I'm trying to create a MySQL user with permissions from anywhere, but the command is failing:
MariaDB [(none)]> create user 'accounts'#'%' identified by 'password';
ERROR 1396 (HY000): Operation CREATE USER failed for 'accounts'#'%'
But if I change the permissions to access it from only localhost it works:
MariaDB [(none)]> CREATE USER 'accounts'#'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.01 sec)
I have a database called accounts:
MariaDB [(none)]> show databases like 'accounts';
+---------------------+
| Database (accounts) |
+---------------------+
| accounts |
+---------------------+
1 row in set (0.02 sec)
But I have to also create a user called accounts as well.
Note, I am doing this for work so I do not make decisions on who can access the DB from where.
Why does the first command fail?
This is the user privileges:
GRANT USAGE ON *.* TO 'LMMXT'#'localhost' IDENTIFIED BY PASSWORD '*...'
GRANT ALL PRIVILEGES ON `LMMXT`.`*` TO 'LMMXT'#'localhost'
I can LOGIN with the user, USE Database, but always when I want CREATE TABLE:
# mysql -u LMMXT -p -h localhost
mysql> use LMMXT
Database changed
mysql> create table test;
ERROR 1142 (42000): CREATE command denied to user 'LMMXT'#'localhost' for table 'test'
And:
mysql> SELECT USER(),CURRENT_USER();
+---------------------+---------------------+
| USER() | CURRENT_USER() |
+---------------------+---------------------+
| LMMXT#localhost | LMMXT#localhost |
+---------------------+---------------------+
1 row in set (0.00 sec)
So, also I've tried with:
mysql> FLUSH PRIVILEGES;
User is set for host access from 'localhost' and '%'
I've seen other solutions on StackOverflow, but none works.
Thanks in advance
Try changing your grant statement to
GRANT ALL PRIVILEGES ON LMMXT.* TO 'LMMXT'#'localhost'
I'm not sure if the ` characters around the statement are causing a problem
I'd like to create a user who has all privileges with his own database in MySQL.
When I use this user to create a table, MySQL returns that the SQL server is running with read-only option.
However when I changed to an another existing user with all privileges on *.*, I can create table without error.
I'm wondering if the read-only option is global or what?
The following is my MySQL commands using MySQL root:
mysql> create user 'demo'#'localhost' identified by 'demo';
mysql> create database demo;
mysql> grant all privileges on demo.* to demo#localhost;
mysql> show grants for demo#localhost;
+-------------------------------------------------------------------------------------------------------------------+
| Grants for demo#localhost |
+-------------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'demo'#'localhost' IDENTIFIED BY PASSWORD '*demo-hashed*' |
| GRANT ALL PRIVILEGES ON `demo`.* TO 'demo'#'localhost' |
+-------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
Then I switched to user "demo":
mysql> use demo;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> create table t(t1 int);
ERROR 1290 (HY000): The MySQL server is running with the --read-only option so it cannot execute this statement
So I checked the read-only option, and it seems to be on.
However then I tried using another user with privileges on *.* and I can create tables successfully.
The another user grant setting:
mysql> show grants for demo2#'%';
+-----------------------------------------------------------------------------------------------------------------+
| Grants for demo2#% |
+-----------------------------------------------------------------------------------------------------------------+
| GRANT ALL PRIVILEGES ON *.* TO 'demo2'#'%' IDENTIFIED BY PASSWORD '*demo2-hased*' |
+-----------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
MySQL version:
mysql> select version();
+------------------------+
| version() |
+------------------------+
| 5.1.68.0 |
+------------------------+
1 row in set (0.00 sec)
BTW, after I set read_only = 0 I can use demo to create table. I just don't know why the demo2 can create table while read-only is on.
Thanks!
Please check the My.cnf for Linux or My.ini for windows under [mysqld] remove read only parameters then restart the service and try again that will solve the read only problem, but if you create table in read only that will be a temp table.
I have to provide direct access to my database to some users for auditing purposes, and should add a restriction to avoid that these new users don't have deleting, updating and altering privileges.
Just create a user and grant only SELECT privilege.
CREATE USER user_name#host_name identified by 'password';
GRANT SELECT ON db_name.* TO user_name#host_name;
To check what privileges a user has use
SHOW GRANTS FOR user_name#host_name;
and make sure that a user only has GRANT USAGE and GRANT SELECT ON db_name.*
Lets say I have my_db database with test table in it and I want to create a user with a name user1 who will be allowed to connect only from local host and will be able to read data from all tables in this database but won't be able to insert, change, and delete data.
mysql> create user user1#localhost identified by 'password';
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for user1#localhost;
+--------------------------------------------------------------------------------------------------------------+
| Grants for user1#localhost |
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user1'#'localhost' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |
+--------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
mysql> grant select on my_db.* to user1#localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> show grants for user1#localhost;
+--------------------------------------------------------------------------------------------------------------+
| Grants for user1#localhost |
+--------------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'user1'#'localhost' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' |
| GRANT SELECT ON `my_db`.* TO 'user1'#'localhost' |
+--------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
Now lets see what our user1 can and can't do
$ mysql -uuser1 -p
mysql> use mysql
ERROR 1044 (42000): Access denied for user 'user1'#'localhost' to database 'mysql'
mysql> use test
ERROR 1044 (42000): Access denied for user 'user1'#'localhost' to database 'test'
mysql> use my_db
Database changed
As you can see our user1 can only connect to my_db database.
Now let see what that user can do with data in table test (the only table in that database)
mysql> select * from test;
+------+
| id |
+------+
| 1 |
| 2 |
+------+
2 rows in set (0.00 sec)
mysql> insert into test values (3);
ERROR 1142 (42000): INSERT command denied to user 'user1'#'localhost' for table 'test'
mysql> delete from test where id = 1;
ERROR 1142 (42000): DELETE command denied to user 'user1'#'localhost' for table 'test'
mysql> update test set id = 10 where id = 1;
ERROR 1142 (42000): UPDATE command denied to user 'user1'#'localhost' for table 'test'
Again as you can the user can only select from the table.
I'm using MySQL 5.5.16 noinstall Zip Archive on Win7.
After I started the server, the command show databases showed me a list of 2 databases: information_schema and test. The latter is empty.
Where is the table user?
I tried to create a new user through this command create user newUser; and got the following error message: ERROR 1227 (42000): Access denied; you need (at least one of) the CREATE USER privilege(s) for this operation
What should I do to create, databases, tables, and do all the operations I want to do? I don't know if the fact that I'm using MySQL 5.5.16 noinstall Zip Archive has something to do with the error message?
First thing to do is run this:
SHOW GRANTS;
You will quickly see you were assigned the anonymous user to authenticate into mysql.
Instead of logging into mysql with
mysql
login like this:
mysql -uroot
By default, root#localhost has all rights and no password.
If you cannot login as root without a password, do the following:
Step 01) Add the two options in the mysqld section of my.ini:
[mysqld]
skip-grant-tables
skip-networking
Step 02) Restart mysql
net stop mysql
<wait 10 seconds>
net start mysql
Step 03) Connect to mysql
mysql
Step 04) Create a password from root#localhost
UPDATE mysql.user SET password=password('whateverpasswordyoulike')
WHERE user='root' AND host='localhost';
exit
Step 05) Restart mysql
net stop mysql
<wait 10 seconds>
net start mysql
Step 06) Login as root with password
mysql -u root -p
You should be good from there.
CAVEAT: Please remove anonymous users !!!
For me the issue was ( for a very strange reason ) the fact that root had Host of % instead of localhost
I received the above error when trying to DROP USER;
Privileges as suggested in the answer above - I already had, so the solution wasn't suitable for me.
The DB looked like this:
mysql> drop user 'testuser'#'%';
ERROR 1227 (42000): Access denied; you need (at least one of) the SYSTEM_USER privilege(s) for this operation
mysql> select Host,User,drop_priv from user;
+------+------------------+-----------+
| Host | User | drop_priv |
+------+------------------+-----------+
| % | mysql.infoschema | N |
| % | mysql.session | N |
| % | mysql.sys | N |
| % | root | Y |
+------+------------------+-----------+
And
mysql> SHOW GRANTS FOR 'root'#'%';
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root#% |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`#`%` WITH GRANT OPTION |
+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
I tried many things, but eventually I changed the Host from % to localhost for security concerns, nothing else.
mysql> UPDATE user SET Host='localhost' WHERE user='root' LIMIT 1;
Query OK, 1 row affected (0.03 sec)
Rows matched: 1 Changed: 1 Warnings: 0
I don't know why, but it worked.
mysql> quit
$ mysql -u root -p
.. ENTER (NO PASSWORD) ..
mysql> drop user 'testuser'#'%';
Query OK, 0 rows affected (0.02 sec)
mysql> flush privileges;
Query OK, 0 rows affected (0.02 sec)
No idea why, but hope it will help others ...
I'm using CentOS which has SELinux and other stuff, which maybe other components are correlated with this. don't know.