in mysql, set permission to connect mysql command line - mysql

creating users through mysql admin, but unable to login mysql command line
following on-line suggestions, as root issued
grant all on *.* to new_user;
it worked, but security-wise was a mess, so issued
revoke all on *.* from new_user;
now new_user can still connect, but security is sane as set in mysql admin
to me this is thoroughly hocus-pocus. what's really going on, and how do you really enable login?
this seems to be a MySQL Administrator problem (thanks #marco). if the same GRANT is issued in mysql command line, the user can log in; but it the grant is issued in Administrator, the user cannot log in.
as #marco pointed out, any access will grant mysql login access to the user, eg, SELECT privileges - but they need to be entered in msql command line.

That's because when you first use GRANT, user is created automatically; when you revoke privileges, user remains...
Check this link.
First you should give your user only the privileges he really needs.
Second: give the user access only to db or tables he should see/work on.
Example:
GRANT SELECT,INSERT,UPDATE ON mydb.* TO 'jeffrey'#'localhost';
or
GRANT SELECT ON db2.invoice TO 'jeffrey'#'localhost'
IDENTIFIED BY PASSWORD 'sdsd';
EDITED:
Just to prove what I'm saying:
enter mysql console (mysql -u root -p) and type
USE mysql;
SELECT * FROM user;
You'll see users MySql has inside.
Well, now use GRANT as you please on a user which does not exists yet; then repeat SELECT * FROM user;: you'll see new user created!!

Related

How to give all privileges to a new user that I created 'user#%'

I switch to MySQL 8 recently; earlier I was using MySQL 5.7 in GCP. I know questions like this have already been asked, but I didn't have any luck. My question is, I want to create a new user just say 'user1' and grant all privileges to a user account on all databases.
The query I am using for user creation:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
For privileges:
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
This privileges query used to work on MySQL 5.7, but when I try to run this query in MySQL 8, I get this error (I logged in as root user and MySQL is in GCP):
SQL Error (1045): Access denied for user 'root'#'%' (using password: YES)
I also tried to run this query one after another like this:
CREATE USER 'user-1'#'%' IDENTIFIED BY 'user_password';
GRANT ALL PRIVILEGES ON *.* TO 'user-1'#'%';
But still I get the same error. I came to know that in MySQL 8 localhost root user have all the privileges, but my server is in Google Cloud, so how can I grant all the privileges to the user I created?
When I run this query in the mysql-8 (I am using HeidiSQL to connect the DB and run query)
SELECT * FROM mysql.user;
I got this output:
In this there are two root users:
For one host is localhost/127.0.0.1 (With all the privilege).
For other host is % (Not have any privilege).
I think I logged in as a user with host-% because my server is in GCP, that's why I cannot give any privilege to the user that I have created. So is there any way to give full permission to the
root#%
so that I can give full permission to the other users, Because I don't think there is any way to log in as a root#localhost
The problem here is that you are trying to create a super user, which is not something supported in cloud SQL, as you can see in this documentation:
Cloud SQL does not support SUPER privileges, which means that GRANT ALL PRIVILEGES statements will not work. As an alternative, you can use GRANT ALL ON %.*.
This alternative mentioned could be enough to grant the permissions you expected.

Set privilages to certain database for newly created user

I have foo_bar_test database existing on my mysql server on host 127.0.0.1.
But there's no user that can access it but root, and I don't want to use root user anywhere in my code. So I created new user, fb_test, and granted him privileges for this database:
create user fb_test#'127.0.0.1' identified by password 'some_password';
grant all on 'foo_bar_test.*' to fb_test#'127.0.0.1';
flush privileges;
Ok, that should work, but when I log in as this user, I don't have any database available!
What's wrong?
I checked it using show grants for fb_test#'127.0.0.1', but it shows some strange results:
grant usage on *.* to fb_test#'127.0.0.1' identified by password '*another_password_dont_know_which_one'
How do I solve this?
you have an error in grant statement. Use the query:
grant all on 'foo_bar_test'.* to fb_test#'127.0.0.1';
In fact your grant command results an error which I think you ignored.

How to give superuser privileges to MySQL?

I have a MySQL database which is hosted in Azure, and I'm accessing it through MySQL Workbench in my laptop. The point is that when I want to execute some commands I get error message saying I don't have enough privileges. I tried to access the Users and Privileges section in MySQL Workbench, but I got the message saying:
The account you are currently using does not have sufficient
privileges to make changes to MySQL users and privileges.
Where can I give superuser privileges, so that I can execute every command from my MySQL Workbench?
The privileges is only related to the user, the client you use has
nothing to do with it, so whether you use a workbench or a CLI, it
does not matter.
In MySQL privileges are arranged to different "user", and "user" are composed by "username" and "host" (from where you login the mysql), so basically, a user in mysql who own specific privilege looks like:
'foo'#'192.16.22.231', 'bar'#'10.3.243.%' ..
How to improve all the privileges to a specific user? do this as a super user:
GRANT ALL PRIVILEGES ON \*.* TO YOUR_USER
super user is usually 'root'#'127.0.0.1', since you have to grant to your specific 'user', you have to know the IP address from which you login
If you think above is a little complicated and your mysql is just fast-installed and simple configured, you can just try this and maybe it helps:
login as 'root' or mysql
execute this:
GRANT ALL PRIVILEGES ON \*.* TO 'your_user'#'%';
Execute SELECT * FROM mysql.user WHERE user = 'your account'\G in your client. If All the priv column is 'Y', your account has superuser privileges.
You can also try UPDATE mysql.user. Then, execute flush privileges; to make your changes effective.
Execute GRANT ALL PRIVILEGES ON \*.* TO 'your_user'#'%'; to add a new superuser privilege account.
If all the above operations are not allowed, please call the Azure support. In cloud database, some system databases may be not be allowed to access.
I had solved this issue by doing:
UPDATE mysql.user SET Grant_priv = 'Y' WHERE User = 'root';
This can be "dangerous" if you do not know what are you doing ;-)

MySql grant user permission

I want to create a new user in MySql. I do not want that new user to do much with my existing databases [I just want to grant Select privilege to him], but he can do anything and everything with a new database which he creates.
Firstly, is there a way to grant permission as per the database owner? If it is possible, then that is the ideal thing I am looking for. And if not, then how do I restrict a particular user from accessing [only Select privilege] some specific database only, allowing him to do anything he wants with the remaining ones?
From the MySQL grant documentation:
CREATE USER 'jeffrey'#'localhost' IDENTIFIED BY 'mypass';
GRANT SELECT ON *.* TO 'jeffrey'#'localhost';
GRANT ALL ON db1.* TO 'jeffrey'#'localhost';
The first command creates the user. The second grants select on all databases and tables. The third command grants all access to all tables in db1.
Is there anything else specific you are looking to do?
To provide a specific user with a permission, you can use this framework:
GRANT [type of permission] ON [database name].[table name] TO ‘[username]’#'localhost’;
GRANT ALL PRIVILEGES ON * . * TO 'newuser'#'localhost';
The asterisks in this command refer to the database and table (respectively) that they can access—this specific command allows to the user to read, edit, execute and perform all tasks across all the databases and tables.
Once you have finalized the permissions that you want to set up for your new users, always be sure to reload all the privileges.
FLUSH PRIVILEGES;
For more about permission you can read this article
https://www.digitalocean.com/community/articles/how-to-create-a-new-user-and-grant-permissions-in-mysql
For the list of permissions, see the MySQL Manual page Privileges Provided by MySQL.
Open mysql command prompt.
To create a new user when host is localhost then use this command
CREATE user 'test_user'#'localhost' identified by 'some_password';
for any host use %, like this
CREATE user 'test_user'#'%' identified by 'some_password';
Once the user is created, you need to Grant some access. Use following command for this.
GRANT SELECT,INSERT,UPDATE
ON database_name.table_name
TO 'test_user'#'localhost';
After successful execution of above query, test_user can select, insert and update in table_name (name of table) of database_name (name of database).
grant privilege is given in data base like this
grant privilege on object to user
object is any data base table or relation and user might be the whom the privilege is provided to him.
Example
grant select,insert,update,on object name to user name
grant select on employee to john with grant option;
revoke delete on employee from john.

How to create users in MySQL4

I tried using the "create user" command in a MySQL4 database (something similar to what is available in the MySQL5 docs), but it failed. Can someone provide me the right syntax?
Users are created the first time you GRANT them a privilege.
From http://dev.mysql.com/doc/refman/4.1/en/grant.html :
The GRANT statement creates MySQL user accounts and grants rights to accounts.
So, let's say you have a database "mydb", with a table "mytable". If you want to create a user "jason", with the password "pwd123!" who has SELECT privileges on this table, you can do this:
grant select on mydb.mytable to 'jason'#'hostname' identified by 'pwd123!';
The usual caveats about hostname apply.
If you want to give jason full permissions on mydb:
grant all on mydb.* to 'jason'#'hostname' identified by 'pwd123!';
Important note: every time you use identified by, you're changing the password for that user/hostname, so you you will typically only use this syntax when creating a user!