I created a user (new_user) with root like this:
GRANT ALL ON labor.* TO 'new_user'#'%' WITH GRANT OPTION;
GRANT ALL ON labor.* TO 'new_user'#'localhost' WITH GRANT OPTION;
GRANT CREATE USER ON *.* TO 'new_user'#'%';
GRANT CREATE USER ON *.* TO 'new_user'#'localhost';
GRANT RELOAD ON *.* TO 'new_user'#'localhost';
GRANT RELOAD ON *.* TO 'new_user'#'%';
FLUSH PRIVILEGES;
When I try to create another user the same way but with new_user, I get an access denied error.
This error occurs after the GRANT ALL lines.
What else privilege should I add?
The newly create user is missing the grant option on *.* (needed for grant create user on *.* ...)
GRANT GRANT OPTION ON *.* TO 'new_user'#'%';
GRANT GRANT OPTION ON *.* TO 'new_user'#'localhost';
Related
When we try to GRANT ALL permissions to a user for a specific database, the admin (superuser) user of database receives the following error.
Access denied for user 'admin'#'%' to database 'the_Db'
After looking other questions in stackoverflow I could not find the solution. I already tried to change * -> % without success, that is the approach suggested in the following source:
http://www.fidian.com/problems-only-tyler-has/using-grant-all-with-amazons-mysql-rds
I think there is an underlying configuration on RDS so I can't grant all permissions for the users, but I don't know how to detect what is happening.
Update
After doing some workarounds I noticed that the "Delete versioning rows" permissions is the one that causes the problem. I can add all permissions but that one.
https://mariadb.com/kb/en/grant/
So the only "way" I could grant other permissions was to specific each one of those with a script like this.
GRANT Alter ON *.* TO 'user_some_app'#'%';
GRANT Create ON *.* TO 'user_some_app'#'%';
GRANT Create view ON *.* TO 'user_some_app'#'%';
GRANT Delete ON *.* TO 'user_some_app'#'%';
GRANT Drop ON *.* TO 'user_some_app'#'%';
GRANT Grant option ON *.* TO 'user_some_app'#'%';
GRANT Index ON *.* TO 'user_some_app'#'%';
GRANT Insert ON *.* TO 'user_some_app'#'%';
GRANT References ON *.* TO 'user_some_app'#'%';
GRANT Select ON *.* TO 'user_some_app'#'%';
GRANT Show view ON *.* TO 'user_some_app'#'%';
GRANT Trigger ON *.* TO 'user_some_app'#'%';
GRANT Update ON *.* TO 'user_some_app'#'%';
GRANT Alter routine ON *.* TO 'user_some_app'#'%';
GRANT Create routine ON *.* TO 'user_some_app'#'%';
GRANT Create temporary tables ON *.* TO 'user_some_app'#'%';
GRANT Execute ON *.* TO 'user_some_app'#'%';
GRANT Lock tables ON *.* TO 'user_some_app'#'%';
Try this
mysql -h your-rds-host-name -P 3306 -u rds-master-user -p
CREATE DATABASE sitedb;
CREATE USER 'siteuser'#'%' IDENTIFIED BY 'Password';
// For MySQL 5.7 or Less
GRANT ALL ON sitedb.* TO 'siteuser'#'%' IDENTIFIED BY 'Password' WITH GRANT OPTION;
// MariaDB 10 Up
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, CREATE VIEW, EVENT, TRIGGER, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EXECUTE ON `sitedb`.* TO 'siteuser'#'%';
FLUSH PRIVILEGES;
EXIT
Is it possible to give grant to user by another user? I've created user with full privileges:
CRETAE USER test#localhost IDENTIFIED BY 'test';
GRANT ALL ON *.* TO test#localhost;
GRANT CREATE USER ON *.* TO test#localhost;
FLUSH PRIVILEGES;
But when I tried to give privileges to another user using user 'test' It is written "Access denied to user test#localhost for table 'x'"
Updated: I found the way by edditing Grant_priv mysql.user is there any syntax for that?
The syntax is WITH GRANT OPTION.
CREATE USER test#localhost IDENTIFIED BY 'test';
GRANT ALL ON *.* TO test#localhost WITH GRANT OPTION;
...
Can someone explain the following command?
mysql> GRANT ALL PRIVILEGES ON *.* TO 'user1'#'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES
This gives the user specified later in the command all privileges.
http://dev.mysql.com/doc/refman/5.7/en/grant.html
ON *.*
Matches everything.
TO 'user1'#'localhost'
The user with name ‘user1’ on localhost which is to be granted the privileges.
WITH GRANT OPTION
The GRANT OPTION privilege enables you to give to other users or remove from other users those privileges that you yourself possess.
https://dev.mysql.com/doc/refman/5.6/en/privileges-provided.html#priv_grant-option
I have created user and grant all permissions, but still not able to connect to the sql using it. Could someone kindly help resolving this?
Steps followed
mysql --user=root mysql;
CREATE USER 'db_user'#'%' IDENTIFIED BY 'password';
CREATE USER 'db_user'#'localhost' IDENTIFIED BY 'password';
CREATE USER 'db_user'#'hostname' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'db_user'#'%' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'db_user'#'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'db_user'#'hostname' WITH GRANT OPTION;
When I try to connect like
mysql -u db_user -ppassword -h 'hostname'
I get this error
ERROR 1045 (28000): Access denied for user 'db_user'#'hostname' (using password: YES)
MariaDB [(none)]> show grants for db_user#'hostname';
GRANT ALL PRIVILEGES ON *.* TO 'db_user'#'hostname' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' WITH GRANT OPTION
1 row in set (0.00 sec)
What is it missing that it is not letting to connect?
Can you confirm again that the hostname is the hostname of the local host?
Can you try these.
DROP USER 'db_user'#'localhost';
DROP USER 'db_user'#'%';
DROP USER 'db_user'#'hostname';
GRANT ALL PRIVILEGES ON *.* TO 'db_user'#'localhost' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'db_user'#'%' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'db_user'#'hostname' IDENTIFIED BY PASSWORD '*2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19' WITH GRANT OPTION;
mysql -u db_user -ppassword -h `hostname`
I have a user called test, and I want to grant process privilege to him.
So far, I have tried:
grant process on *.* to test;
FLUSH PRIVILEGES;
then, I show all grants for user test by running:
show grants for test#'%';
the result does contain a `PROCESS' line like:
GRANT PROCESS ON *.* TO 'test'#'%' IDENTIFIED BY PASSWORD ...
...
...
But it didn't appear to work for user test.
So, how can I grant PROCESS privilege to a user?
This should do:
GRANT PROCESS, SELECT ON *.* ...
mysql> GRANT ALL PRIVILEGES ON mydb.* TO 'myuser'#'%' WITH GRANT OPTION;
Or Try
CREATE USER 'newuser'#'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'newuser'#'localhost';
FLUSH PRIVILEGES;
than Run
SELECT User FROM mysql.user;
you will find the User created by you, if you want to see Privileges of all users than run
SELECT * FROM mysql.user;
Finally to see Grant Information try
SELECT * FROM information_schema.user_privileges;