From the control panel of my website I have created a new MySQL(5) database Test and a new user admin with password 123. I have tried assigning privileges to the user admin using:
GRANT ALL PRIVILEGES ON *.* TO 'admin'#'localhost'
or
GRANT ALL PRIVILEGES ON *.* TO 'admin'#'Test'
I keep getting the following error:
#1045 - Access denied for user 'admin'#'%' (using password: YES)
I need the following privileges for the user admin:
CREATE, ALTER, DELETE, INSERT, SELECT, UPDATE, LOCK TABLES
How do I make that in a query from phpMyAdmin?
I guess you are trying to change privileges of 'admin'#''%' being logged in as that user. This is strange.
You can display which user you are logged in as using
SELECT USER();
Then check grants that account already has:
SHOW GRANTS FOR 'admin'#''%';
We came to the conclusion you have
GRANT ALL PRIVILEGES ON `Test`.* TO 'admin'#'%'
That says you already have all privileges on all tables in database Test. You cannot further grant those privileges to other users, though (otherwise there would be WITH GRANT OPTION).
During the installation of MySQL, root user is always created. Use it to grant privileges to other accounts.
More info in manual:
2.10.2. Securing the Initial MySQL Accounts
6.3.2. Adding User Accounts
After run these statements try to execute FLUSH:
FLUSH PRIVILEGES;
From MYSQL Reference Manual :
(...) If you change the grant tables directly but forget to reload them, your changes have no effect until you restart the server. This may leave you wondering why your changes do not seem to make any difference!
To tell the server to reload the grant tables, perform a flush-privileges operation. (...)
Login as a root user then grant all privileges to admin user.
GRANT ALL PRIVILEGES ON `test`.* TO 'admin'#'localhost';
Related
MySQL v8
command line and with phpmyadmin
I am logged into mysql as root (FULL Privileges) and I am trying to assign ALL privileges on a specific database to a user.
It gives them all privileges but DOES NOT allow Administration GRANT on the database (See Attached)
This is the same result for direct command line or phpmyadmin
Any ideas please?
Thanks in advance
P
You must GRANT ALL PRIVILEGES ... WITH GRANT OPTION.
That means you grant all the privileges to the target user, as well as the privilege to grant those privileges to others.
Read https://dev.mysql.com/doc/refman/8.0/en/grant.html:
The optional WITH clause is used to enable a user to grant privileges
to other users. The WITH GRANT OPTION clause gives the user the
ability to give to other users any privileges the user has at the
specified privilege level.
To grant the GRANT OPTION privilege to an account without otherwise
changing its privileges, do this:
GRANT USAGE ON *.* TO 'someuser'#'somehost' WITH GRANT OPTION;
I want to have a non-root mysql user that can create another databases and users and grant access to that users to created databases. To do this as root I firstly created a user
CREATE USER asusi_admin#localhost IDENTIFIED BY '123';
Then I grant create user PRIVILEGE to this user
GRANT CREATE USER ON *.* TO 'asusi_admin'#localhost';
Then I grant all privileges to this user for the every database he creates
GRANT ALL PRIVILEGES ON `asusi\_%`.* TO 'asusi_admin'#'localhost WITH GRANT OPTION;
Now I'm flushing privileges
FLUSH PRIVILEGES;
Now I'm logging on to MySQL as newly created user asusi_admin and creating a new database
Now I'm creating a new database
CREATE DATABASE asusi_database;
Now I'm checking that I can use this database
USE asusi_database;
I can use this database, good
Now I'm creating a new user
CREATE USER 'asusi_user'#'localhost' IDENTIFIED '123';
Now I want to grant select privilege to the created user
GRANT select on `asusi_database`.* 'asusi_user'#'localhost'
And here I'm getting an error: 'Access denied for user 'asusi_admin'#'localhost' to database 'asusi_superdb'
Should I relogin as root and explicitly grant access to this database to a asusi_user
GRANT ALL PRIVILEGES ON `asusi_database`.* TO 'asusi_admin'#'localhost WITH GRANT OPTION;
and then relog in as asusi_admin and run the command again
GRANT select on `asusi_database`.* 'asusi_user'#'localhost'
this time it gives me no error and user asusi_user can read database asusi_database. Apparently MySQL wants me to explicitly grant access to the user asusi_admin for the every created database via root account. But I don't want to use the root account. I thought that after executing this command
GRANT ALL PRIVILEGES ON `asusi\_%`.* TO 'asusi_admin'#'localhost WITH GRANT OPTION;
user asusi_admin will be able to grant access to other users to the ecery database that stats with 'asusi_' prefix. May be I missed something or this behavior is designed to be that way?
It seems this is a confirmed bug, that was not fixed yet https://bugs.mysql.com/bug.php?id=75097, so nothing you can do right now with it.
Oddly enough it seems my mysql will not allow creating a user with access to a specific database. Using MySQL Workbench:
CREATE USER 'testUser'#'localhost' IDENTIFIED BY 'thepasswordhere';
GRANT ALL PRIVILEGES ON testDatabaseName TO 'testUser'#'localhost' WITH GRANT OPTION;
SHOW GRANTS;
I see nothing mentioning granted privileges for the created user. This explains why I get mysqli::mysqli(): (28000/1045): Access denied for user 'testUser'
What step am I missing?? Update: Even when I mistype the username I still get a success with 0 rows affected: GRANT ALL PRIVILEGES ON testDatabaseName TO 'testkUser'#'%' WITH GRANT OPTION; so I think something's seriously wrong with my local mysql. Any ideas on a fix?
CREATE USER 'testUser'#'localhost' IDENTIFIED BY 'thepasswordhere';
GRANT ALL PRIVILEGES ON testDatabaseName.* TO 'testUser'#'localhost' WITH GRANT OPTION;
SELECT sql_grants FROM common_schema.sql_show_grants;
What changed? I simply added a .* after database name. It's necessary so the user has access to all tables inside the database.
Also for the latest mysql, I believe you need to put user password when using grant.
So do as follows:
CREATE USER 'testUser'#'localhost' IDENTIFIED BY 'thepasswordhere';
GRANT ALL PRIVILEGES ON testDatabaseName.* TO testUser#localhost IDENTIFIED BY 'pass' WITH GRANT OPTION;
FLUSH PRIVILEGES;
SELECT sql_grants FROM common_schema.sql_show_grants;
As mentioned by Michael in the question comments:
SHOW GRANTS FOR 'testUser'#'localhost';... otherwise, SHOW GRANTS;
shows your privileges -- the ones associated with the account that is
currently logged in.
grant select ON . TO 'username'#'%' with GRANT OPTION;
grant select ON . TO 'username'#'IPaddress' with GRANT OPTION;
All the above statements errors out with the Error Code: 1044. Access denied for user 'user'#'IPAddress' to database
FYI I am logged in as a user with all the permissions -- 'GRANT ALL PRIVILEGES ON . '
With the current user I am able to perform all operation , but I want to add more users.
You need to be logged in with a user that has WITH GRANT OPTION as well, such as root#'localhost'. Otherwise, you can do everything else, BUT create new user and issue new grants/permissions.
GRANT OPTION Enable privileges to be granted to or removed from other accounts. Levels: Global, database, table, procedure.
You can read more here are dev.mysql.
I have foo_bar_test database existing on my mysql server on host 127.0.0.1.
But there's no user that can access it but root, and I don't want to use root user anywhere in my code. So I created new user, fb_test, and granted him privileges for this database:
create user fb_test#'127.0.0.1' identified by password 'some_password';
grant all on 'foo_bar_test.*' to fb_test#'127.0.0.1';
flush privileges;
Ok, that should work, but when I log in as this user, I don't have any database available!
What's wrong?
I checked it using show grants for fb_test#'127.0.0.1', but it shows some strange results:
grant usage on *.* to fb_test#'127.0.0.1' identified by password '*another_password_dont_know_which_one'
How do I solve this?
you have an error in grant statement. Use the query:
grant all on 'foo_bar_test'.* to fb_test#'127.0.0.1';
In fact your grant command results an error which I think you ignored.