A few weeks ago I had some problem moving my MySQL database. I copied it from one server to another. Now there is something wrong with the privileges.
I can create users, databases etc when logged in as root, but I can't change users privileges, which is not good as I don't want to give my script route access.
The error I get is ..
GRANT ALL PRIVILEGES ON `newdatabase` . * TO 'newuser'#'localhost' WITH GRANT OPTION ;
MySQL said:
#1044 - Access denied for user 'root'#'%' to database 'newdatabase'
So I did some reading and it appears my information_schema might be bust. The suggestions were to run flush tables on there which I have done via phpmyadmin and mysqladmin but this hasn't helped.
Any ideas?
Thanks
Possible root cause:
GRANT fails, because root#% does not have all privileges on newdatabase.*.
In short, you can only grant privileges you have in the first place.
This has nothing to do with the information schema.
Check which privileges root#% has.
Related
I have been trying to drop some of my views in my google cloud database
I ran into this error:
ERROR 1227 (42000) at line 74225: Access denied; you need (at least one of) the SYSTEM_USER privilege(s) for this operation
Based on this document: https://www.labnol.org/code/revoke-grant-permissions-mysql
I ran this query SHOW GRANTS FOR root and I got
'GRANT USAGE ON *.* TO `root`#`%`'
'GRANT `cloudsqlsuperuser`#`%` TO `root`#`%`'
I tried to revoke privileges with this command REVOKE ALL PRIVILEGES, GRANT OPTION FROM root but again I ran into another error 'Error Code: 1269. Can't revoke all privileges for one or more of the requested users'
Is there any solution for how can I grant the user privileges in order to drop tables?
Did I miss something in these commands?
Could you please confirm if you altered the users on that instance before?
Also, could you try to do this on a fresh instance, to see if you get the same behavior.
Create a totally new, fresh database instance with v5.7.
Connect to the database as root#%.
Run the Insert/Delete/Drop query and see.
I switch to MySQL 8 recently; earlier I was using MySQL 5.7 in GCP. I know questions like this have already been asked, but I didn't have any luck. My question is, I want to create a new user just say 'user1' and grant all privileges to a user account on all databases.
The query I am using for user creation:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
For privileges:
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
This privileges query used to work on MySQL 5.7, but when I try to run this query in MySQL 8, I get this error (I logged in as root user and MySQL is in GCP):
SQL Error (1045): Access denied for user 'root'#'%' (using password: YES)
I also tried to run this query one after another like this:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
But still I get the same error. I came to know that in MySQL 8 localhost root user have all the privileges, but my server is in Google Cloud, so how can I grant all the privileges to the user I created?
When I run this query in the mysql-8 (I am using HeidiSQL to connect the DB and run query)
SELECT * FROM mysql.user;
I got this output:
In this there are two root users:
For one host is localhost/127.0.0.1 (With all the privilege).
For other host is % (Not have any privilege).
I think I logged in as a user with host-% because my server is in GCP, that's why I cannot give any privilege to the user that I have created. So is there any way to give full permission to the
root#%
so that I can give full permission to the other users, Because I don't think there is any way to log in as a root#localhost
The problem here is that you are trying to create a super user, which is not something supported in cloud SQL, as you can see in this documentation:
Cloud SQL does not support SUPER privileges, which means that GRANT ALL PRIVILEGES statements will not work. As an alternative, you can use GRANT ALL ON %.*.
This alternative mentioned could be enough to grant the permissions you expected.
I had no problems making a test MySQL server and applying permissions a week ago with their MySQL 5.7, but trying out the new 8.0 version, I can't seem to alter permissions as easily, if at all. I'm logged in as root remotely, but a local cloud shell instance does the same.
I'm trying to create a new user that only has access to one database, but I can't seem to get past the part where I revoke all default permissions first.
My method:
CREATE USER 'test_user'#'%' IDENTIFIED BY '{password}';
Gives no error. (I've also tried creating a user through GCP's admin panel)
SHOW GRANTS FOR 'test_user'#'%'; returns GRANT USAGE ON *.* TO `test_user`#`%` (I assume this means the new user has full permissions?)
Then, trying to remove all privileges to start fresh with the user,
REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'test_user'#'%';
shows:
Error: UNKNOWN_CODE_PLEASE_REPORT: Access denied for AuthId `root`#`%` to database 'mysql'.
I'm pretty new to Mysql, so I'm unsure if this is my fault or just a bug. Thank you!
First, I would like to point out that GRANT USAGE ON *.* TO test_user#% means the inverse, it means that the user has no privileges ! ( more info: Mysql Reference )
Secondly, I think that's what causing the error is the ALL PRIVILEGES keyword, it may have been removed in v8.0, so just go straight after user creation and grant him the privileges that you want on a table/database.
I have four websites, each of which were being accessed with a singular username/password which had privileges on all of the databases.
However, for security reasons, I've finally set up a new user for each site, with each user only having access to the necessary database. Here is the code that I used to create the user and grant privileges for one particular database -
CREATE USER 'wedding1'#'localhost' IDENTIFIED BY 'somepass';
GRANT ALL PRIVILEGES ON wedding1.localhost TO 'wedding1'#'localhost';
However, when I log in to PHPMyAdmin using the credentials for the user I just created, the database is shown as expected but none of the tables are listed.
No entries are placed in my logs and I have tried to FLUSH PRIVILEGES;
Am I missing something from the above lines that could be causing this behaviour? Thanks.
You only granted privileges on a table called localhost within wedding1 DB. I am guessing this is not what you want. Change your grant statement as follows:
GRANT ALL PRIVILEGES ON wedding1.* TO 'wedding1'#'localhost';
creating users through mysql admin, but unable to login mysql command line
following on-line suggestions, as root issued
grant all on *.* to new_user;
it worked, but security-wise was a mess, so issued
revoke all on *.* from new_user;
now new_user can still connect, but security is sane as set in mysql admin
to me this is thoroughly hocus-pocus. what's really going on, and how do you really enable login?
this seems to be a MySQL Administrator problem (thanks #marco). if the same GRANT is issued in mysql command line, the user can log in; but it the grant is issued in Administrator, the user cannot log in.
as #marco pointed out, any access will grant mysql login access to the user, eg, SELECT privileges - but they need to be entered in msql command line.
That's because when you first use GRANT, user is created automatically; when you revoke privileges, user remains...
Check this link.
First you should give your user only the privileges he really needs.
Second: give the user access only to db or tables he should see/work on.
Example:
GRANT SELECT,INSERT,UPDATE ON mydb.* TO 'jeffrey'#'localhost';
or
GRANT SELECT ON db2.invoice TO 'jeffrey'#'localhost'
IDENTIFIED BY PASSWORD 'sdsd';
EDITED:
Just to prove what I'm saying:
enter mysql console (mysql -u root -p) and type
USE mysql;
SELECT * FROM user;
You'll see users MySql has inside.
Well, now use GRANT as you please on a user which does not exists yet; then repeat SELECT * FROM user;: you'll see new user created!!