Environment: Ubuntu 11.10, MySQL 5.1.58
I have a small database with views. When I try to dump and restore, I get
ERROR 1356 (HY000) at line 1693: View 'curation2.condition_reference_qrm_v' references invalid table(s) or column(s) or function(s) or definer/invoker of view lack rights to use them
However, I can connect to the partially-restored database and create the view myself. Therefore, I suspect that the error message results from an issue unrelated to the view itself (but rather how it's restored, perhaps).
Here's the simple approach I use to demonstrate the problem:
MYSQL_PWD='xxx' mysqldump -u root --routines -B curation \
| perl -pe 's/`curation`/`curation2`/' \
| MYSQL_PWD='xxx' mysql -u root
There are many other reports online of similar problems. The mysqldump man page has a cryptic note about bugs with backing up views, but it's written as a historical problem rather than a current one.
So, the question is: Can MySQL reliably restore backups that contain views or not? If it can, how? If not, what do people do as a workaround?
Thanks,
Reece
This question is a bit old, but I've just wasted a couple of hours trying to solve the exactly same issue, so I guess a clear explanation could come in handy to someone in the future...
To cut to the chase: The problem is in the DEFINER field in your mysql dump. It looks something like:
/*!50013 DEFINER=`some_user`#`localhost` SQL SECURITY DEFINER */
The problem is that this *some_user#localhost* will always be hardcoded to the user account that was used to create the view in the original DB and NOT the user that you've used to export or import the database as one would expect (or at least I did). And later, during the import, this user will be used to re-create the view.
So you can export/import as root, but if the original DB is running under another user and it has no CREATE VIEW rights in the new database, the import will fail.
You have two simple solutions:
Search and replace all references to some_user#localhost in your dump file with your new user (the one you use to import the dump, e.g. root#localhost)
Or you can grant *some_user* appropriate rights on the new database so that views can be created under his account
Either way will fix the problem, but I think the first approach is way better and cleaner, as you don't have to worry about multiple users in the future.
What I found to solve the problem is to use the 'sql security invoker' when creating the view initially.
create or replace sql security invoker view <VIEW_NAME> as select ...
It defines access to the view by the invoker, and not the definer.
Then when the dump file is loaded, the view is create correctly.
With Amazon RDS:
To make this work with Amazon RDS, which does not allow super priv (which is needed to do the above) one can run this command to on the dump file:
# Remove DEFINER statement from VIEWS in Dump file
sed -i 's/\sDEFINER=`[^`]*`#`[^`]*`//' $DUMPFILE_NAME
Then when the dump file is loaded into an RDS, the view is create correctly.
I found the problem in my case. I'm unsure that it solves similar reports on the web.
This was fundamentally a permission problem that resulted from trying to copy this database to a new name. Permissions didn't exist for this user and schema (locus on curation2). I manually added 'GRANT ALL ON curation2.* TO locus' (locus is the user reported in the error). After doing this, the above command line worked fine.
The lesson is that one must manually grant necessary permissions to the destination database and tables when creating a new database.
Couple of things:
1.) Yes, you can create the views using some client BUT perhaps the owner of the tables is not the owner of the view, which leads to
2.) Usually, doing backups of views in mysql includes some "useless garbage" like
create algorithm xxx definer=<USER> sql security view <view_name> as ....
and that user often includes the IP or machine name the user logged on when creating the view... SO, the view won't create properly. Check that out, might help you.
Related
I sort of have a heart attack of a problem. I had a non-root utility user in mysql that used to be able to see all the databases, tables, etc. on the mysql instance. The user was also able to insert records, delete records, create tables, etc. too. This user is used by scripts to edit records, or view the data as someone who's not root via phpmyadmin.
I don't know how Django fits into this or if it was even the cause but a contractor needed access to the db to work on their project we asked them to work on. They said they were using Django and needed to create some auth tables in the database (auth_group, auth_user, auth_user_groups, etc.)
However, after they added their tables for Django, that utility user can't see anything except the "information_schema" database.
Luckily, I checked using the root user in mysql and can see the databases but somehow, I still cant see the databases with the non-root user. I don't see anything that jumps out at me permissions-wise in the "user" table in mysql so I'm not sure how to fix this problem. I want to see what commands the contractor ran to get us into this situation to tell them not to do this again.
I was going to check the .mysql_history file in the unix root user directory but the funny thing is the file is dated from 3 weeks ago so it doesn't look like this will yield any info on what was run.
So, back to my original question, where can I see a history of mysql commands that were run on mysql so I can figure out what happened or what was run to get us into this funny situation?
I'm right now trying to upload a 1.3gig sql text file to phpmyadmin and each time I do it I get the following issue.
my issue
I've already tried splitting the file and editing out the CREATE DATABASE line but each time I try opening it in notepad, notepad++ and emeditor I get a bunch of random characters, clearly there's an issue with the encoding. It's not something I can easily export since another company handles that and I have no access to it. I don't care how my SQL text file is opened, I just need a way to view it and I can't find one.
Thanks for any help you can provide!
ISSUE IS SOLVED!!!
You're trying to create and then write the database named mysql. You Can't Do Thatâ„¢.
You should treat that database, and the information_schema and performance_schema databases, as readonly. They provide ways to retrieve information about the server via SELECT operations. Except in very specific special cases, writing those databases will at best do nothing and at worst trash your server. MySQL tries to prevent you from doing damage by throwing privilege errors when you try to alter those databases.
In a comment you mention that you are confident you can fix an issue with your system via the mysql data base. With respect, that's entirely incorrect.
I am using windows terminal to create a simple database. I was wondering is the code used saved anywhere or do I have to save it? And how? I need to save the code I used for creating the database that's why I'm asking.
If you are talking about SQL Server, you can script out the database you created - just right click on the database in Management Studio, and script away!
Yes, you should save your work. Most tools don't save your indentation, they often format the sql in their own way - sometimees as
CREATE TABLE user#host.dbname.table AS ...
so it works to reconstruct your database, but isn't well readable. The worst thing I ever saw was what MsAccess did to my Input in the SQL-Window (but it was 15 years ago).
In MySQL you can use SHOW CREATE TABLE xxx to see the definition for your table(s).
Using mysqldump can help you create an sql file which you can later run to create a DB identical to yours.
It has many useful options you can read about here.
For your case it seems you need the schema only, without the data - see a how-to here. Basically all you need is the command:
mysqldump --no-data -u Username -pPassword mydatabase
From phpMyAdmin, I was exporting the functions/procedures used by the user assigned to a particular database and 3 functions didnt get exported because they were created by the 'superadmin'.
I was able to see these functions within
localhost > database_name -> Structure -> Routines
BUT, I was not able to modify their structure or export them.
The problem was happening because these 3 functions were created by the superuser. When exporting from the superuser account, everything got exported properly.
My question is: as a process, how can I ensure that this doesn't happen again in the future - that someone accidentally creates it as a superadmin (and the site would continue to work fine), but when we try exporting it, the function doesnt get exported (and the new site would stop working).
Restricting access to the superuser account would be the first step I would take. By restricting superuser access you guarantee that no one makes that mistake again. Is there a reason someone would need to be in the database working as a superuser?
I am running several schemas on a single mysql server. One of the schemas has an underscore in its name ("some_name"), and the rest don't. I noticed that in the Admin GUI I am seeing 2 schemas that represent the same one, with one having an escape character before the underscore - so in the schema list I see:
schema1
schema2
some_name
some\_name
schema3
....
I have no idea how it gets there, and though I tried to, I cannot remove/drop it because it doesn't show up when running mysql from the console. The problem arises when I have to grant users permission on both schemas to enable them to access and manipulate data on either. This is really messed up and I am looking to understand how/why this happens and how this could be avoided (other than renaming the schema to remove the underscore). thanks
You might want to check your datadir folder. Any folder/director in your datadir will show up as a database on MySQL even if it is not really a database. I often encounter 'backup' database because we use that folder as backup.
SHOW VARIABLES LIKE 'datadir';