RE: Privileges question.
Nevermind, I had a lingering entry in the db table. Once I deleted that it worked as expected. Denise Lopez UCLA Center for Digital Humanities Network Services Systems Engineer 337 Charles E. Young Drive East PPB 1020 Los Angeles, CA 90095 310/206-8216 -Original Message- From: Lopez, Denise [mailto:[EMAIL PROTECTED] Sent: Thursday, April 05, 2007 4:08 PM To: mysql@lists.mysql.com Subject: Privileges question. Hi all, I am trying to create a user with only SELECT,INSERT,UPDATE,DELETE privileges on a database. My question is when I type show grants for the user I create, it says the user has full privileges over the database and I only want them to have the ones listed above. mysql grant SELECT,INSERT,UPDATE,DELETE on database.* to [EMAIL PROTECTED] identified by 'password'; mysql flush privileges; mysql show grants for [EMAIL PROTECTED]; GRANT USAGE ON *.* TO 'user'@'localhost' IDENTIFIED BY PASSWORD 'encrypted' GRANT ALL PRIVILEGES ON `database`.* TO 'user'@'localhost' These are the same privileges if I were to grant all privileges for a user. Any help would be appreciated. Denise Lopez UCLA Center for Digital Humanities Network Services Systems Engineer 337 Charles E. Young Drive East PPB 1020 Los Angeles, CA 90095 310/206-8216 -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: privileges question
At 15:18 -0800 2/23/04, Jim Richardson wrote: Installing a new RHEL box, with 3.23.58. (it's what RH provides, and I don't feel like using stuff from out of the RH tree.) I am a little confused about the privileges. I have done a GRANT ALL on *.* to root IDENTIFIED BY 'password'; which is great, but if I run mysql so mysql -u [EMAIL PROTECTED] I get in, no password. How can I tell mysql to refuse anything that isn't from localhost, and to require a password for root no matter what? Thanks. New to MySQL and databases in general, trying to make sure I don't screw up too badly. When you specify an account name for the GRANT statement, if you specify only the username part, the hostname part defaults to '%'. So your GRANT statement is actually equivalent to GRANT ... TO 'root'@'%'. Clobber that account and specify GRANT ... TO 'root'@'localhost' instead. Then root will be able to connect only from the localhost. -- Paul DuBois, MySQL Documentation Team Madison, Wisconsin, USA MySQL AB, www.mysql.com MySQL Users Conference: April 14-16, 2004 http://www.mysql.com/uc2004/ -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
Re: privileges question
On Mon, Feb 23, 2004 at 05:30:38PM -0600, Paul DuBois wrote: At 15:18 -0800 2/23/04, Jim Richardson wrote: Installing a new RHEL box, with 3.23.58. (it's what RH provides, and I don't feel like using stuff from out of the RH tree.) I am a little confused about the privileges. I have done a GRANT ALL on *.* to root IDENTIFIED BY 'password'; which is great, but if I run mysql so mysql -u [EMAIL PROTECTED] I get in, no password. How can I tell mysql to refuse anything that isn't from localhost, and to require a password for root no matter what? Thanks. New to MySQL and databases in general, trying to make sure I don't screw up too badly. When you specify an account name for the GRANT statement, if you specify only the username part, the hostname part defaults to '%'. So your GRANT statement is actually equivalent to GRANT ... TO 'root'@'%'. Clobber that account and specify GRANT ... TO 'root'@'localhost' instead. Then root will be able to connect only from the localhost. Thanks for your help. I realize now I was misunderstanding something, that anyone can log into mysql from localhost, but they can't *do* much of anything except with test_ databases. That was part of my problem, the rest was answered with your post. Thanks. Now back to reading the MySQL book, the author's name seems familiar... :) -- Jim Richardson http://www.eskimo.com/~warlock $HOME is where your dotfiles are - Gym Quirk -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe:http://lists.mysql.com/[EMAIL PROTECTED]
RE: Privileges question.
Hi All, cut Now, I want to give to 'dbuser' privileges to read ONLY 'name' and 'address' columns from table 'TBL1'. So, I added record to mysql.user table (with no global privileges) - thans to thar 'dbuser' is able to connect to MySQL server, and it works OK. Further I added records to mysql.column_privileges: cut My question is: Is there anybody who can tell me what I am doing wrong, or how can I give privileges to read only several columns from table? cut s'more Don't mess around with the privilege tables. Use the GRANT and REVOKE commands instead. You might also want to read http://www.bitbybit.dk/mysqlfaq/faq.html#ch11_0_0 / Carsten -- Carsten H. Pedersen keeper and maintainer of the bitbybit.dk MySQL FAQ http://www.bitbybit.dk/mysqlfaq - Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail [EMAIL PROTECTED] To unsubscribe, e-mail [EMAIL PROTECTED] Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php