Home > Software design >  MySQL GRANT is accepted but not applied
MySQL GRANT is accepted but not applied

Time:11-17

I am baffled. I am creating a database on my development server, and a user for said database. I have done this a million times, but now I am working in MySql 8. Here is what I am attempting:

$ mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Server version: 8.0.27-0ubuntu0.20.04.1 (Ubuntu)

mysql> GRANT ALL PRIVILEGES ON * . * TO 'zak'@'localhost';
Query OK, 0 rows affected (0.01 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> exit
Bye

$ mysql -u zak -p
Welcome to the MySQL monitor.  Commands end with ; or \g.
Server version: 8.0.27-0ubuntu0.20.04.1 (Ubuntu)

mysql> GRANT ALL PRIVILEGES ON wp_zakattack . * TO 'adm_zakattack'@'localhost';
ERROR 1044 (42000): Access denied for user 'zak'@'localhost' to database 'wp_zakattack'
mysql> show grants;
 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 
| Grants for zak@localhost                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `zak`@`localhost`                                                                                                                                                                                                                                                                                                 |
| GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ADMIN,AUTHENTICATION_POLICY_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,FLUSH_OPTIMIZER_COSTS,FLUSH_STATUS,FLUSH_TABLES,FLUSH_USER_RESOURCES,GROUP_REPLICATION_ADMIN,GROUP_REPLICATION_STREAM,INNODB_REDO_LOG_ARCHIVE,INNODB_REDO_LOG_ENABLE,PASSWORDLESS_USER_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SHOW_ROUTINE,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,XA_RECOVER_ADMIN ON *.* TO `zak`@`localhost` |
 --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 
2 rows in set (0.00 sec)

I know I could just as easily do this as root .. But when this goes to production, I disable the root user, and these actions are handled by a bash script that uses the config editor for password-less login. IE mysql --login-path=data-main So I need user 'zak'@'localhost' to be able to GRANT to specific users and tables. Is there something glaring that I am missing?

CodePudding user response:

You didn't give zak the privilege to grant privileges. That's not included in ALL PRIVILEGES.

mysql> GRANT ALL PRIVILEGES ON *.* TO 'zak'@'localhost' WITH GRANT OPTION;
Query OK, 0 rows affected (0.01 sec)
  • Related