In my job, I've been granted access to several databases, but not the same degree of liberty for each of them. A few minutes ago, I was attempting to make an UPDATE operation and I got this error message: Error Code: 1142. UPDATE command denied to user 'clawdidr'#'192.168.1.105' for table 'test_table'.
The DB Admin isn't around to give me the information I'm needing, so I've to figure it out by myself. So, the question that arises here is: Is there a way to verify on my own (with a query or something else) which databases or tables am I able to use for a SELECT, INSERT, UPDATE or DELETE operations?
Try with: SHOW GRANTS FOR CURRENT_USER
Related
I have a table, lets call it student, in a schema called enrollment. Table student has a column called address that I don't want a certain user to update (other permissions are fine such as select, insert). All other columns in that table AND in that schema should have the update privilege.
Is this doable?
You can set privileges on database / table / column. But I really would not try to use MySQL's privilege mechanism at that level. I would instead write application code to decide who can see/change what. This is more flexible in the long run. And more graceful to the user -- instead of getting a cryptic MySQL error message about permissions, the UI would simply not show what should not be shown. For updating, the UI would not even give the user the option.
In my case, I wanted a specific application to be able to update only 1 field (my_field) in only 1 table (table_name) while being able to read the entire database.
I created a special user for that purpose:
CREATE USER 'restrictedUser'#'%' IDENTIFIED BY 'PASSWORD_HERE';
SET PASSWORD FOR 'restrictedUser'#'%' = PASSWORD('PASSWORD_HERE');
GRANT USAGE ON *.* TO 'restrictedUser'#'%';
GRANT SELECT ON DATABASE_NAME.* TO 'restrictedUser'#'%';
GRANT UPDATE (my_field) ON DATABASE_NAME.table_name TO 'restrictedUser'#'%';
Documentation for Column privilege can be found here for mariaDb and here for mysql
I wrote a spreadsheet to SQL query converter just now in JavaScript. The converter works fine, here is an example of what it spits out:
CREATE TABLE something(column1 varchar(3000),column2 varchar(3000),column3 varchar(3000));
INSERT INTO something VALUES(a1,a2,a3);
INSERT INTO something VALUES(b1,b2,b3);
INSERT INTO something VALUES(c1,c2,c3);
As far as I can tell, that is a valid SQL query (but maybe I'm wrong...). When I copy and paste this query into the 'SQL' tab in the MySQL database I created, I get this error message:
#1046 - No database selected
I thought perhaps it needed the name of the database (excel), so I tried adding the name of the database like so:
CREATE TABLE excel.something(column1 varchar(3000),column2 varchar(3000),column3 varchar(3000));
INSERT INTO something VALUES(a1,a2,a3);
INSERT INTO something VALUES(b1,b2,b3);
INSERT INTO something VALUES(c1,c2,c3);
and I get this:
#1142 - CREATE command denied to user '(my SQL information was here but I removed it)' for table 'something'
What is it that I'm missing? I've run other queries directly in MySQL before without issue, but I can't seem to run this CREATE query. Worst case scenario, I could manually create the table before hand, but that defeats the purpose of automating the process...
Insert use something; before your query.
And for your denied access problem do this:
GRANT ALL ON something TO user#'%' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
In phpmyadmin I want to grant users to create and delete databases but this access should be limited to a specific prefix.
My users have 3 different accounts on PhpMyAdmin: username_ro (for only reading), username_rw (for reading and writing) and username_admin (for creating other databases and tables into their account)
I want them to be able to create a database username_website but I don't want them to be able to create database theother_website. They should also be able to drop username_website but unable to drop theother_website
How can I do this with sql or PhpMyAdmin.
Thanks in advance.
With some trial and error I have found a solution. By doing this query I was able to create and drop database username_website but I wasn't able to create or drop database theother_clients
GRANT ALL PRIVILIGES
ON `username\_%`.*
TO 'username_admin'#'localhost';
PS. the query is a little edited. I changed the rights I actually gave with ALL PRIVILIGESand I changed the actual username with username.
Recently, I deleted a user account in MySQL assigned to my former boss. Then, some database functions like deleting records from tables he made weren't working, giving the following error:
#1449 - There is no '*username*'#'localhost' registered
Now, I added a new user with the same name (and diff. password) and it works fine with no errors. But, is there way to resolve this without an placeholder user account?
Try replacing the DEFINER of the function
First login to mysql as root#localhost
Then, substitute root#localhost as the DEFINER
UPDATE mysql.proc SET definer='root#localhost'
WHERE definer = '*username*#localhost';
In fact, you can look at all DEFINERs like this:
SELECT COUNT(1) DefinerCount,definer,type
FROM mysql.proc GROUP BY definer,type;
This will show you how many functions and procedures each user owns. If any other the reported DEFINERs no longer exist or are invalid, you can make root#localhost inherit them.
Give it a Try !!!
I had to remove and re-add the triggers for the affected tables. (I used phpMyAdmin to do this).
You may notice from my last question that a problem caused some more problems, Reading MySQL manuals in MySQL monitor?
My database is now unusable partly due to my interest to break things and my inability to look at error messages. I know that I should not reuse primary keys, but I would like to use them again after the removal of the database that I deteriorated. So
How can I correctly remove a MySQL database?
From the MySQL prompt:
mysql> drop database <db_name>;
If your database cannot be dropped, even though you have no typos in the statement and do not miss the ; at the end, enclose the database name in between backticks:
mysql> drop database `my-database`;
Backticks are for databases or columns, apostrophes are for data within these.
For more information, see this answer to Stack Overflow question When to use single quotes, double quotes, and backticks?.
If you are using an SQL script when you are creating your database and have any users created by your script, you need to drop them too. Lastly you need to flush the users; i.e., force MySQL to read the user's privileges again.
-- DELETE ALL RECIPE
drop schema <database_name>;
-- Same as `drop database <database_name>`
drop user <a_user_name>;
-- You may need to add a hostname e.g `drop user bob#localhost`
FLUSH PRIVILEGES;
Good luck!
drop database <db_name>;
FLUSH PRIVILEGES;
I needed to correct the privileges.REVOKE ALL PRIVILEGES ONlogs.* FROM 'root'#'root'; GRANT ALL PRIVILEGES ONlogs.* TO 'root'#'root'WITH GRANT OPTION;
For Visual Studio, in the package manager console:
drop-database
If you are working in XAMPP and your query of drop database doesn't work then you can go to the operations tag where you find the column (drop the database(drop)), click that button and your database will be deleted.