when a database is dropped, user privileges on the database are not automatically dropped.
So the question becomes, how do you revoke all privileges for all users on a MySQL DB? I imagine it's simple, but I'm surprised I haven't been able to find this anywhere.

REVOKE ALL PRIVILEGES ON *.* FROM '<user_name>'#'localhost';
REVOKE ALL PRIVILEGES ON *.* FROM '<user_name>'#'%';
Eg.:
REVOKE ALL PRIVILEGES ON *.* FROM 'jeffrey'#'localhost';
REVOKE ALL PRIVILEGES ON *.* FROM 'jeffrey'#'%';

You can revoke all privileges for a specific user with this syntax:
REVOKE ALL PRIVILEGES, GRANT OPTION FROM user [, user] ...
FLUSH PRIVILEGES;
which drops all global, database, table, column, and routine privileges for the named user or users
Not sure if there's a way to do this for all users at once, though.

REVOKE ALL PRIVILEGES FROM '%'#'%';
The above could be dangerous as i suppose it will delete all the privileges from all the users including root
Modify it to:
REVOKE ALL PRIVILEGES FROM 'user'#'localhost';
or
REVOKE ALL PRIVILEGES FROM 'user'#'%';
before execute

I suppose you can do:
REVOKE ALL PRIVILEGES FROM '%'#'%';
FLUSH PRIVILEGES;
(Don't modify MySQL tables directly)