I have a user in MySQL with the following privileges:
GRANT USAGE ON *.* TO 'certain_db'#'192.168.1.1' IDENTIFIED BY PASSWORD '****'
GRANT ALL PRIVILEGES ON `certain_db`.* TO 'certain_db'#'192.168.1.1'
If I drop this database, do I maintain the right to create it afterwards?
Yes. All information related to user access, privileges, etc is stored in a database named 'mysql'. Information related to database privileges is stored in table 'db'. When you drop a database your privileges over it are not deleted.
So, if you want to create a database with the SAME name later you will be able to.
Related
I install phpMyAdmin on my subdomain for my clients to access their Databases, Because I can't give my Cpanel Login to them.
But my problem is when they need to create a new database, they can't do it from phpMyAdmin and they face this error
ALTER USER 'root'#'localhost' IDENTIFIED WITH mysql_native_password BY
'root';
And I try to create a DB using phpMyAdmin, login from cPanel but I had the same error.
No worry I can create and manage user and DB from cPanel, But the problem is I have to create a database myself when my client needs DBS.
So has I have an option for this, any type?
In your case, this error means the MySQL user does not have the required privilege to create a database. These are some options you could do:
Grant their user all privileges on all databases (not recommended):
GRANT ALL PRIVILEGES ON . TO 'sserver_sserver'#'localhost';
Create the database yourself and give their user all privileges on that specific database:
CREATE DATABASE my;
GRANT ALL PRIVILEGES ON my.* TO 'sserver_sserver'#'localhost';
Give their user all privileges to databases beginning with a certain prefix such as their business name which will allow them to create and work on as many databases as they need:
GRANT ALL PRIVILEGES ON 'businessname_%'.* TO 'sserver_sserver'#'localhost';
I'm logged into a MariaDB instance as a user admin. The admin user has got the GRANT and CREATE privileges because it is supposed to add new users to the instance, with non-global privileges for particular databases. The admin user misses DROP and DELETE privileges on purpose because I don't want him to be able to delete data by accident. On the other hand, I want users created by the admin user to have DROP and DELETE privileges on particular tables.
By default, MariaDB doesn't allow me to create users that have a privilege that admin hasn't at all. I see the security consideration here, since users could easily exploit that right and create users with more "power". But is there any possibility to achieve my desired behaviour in MariaDB/MySQL?
Try this one on your linux console:
mysql -u root -p
Then your root password.
First we create the database ( yes database first)
CREATE DATABASE newdatabase;
Then we create the newuser with GRANT only for THIS newdatabase:
GRANT ALL PRIVILEGES ON newdatabase.* TO newuser#'%' IDENTIFIED BY 'any_password';
flush privileges;
exit
I'm creating a SAAS website, and every new account creation should have :
a new database created for it dynamically from my php code ,
a new MySQL user created dynamically from my PHP code and granted with privileges over the new database.
My question is: How can I create a MySQL user who have privileges to do these actions , ( create db, create users, grant privileges).
But It's important to note: I want this MySQL user to not be able to show or manipulate any other database not created by him.
Note: I have a server with WHM access.
To enable the new user called userguy to create other users on database db
create the user
CREATE USER 'userguy'#'%' IDENTIFIED BY 'password';
he needs reload on global rights
GRANT CREATE USER, RELOAD ON *.* TO 'userguy'#'%';
then whatever rights you want to give him on db
GRANT EXECUTE, SELECT, SHOW VIEW, ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP, EVENT, INDEX, INSERT, REFERENCES, TRIGGER, UPDATE, LOCK TABLES ON `db`.* TO 'userguy'#'%' WITH GRANT OPTION;
and flush at the end
FLUSH PRIVILEGES;
this should do the job.
UPDATE:
I am sorry, I have not read attentive the question (blame the coffee). If the user should also create new databases he also needs the global CREATE right, and for creating user for the DBs created by him he also needs CREATE USER
GRANT CREATE, CREATE USER, SELECT, RELOAD ON *.* TO 'userguy'#'%';
In my opinion there is no need for global GRANT privileges
I have found the main answer to my problem in the following link:
https://stackoverflow.com/a/13041542/9419598
By using :
GRANT ALL PRIVILEGES ON testuser_% . * TO 'testuser'#'%';
this will allow the testuser to create databases starting with testuser_ and will have al priviledges over them
And he will not have privileges over other databases.
And I can grant him the create user privilege
This does the stuff.
This is a recurring problem for some reason...
Using mysql 5.5, I am simply trying to create a user that can connect to the database remotely, have access to all databases, and create databases.
I have created a user using:
create user 'dev'#'%' identified by 'abcdefg';
then granted all permissions using:
GRANT ALL ON *.* to 'dev'#'192.168.%' IDENTIFIED BY 'abcdefg' WITH GRANT OPTION;
and the result is that the user cannot create databases, and can only see information_schema database for some reason.
Databases
Create database: Documentation
No Privileges
Database Ascending
information_schema
Total: 1
Does anyone know why this might be happening?
after you create user and grant it permissions, you need to flush privileges(when you are logged in with root user)
FLUSH PRIVILEGES;
I want to have multiple a MySQL users to be able to issue commands like
CREATE DATABASE dbTest;
But I also want each of these users to be able to see and access only their own databases.
All I could find was how to either create the databases by a DBA and grant the privileges on this database to the specific user:
GRANT ALL PRIVILEGES ON dbTest.* TO 'user';
or grant privileges on all databases to a user:
GRANT ALL PRIVILEGES ON *.* TO 'user';
But neither is what I want, because it needs to scale and be secure.
You can use
GRANT ALL PRIVILEGES ON `testuser\_%` . * TO 'testuser'#'%';
to grant the user testuser privileges on all databases with names beginning with testuser_.
This allows the testuser to create databases limited to names starting with testuser_
You can use
GRANT ALL PRIVILEGES ON `testuser_%` . * TO 'testuser'#'%';
to grant the user testuser privileges on all databases with names beginning with testuser_.
EDIT: I'm not sure if this user is now also allowed to create databases.
Yes, this allows the testuser to create databases limited to names starting with testuser_
Create a stored procedure that is defined by the admin user and invokes with the admin user privileges by using SQL SECURITY DEFINER. In the stored procedure,
Create the database.
Set the privileges on the database so only the current user has access.
Execute FLUSH PRIVILEGES to reload the privileges from the grant tables.
Use USER() to get the current user login details.
Find out more about SQL SECURITY DEFINER.
It is impossible to do this using permissions only .
The workaround as suggested in another answer:
GRANT ALL PRIVILEGES ONtestuser_%. * TO 'testuser'#'%';
has the problem that the users must then be very careful in naming their databases.
For example if user aaa creates database bbb_xyz, it can then be accessed exclusively by user bbb but not by user aaa.