I have successfully created multiple databases in phpMyAdmin. I would now like to assign an existing user + respective password to all of these new databases by running a script on the SQL tab.
Please can you confirm what script I need to run, or if there is an easier script which can be run via root access, please then confirm the root-command for this?
Use the grant permissions command.
If your database was call "newDatabase" and your user was name "newUser" the command to grant all privileges on all the tables contained within would be:
GRANT ALL PRIVILEGES ON `newDatabase`.* TO 'newUser'#'localhost';
This would restrict the user from access the database only from the localhost, to enable access from all host change localhost to '%'
You then need to refresh the privileges with the following command:
FLUSH PRIVILEGES;
EDIT:
To grant privileges to every database on the mysql server use the following command (notice the *.*):
GRANT ALL PRIVILEGES ON *.* TO 'newUser'#'localhost';
GRANT SELECT, INSERT, INDEX ON `db_name`.* TO 'user'#'%';
change SELECT, INSERT, INDEX in what you need
Related
I have a docker container with mariadb on a synology nas.
The mariadb version is 10.4.12.
By trying to access the mariadb from a linux client by latest dBeaver I got following behavior.
Access with root user from client is successfull.
Access with root user out of inside the docker is successfull.
so far so fine!
Then I created following user, by following command:
CREATE USER 'myUser'#'%' IDENTIFIED BY 'secretPassword';
GRANT select, update, insert, delete ON mydb.* TO 'myUser'#'%';
After this I flushed privileges
With this user I am not able to login from inside the docker container and also not possible from the client.
Dependig from where I tried, I got 'Access denied for user 'myUser'#'172.17.0.1'.
The mariadb charset is UTF8.
The plugin in mysql.user is set to: mysql_native_password
In /etc/mysql/my.cnf the bind is enabled and set to 0.0.0.0
I tried to create the same user with above listet command with localhost and clientIP also without success.
I restartet the docker container without success.
I grant ALL to this user and flushed privileges again, without success.
I deleted all myUser's and created the myUser#% new with additional usage rights, also without success.
Are there any idea what I can do/ how to fix this behavior?
Any help will be apreciated!
Thank you in advance
I found the solution!!
I used for the user an automatic generated password:
G(m&>JBR,9ä
This did not work.
After I changed the password to a new one. Everything worked fine!
Are there any restrictions which charactes are possible in a password?
Simply remove the "%"
For more convenient, I also add couple of combinations.
CREATE USER 'myUser'#'localhost' IDENTIFIED BY 'secretPassword';
GRANT select, update, insert, delete ON mydb.* TO 'myUser'#'localhost';
CREATE USER 'myUser'#'%' IDENTIFIED BY 'secretPassword';
GRANT select, update, insert, delete ON mydb.* TO 'myUser'#'%';
CREATE USER 'myUser'#'' IDENTIFIED BY 'secretPassword';
GRANT select, update, insert, delete ON mydb.* TO 'myUser'#'';
When creating new tables and a user to go along with it, I usually just invoke the following commands:
CREATE DATABASE mydb;
GRANT ALL PRIVILEGES ON mydb.* TO myuser#localhost IDENTIFIED BY "mypassword";
I have never ever needed to utilize the FLUSH PRIVILEGES command after issuing the previous two commands. Users can log in and use their database and run PHP scripts which connect to the database just fine. Yet I see this command used in almost every tutorial I look at.
When is the FLUSH PRIVILEGES command really needed and when is it unnecessary?
Privileges assigned through GRANT option do not need FLUSH PRIVILEGES to take effect - MySQL server will notice these changes and reload the grant tables immediately.
From MySQL documentation:
If you modify the grant tables directly using statements such as
INSERT, UPDATE, or DELETE, your changes have no effect on privilege
checking until you either restart the server or tell it to reload the
tables. If you change the grant tables directly but forget to reload
them, your changes have no effect until you restart the server. This
may leave you wondering why your changes seem to make no difference!
To tell the server to reload the grant tables, perform a
flush-privileges operation. This can be done by issuing a FLUSH
PRIVILEGES statement or by executing a mysqladmin flush-privileges or
mysqladmin reload command.
If you modify the grant tables indirectly using account-management
statements such as GRANT, REVOKE, SET PASSWORD, or RENAME USER, the
server notices these changes and loads the grant tables into memory
again immediately.
TL;DR
You should use FLUSH PRIVILEGES; only if you modify the grant tables directly using statements such as INSERT, UPDATE, or DELETE.
Just to give some examples. Let's say you modify the password for an user called 'alex'. You can modify this password in several ways. For instance:
mysql> update* user set password=PASSWORD('test!23') where user='alex';
mysql> flush privileges;
Here you used UPDATE. If you use INSERT, UPDATE or DELETE on grant tables directly you need use FLUSH PRIVILEGES in order to reload the grant tables.
Or you can modify the password like this:
mysql> set password for 'alex'#'localhost'= password('test!24');
Here it's not necesary to use "FLUSH PRIVILEGES;"
If you modify the grant tables indirectly using account-management statements such as GRANT, REVOKE, SET PASSWORD, or RENAME USER, the server notices these changes and loads the grant tables into memory again immediately.
2 points in addition to all other good answers:
1:
what are the Grant Tables?
from dev.mysql.com
The MySQL system database includes several grant tables that contain information about user accounts and the privileges held by them.
clarification: in MySQL, there are some inbuilt databases , one of them is "mysql" , all the tables on "mysql" database have been called as grant tables
2:
note that if you perform:
UPDATE a_grant_table SET password=PASSWORD('1234') WHERE test_col = 'test_val';
and refresh phpMyAdmin , you'll realize that your password has been changed on that table but even now if you perform:
mysql -u someuser -p
your access will be denied by your new password until you perform :
FLUSH PRIVILEGES;
I have foo_bar_test database existing on my mysql server on host 127.0.0.1.
But there's no user that can access it but root, and I don't want to use root user anywhere in my code. So I created new user, fb_test, and granted him privileges for this database:
create user fb_test#'127.0.0.1' identified by password 'some_password';
grant all on 'foo_bar_test.*' to fb_test#'127.0.0.1';
flush privileges;
Ok, that should work, but when I log in as this user, I don't have any database available!
What's wrong?
I checked it using show grants for fb_test#'127.0.0.1', but it shows some strange results:
grant usage on *.* to fb_test#'127.0.0.1' identified by password '*another_password_dont_know_which_one'
How do I solve this?
you have an error in grant statement. Use the query:
grant all on 'foo_bar_test'.* to fb_test#'127.0.0.1';
In fact your grant command results an error which I think you ignored.
I want to create a new user in MySql. I do not want that new user to do much with my existing databases [I just want to grant Select privilege to him], but he can do anything and everything with a new database which he creates.
Firstly, is there a way to grant permission as per the database owner? If it is possible, then that is the ideal thing I am looking for. And if not, then how do I restrict a particular user from accessing [only Select privilege] some specific database only, allowing him to do anything he wants with the remaining ones?
From the MySQL grant documentation:
CREATE USER 'jeffrey'#'localhost' IDENTIFIED BY 'mypass';
GRANT SELECT ON *.* TO 'jeffrey'#'localhost';
GRANT ALL ON db1.* TO 'jeffrey'#'localhost';
The first command creates the user. The second grants select on all databases and tables. The third command grants all access to all tables in db1.
Is there anything else specific you are looking to do?
To provide a specific user with a permission, you can use this framework:
GRANT [type of permission] ON [database name].[table name] TO ‘[username]’#'localhost’;
GRANT ALL PRIVILEGES ON * . * TO 'newuser'#'localhost';
The asterisks in this command refer to the database and table (respectively) that they can access—this specific command allows to the user to read, edit, execute and perform all tasks across all the databases and tables.
Once you have finalized the permissions that you want to set up for your new users, always be sure to reload all the privileges.
FLUSH PRIVILEGES;
For more about permission you can read this article
https://www.digitalocean.com/community/articles/how-to-create-a-new-user-and-grant-permissions-in-mysql
For the list of permissions, see the MySQL Manual page Privileges Provided by MySQL.
Open mysql command prompt.
To create a new user when host is localhost then use this command
CREATE user 'test_user'#'localhost' identified by 'some_password';
for any host use %, like this
CREATE user 'test_user'#'%' identified by 'some_password';
Once the user is created, you need to Grant some access. Use following command for this.
GRANT SELECT,INSERT,UPDATE
ON database_name.table_name
TO 'test_user'#'localhost';
After successful execution of above query, test_user can select, insert and update in table_name (name of table) of database_name (name of database).
grant privilege is given in data base like this
grant privilege on object to user
object is any data base table or relation and user might be the whom the privilege is provided to him.
Example
grant select,insert,update,on object name to user name
grant select on employee to john with grant option;
revoke delete on employee from john.
creating users through mysql admin, but unable to login mysql command line
following on-line suggestions, as root issued
grant all on *.* to new_user;
it worked, but security-wise was a mess, so issued
revoke all on *.* from new_user;
now new_user can still connect, but security is sane as set in mysql admin
to me this is thoroughly hocus-pocus. what's really going on, and how do you really enable login?
this seems to be a MySQL Administrator problem (thanks #marco). if the same GRANT is issued in mysql command line, the user can log in; but it the grant is issued in Administrator, the user cannot log in.
as #marco pointed out, any access will grant mysql login access to the user, eg, SELECT privileges - but they need to be entered in msql command line.
That's because when you first use GRANT, user is created automatically; when you revoke privileges, user remains...
Check this link.
First you should give your user only the privileges he really needs.
Second: give the user access only to db or tables he should see/work on.
Example:
GRANT SELECT,INSERT,UPDATE ON mydb.* TO 'jeffrey'#'localhost';
or
GRANT SELECT ON db2.invoice TO 'jeffrey'#'localhost'
IDENTIFIED BY PASSWORD 'sdsd';
EDITED:
Just to prove what I'm saying:
enter mysql console (mysql -u root -p) and type
USE mysql;
SELECT * FROM user;
You'll see users MySql has inside.
Well, now use GRANT as you please on a user which does not exists yet; then repeat SELECT * FROM user;: you'll see new user created!!