Recently, I deleted a user account in MySQL assigned to my former boss. Then, some database functions like deleting records from tables he made weren't working, giving the following error:
#1449 - There is no '*username*'#'localhost' registered
Now, I added a new user with the same name (and diff. password) and it works fine with no errors. But, is there way to resolve this without an placeholder user account?
Try replacing the DEFINER of the function
First login to mysql as root#localhost
Then, substitute root#localhost as the DEFINER
UPDATE mysql.proc SET definer='root#localhost'
WHERE definer = '*username*#localhost';
In fact, you can look at all DEFINERs like this:
SELECT COUNT(1) DefinerCount,definer,type
FROM mysql.proc GROUP BY definer,type;
This will show you how many functions and procedures each user owns. If any other the reported DEFINERs no longer exist or are invalid, you can make root#localhost inherit them.
Give it a Try !!!
I had to remove and re-add the triggers for the affected tables. (I used phpMyAdmin to do this).
Related
Within my mysql script,
I am creating a user as follows:
CREATE DATABASE fire;
after creating a table called Table1, privileges are changed
GRANT SELECT ON fire.Table1 TO 'user1'#'localhost';
In this case, fire is hardcoded, however, say in the future, I created a mysql database called called "ice" and I wanted to reuse the script above, but I want the below line to this time grant privileges for fire.TABLE1, but in this case, it is really "ice.TABLE1". How do I make mysql think that "fire" means some other variable without having to change "fire" to "ice" everywhere on my script?
GRANT SELECT ON fire.Table1 TO 'user1'#'localhost';
Do not include the database name in your grant scripts, but issue a use dbname statement to set the default database for your scripts to whatever database you want to work with.
As mysql manual on grant statement says:
If you use ON * syntax (rather than ON .), privileges are assigned at the database level for the default database. An error occurs if there is no default database.
So, your script would look like:
USE fire;
GRANT SELECT ON Table1 TO 'user1'#'localhost';
There is a very strange issue. I have one procedure with a definer named as admin.
There was a case where we had to remove the user "dbadlys". So in order to do so we updated the mysql.proc table with the new account "admin#%" before deletion of account dbadlys and did the flush privileges as well.
I also verified the definer name from information_schema.routines and I saw that new definer name is now admin#%.
Issue:
Even though the definer name was now updated to new name when the code was calling the procedure it was using the old definer name dbadlys and was giving the below error:
The user specified as a definer does not exist
Upon further investigation, I found out that when we reconnect the instance then there was no error, however if we change the definer name and try to execute the procedure again then it doesn't reflect it.
My questions:
Is there anything else which I need to do in this situation or am missing anything?
if there is nothing missing then is there a way that application should see the changes?
Should I restart the application server?
If you have dba privilege, try recreating the SP without definer.
Definers are optional, unless you have a very specific need you don't need to use them.
I am using a hosted web service account that uses cpanel as its management system. When logged into phpmyadmin, I am trying to import an SQL file that contains tables and some procedures.
CREATE DEFINER=`root`#`localhost` PROCEDURE `getClientDashboardStatsMap` (IN `in_userID` INT) BEGIN
SELECT
rl.city,
rl.state,
rl.zip,
rl.longitude,
rl.latitude,
rl.timestamp,
count(rl.ID) as total
FROM
crowd.redemption_log as rl
JOIN
reward as r
ON
rl.rewardID = r.rewardID
WHERE
r.userID = 1
AND
rl.timestamp BETWEEN NOW() - INTERVAL 30 DAY AND NOW()
GROUP BY
rl.city, rl.state, rl.zip
ORDER BY
total DESC;
END$$
When I try to run this, I get an error about needing super user privileges to do so. Doing some searching, people suggested removing the definer line like so:
CREATE PROCEDURE getClientDashboardStatsMap (IN in_userID INT) BEGIN.
While this allows me to complete the import, I am running into another issue. The procedures are getting a default definer of cpaneluser#localhost. However, the database user that is set up is different than this user so the procedure has no permissions for things like select, update, delete. The database user is cpaneluser_dbusername, which is typical for hosted sites like this so you can associate databases with accounts.
How else can I get this procedures to run, under the correct user? I don't see any settings in PHPMYADMIN for privileges in order to run these as a super user.
There are two ways to solve this problem:
Log into phpmyadmin with the database user cpaneluser_dbusername. I am not familar with phpmyadmin and cpanel, so I'm not sure whether they provide you the option to change the user. You should check it out by yourself. I'm using MySQL Workbench and MySQL Administrator, they both privode me this option.
Grant privileges to cpaneluser#localhost. Such as:
GRANT ALL ON db_name.table_name TO 'cpaneluser#localhost';
It's better if you grant each privilege explicitly, e.g.: GRANT SELECT,INSERT,UPDATE,DELETE ON .... Check GRANT Syntax.
I have a table, lets call it student, in a schema called enrollment. Table student has a column called address that I don't want a certain user to update (other permissions are fine such as select, insert). All other columns in that table AND in that schema should have the update privilege.
Is this doable?
You can set privileges on database / table / column. But I really would not try to use MySQL's privilege mechanism at that level. I would instead write application code to decide who can see/change what. This is more flexible in the long run. And more graceful to the user -- instead of getting a cryptic MySQL error message about permissions, the UI would simply not show what should not be shown. For updating, the UI would not even give the user the option.
In my case, I wanted a specific application to be able to update only 1 field (my_field) in only 1 table (table_name) while being able to read the entire database.
I created a special user for that purpose:
CREATE USER 'restrictedUser'#'%' IDENTIFIED BY 'PASSWORD_HERE';
SET PASSWORD FOR 'restrictedUser'#'%' = PASSWORD('PASSWORD_HERE');
GRANT USAGE ON *.* TO 'restrictedUser'#'%';
GRANT SELECT ON DATABASE_NAME.* TO 'restrictedUser'#'%';
GRANT UPDATE (my_field) ON DATABASE_NAME.table_name TO 'restrictedUser'#'%';
Documentation for Column privilege can be found here for mariaDb and here for mysql
In my job, I've been granted access to several databases, but not the same degree of liberty for each of them. A few minutes ago, I was attempting to make an UPDATE operation and I got this error message: Error Code: 1142. UPDATE command denied to user 'clawdidr'#'192.168.1.105' for table 'test_table'.
The DB Admin isn't around to give me the information I'm needing, so I've to figure it out by myself. So, the question that arises here is: Is there a way to verify on my own (with a query or something else) which databases or tables am I able to use for a SELECT, INSERT, UPDATE or DELETE operations?
Try with: SHOW GRANTS FOR CURRENT_USER