It seems, that this is a question that regularly shows up in forums or stackoverflow.
To start, let’s highlight the fact that in MySQL 8.0 it’s not any more possible to create a user directly from the GRANT command (ERROR 1410 (42000): You are not allowed to create a user with GRANT).
This means that to grant some privileges, the user must be created first.
Let’s create a user ‘user1‘ with ‘ChangeMe‘ as password that the user will have to change:
mysql> create user 'user1' identified by 'ChangeMe' password expire;
Query OK, 0 rows affected (1.35 sec)
Let’s try to connect to MySQL using that new created user:
$ mysql -u user1 -pChangeMe -h localhost
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 347
Server version: 8.0.13
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql>
Nothing special, we are connected as expected… but didn’t I explicitly expired the password ?
Yes I did, let’s try any statement:
mysql> select now();
ERROR 1820 (HY000): You must reset your password using ALTER USER
statement before executing this statement.
We must change the password as expected. Let’s change it to ‘MySQL8isGreat‘:
mysql> set password='MySQL8isGreat';
Query OK, 0 rows affected (0.34 sec)
And now we can use MySQL and run any statement we are allowed to do (that we have the privileges for).
mysql> select now();
+---------------------+
| now() |
+---------------------+
| 2019-01-10 14:36:05 |
+---------------------+
1 row in set (0.00 sec)
mysql> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
+--------------------+
1 row in set (0.20 sec)
It seems I don’t have access to many databases…
The default privilege is very limited:
mysql> show grants;
+-----------------------------------+
| Grants for user1@% |
+-----------------------------------+
| GRANT USAGE ON . TOuser1@%|
+-----------------------------------+
1 row in set (0.00 sec)
It’s now time to grant more privileges to our user… but which privileges are available ?
In 8.0.13, they are currently 46 privileges !
To list them all, just run:
mysql> show privileges;
+----------------------------+---------------------------------------+-------------------------------------------------------+
| Privilege | Context | Comment |
+----------------------------+---------------------------------------+-------------------------------------------------------+
| Alter | Tables | To alter the table |
| Alter routine | Functions,Procedures | To alter or drop stored functions/procedures |
| Create | Databases,Tables,Indexes | To create new databases and tables |
| Create routine | Databases | To use CREATE FUNCTION/PROCEDURE |
| Create role | Server Admin | To create new roles |
| Create temporary tables | Databases | To use CREATE TEMPORARY TABLE |
| Create view | Tables | To create new views |
| Create user | Server Admin | To create new users |
| Delete | Tables | To delete existing rows |
| Drop | Databases,Tables | To drop databases, tables, and views |
| Drop role | Server Admin | To drop roles |
| Event | Server Admin | To create, alter, drop and execute events |
| Execute | Functions,Procedures | To execute stored routines |
| File | File access on server | To read and write files on the server |
| Grant option | Databases,Tables,Functions,Procedures | To give to other users those privileges you possess |
| Index | Tables | To create or drop indexes |
| Insert | Tables | To insert data into tables |
| Lock tables | Databases | To use LOCK TABLES (together with SELECT privilege) |
| Process | Server Admin | To view the plain text of currently executing queries |
| Proxy | Server Admin | To make proxy user possible |
| References | Databases,Tables | To have references on tables |
| Reload | Server Admin | To reload or refresh tables, logs and privileges |
| Replication client | Server Admin | To ask where the slave or master servers are |
| Replication slave | Server Admin | To read binary log events from the master |
| Select | Tables | To retrieve rows from table |
| Show databases | Server Admin | To see all databases with SHOW DATABASES |
| Show view | Tables | To see views with SHOW CREATE VIEW |
| Shutdown | Server Admin | To shut down the server |
| Super | Server Admin | To use KILL thread, SET GLOBAL, CHANGE MASTER, etc. |
| Trigger | Tables | To use triggers |
| Create tablespace | Server Admin | To create/alter/drop tablespaces |
| Update | Tables | To update existing rows |
| Usage | Server Admin | No privileges - allow connect only |
| XA_RECOVER_ADMIN | Server Admin | |
| SET_USER_ID | Server Admin | |
| ROLE_ADMIN | Server Admin | |
| RESOURCE_GROUP_USER | Server Admin | |
| RESOURCE_GROUP_ADMIN | Server Admin | |
| BINLOG_ADMIN | Server Admin | |
| SYSTEM_VARIABLES_ADMIN | Server Admin | |
| GROUP_REPLICATION_ADMIN | Server Admin | |
| CONNECTION_ADMIN | Server Admin | |
| REPLICATION_SLAVE_ADMIN | Server Admin | |
| ENCRYPTION_KEY_ADMIN | Server Admin | |
| BACKUP_ADMIN | Server Admin | |
| PERSIST_RO_VARIABLES_ADMIN | Server Admin | |
+----------------------------+---------------------------------------+-------------------------------------------------------+
46 rows in set (0.00 sec)
You can see that a new user doesn’t have access to the test database anymore:
mysql> use test;
ERROR 1044 (42000): Access denied for user ‘user1’@’%’ to database ‘test’
Let’s allow our user to create tables in the database users1 that we created for him and also allow him to perform the following actions:
- Alter
- Create
- Delete
- Drop
- Index
- Insert
- Select
- Update
- Trigger
- Alter routine
- Create routine
- Execute
- Create temporary tables
mysql> grant alter,create,delete,drop,index,insert,select,update,trigger,alter routine,
create routine, execute, create temporary tables on user1.* to 'user1';
Query OK, 0 rows affected (0.23 sec)
NO NEED TO RUN FLUSH PRIVILEGES !
And in the open session for user1, we can check the granted privileges:
mysql> show grantsG
******************** 1. row ********************
Grants for user1@%: GRANT USAGE ON . TOuser1@%
******************** 2. row ********************
Grants for user1@%: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP,
INDEX, ALTER, CREATE TEMPORARY TABLES, EXECUTE, CREATE ROUTINE, ALTER
ROUTINE, TRIGGER ONuser1.* TOuser1@%
2 rows in set (0.00 sec)
Now let’s imagine we want to have multiple users that will have access to the same database (mydatabase), instead of specifying all the grants for each users, let’s use a common role for all of them. We will call it ‘developer_user‘:
mysql> create ROLE developer_users;
mysql> grant alter,create,delete,drop,index,insert,select,update,trigger,alter
routine,create routine, execute, create temporary tables
on mydatabase.* to 'developer_user';
Query OK, 0 rows affected (0.12 sec)
Let’s grant the role to user1:
mysql> grant 'developer_user' to 'user1';
Query OK, 0 rows affected (0.16 sec)
Now back again in user1‘s session and let’s verify:
mysql> SELECT CURRENT_ROLE();
+----------------+
| CURRENT_ROLE() |
+----------------+
| NONE |
+----------------+
1 row in set (0.00 sec)mysql> set role 'developer_user';
Query OK, 0 rows affected (0.00 sec)mysql> SELECT CURRENT_ROLE();
+----------------------+
| CURRENT_ROLE() |
+----------------------+
|developer_user@%|
+----------------------+
1 row in set (0.00 sec)mysql> show grantsG
******************** 1. row ********************
Grants for user1@%: GRANT USAGE ON . TOuser1@%
******************** 2. row ********************
Grants for user1@%: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE,
DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, EXECUTE,
CREATE ROUTINE, ALTER ROUTINE, TRIGGER ONmydatabase.* TOuser1@%
******************** 3. row ********************
Grants for user1@%: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE,
DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, EXECUTE,
CREATE ROUTINE, ALTER ROUTINE, TRIGGER ONuser1.* TOuser1@%
******************** 4. row ********************
Grants for user1@%: GRANTdeveloper_user@%TOuser1@%
4 rows in set (0.00 sec)
Now we would like that every time user1 logs into MySQL, his new role will be set:
mysql> set default role 'developer_user' to 'user1';
Query OK, 0 rows affected (0.22 sec)
Let’s also create a user2 having the default role:
mysql> create user 'user2' identified by 'DontChangeMe' default role 'developer_user';
Query OK, 0 rows affected (0.18 sec)
And we can immediately test it:
$ mysql -u user2 -pDontChangeMe -h localhost
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or g.
Your MySQL connection id is 352
Server version: 8.0.13 MySQL Community Server - GPL
Copyright (c) 2000, 2018, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.
mysql> show grantsG
******************** 1. row ********************
Grants for user2@%: GRANT USAGE ON . TOuser2@%
******************** 2. row ********************
Grants for user2@%: GRANT SELECT, INSERT, UPDATE, DELETE, CREATE,
DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, EXECUTE,
CREATE ROUTINE, ALTER ROUTINE, TRIGGER ONmydatabase.* TOuser2@%
******************** 3. row ********************
Grants for user2@%: GRANTdeveloper_user@%TOuser2@%
3 rows in set (0.18 sec)
Summary
In summary, now in MySQL 8.0 you cannot create a user from GRANT, you don’t need to run FLUSH PRIVILEGES command (this is effective for a long time already, please forget about it !), you can use ROLES and you have more password management options.
Subscribe to Blog via Email
Some WordPress plugins require SUPER permissions for the database user.
Previously, before we implemented a fix for this issue, if a site needed these permissions, a live->staging or staging->live push will fail, and you may have see nerrors such as:
ERROR 1227 (42000) at line 4560 in file: '/var/www/site.url/htdocs/sourcedatabase.sql': Access denied; you need (at least one of) the SUPER or SET_USER_ID privilege(s) for this operation
or
wpcli import failed...
You may also need to grant this for plugins that require TRIGGER privileges, such as WP Time Capsule (WPTC). In this case, if you don’t want to go full SUPER, you can follow the same steps, but switch out “SUPER” for “TRIGGER”.
Granting SUPER Permissions directly on the Server
Step 1. Log into your terminal and connect to your server.
Please see the following articles to get started:
Step 2. Open MySQL interactive shell:
gp mysql login root
Step 3. Now you’ll need to grant super privilege to your staging site and your production site. You will need to look up your database user and password inside your wp-config.php file for both your staging site and live site.
You can find the user and database password from your wp-config.php files inside your GridPane account by heading to the Sites page and clicking on your websites name to open up the configuration modal:
Click the button as highlighted above to display your wp-config.php. The information you’re looking for is as follows:
These are the SQL Commands:
GRANT SUPER ON *.* TO db_user_from_staging_wp_config@localhost;
GRANT SUPER ON *.* TO db_user_from_wp_config@localhost;
FLUSH PRIVILEGES;
exit
Real World Example
Here’s an example using gridpane.com as the website we want to grant permissions to:
GRANT SUPER ON *.* TO XiE_staging_gridpane_com@localhost;
GRANT SUPER ON *.* TO LmC_gridpane_com@localhost;
FLUSH PRIVILEGES;
ERROR 1410
If you see the error message «ERROR 1410 (42000): You are not allowed to create a user with GRANT«, don’t worry, this is an easy fix. Please scroll down to the «Creating a User and Granting Super Permissions» section below.
Check Your Work
Before exiting, you can check your work with:
SHOW GRANTS FOR your_user_name@localhost;
The output should look as follows:
mysql> SHOW GRANTS FOR your_user_name@localhost;
+----------------------------------------------------------------------+
| Grants for your_user_name@localhost |
+----------------------------------------------------------------------+
| GRANT SUPER ON *.* TO `your_user_name`@`localhost` |
| GRANT ALL PRIVILEGES ON `your_user_name`.* TO `your_user_name`@`localhost` |
+----------------------------------------------------------------------+
2 rows in set (0.00 sec)
mysql>
You can then exit MySQL with:
exit
Creating a User and Granting SUPER Permissions
If for any reason you need to create/re-create a user and grant SUPER permissions, this requires a slightly different approach to what’s laid out above.
You’ll be able to find out if this is necessary by looking out for this error:
ERROR 1410 (42000): You are not allowed to create a user with GRANT
This means that the user you’re trying to grant permissions to does not exist – be sure to double-check you’ve used the correct user and for any spelling/syntax mistakes.
Starting with MySQL 8 you no longer can (implicitly) create a user using the GRANT command, so you need to use either the CREATE or ALTER command before using GRANT.
Step 1. Check your wp-config.php as outlined above for your database user and password.
Step 2. Using this information run the following command, switching out your details as indicated:
ALTER USER 'db_user_from_wp_config'@'localhost' IDENTIFIED BY 'db_password_from_wp_config'; GRANT SUPER ON *.* TO 'db_user_from_wp_config'@'localhost';
If we take this test sites wp-config.php info as an example:
The command would look as follows:
ALTER USER 'XiE_test_com'@'localhost' IDENTIFIED BY 'axRXuZHUxTgfpXwLTZEznohen'; GRANT SUPER ON *.* TO 'XiE_test_com'@'localhost';
Granting SUPER Permissions via MySQL Workbench
You can also grant SUPER permissions using MySQL Workbench. Here’s a quick rundown of how to do this. Please also note that here you will again need your MySQL root password.
Step 1. Log into your terminal and connect to your server
Step 2. Get your MySQL root password
gp mysql -get-pass root
You will need this when you connect to Workbench.
Step 3. If you don’t already have Workbench installed, you can download it here:
https://www.mysql.com/products/workbench/
Open Workbench up and select Database > Connect to database.
From the Connection Method dropdown select “Standard TCP/IP over SSH”
SSH Hostname: = Your server IP
SSH Username: = root
SSH Key File: = locate and select your SSH private key file
Leave all the rest of the settings as default. It will look like the following:
Click OK. You may see a message that says “Could not connect to SSH tunnel”. Click OK again.
Next you will now be prompted for your MySQL root password from step 2. Enter and click OK.
Step 4. Once connected, click on Users and Privileges on the left side.
Step 5. Select the user (website) you wish to edit (edit both the main domain and the staging domain), and then select the Administrative Roles tab.
On the right side under Global Privileges, check SUPER and then click Apply on the bottom.
Once both users (websites) have been given SUPER you’re all set!
Tried
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'root' WITH GRANT OPTION;
Getting
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near ‘IDENTIFIED BY ‘root’ WITH GRANT OPTION’ at line 1.
Note: The same is working when tried in previous versions.
Also tried
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
Getting
ERROR 1410 (42000): You are not allowed to create a user with GRANT
MySQL (8.0.11.0) username/password is root/root.
Starting with MySQL 8 you no longer can (implicitly) create a user using the GRANT command. Use CREATE USER instead, followed by the GRANT statement:
mysql> CREATE USER 'root'@'%' IDENTIFIED BY 'PASSWORD';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
Caution about the security risks about WITH GRANT OPTION, see:
- Grant all privileges on database
I see a lot of (wrong) answers, it is just as simple as this:
USE mysql;
CREATE USER 'user'@'localhost' IDENTIFIED BY '[email protected]';
GRANT ALL ON *.* TO 'user'@'localhost';
FLUSH PRIVILEGES;
Note: instead of a self-created user you can use root to connect to the database. However, using the default root account to let an application connect to the database is not the preferred way. Alternative privileges can be applied as follows (be careful and remember the least-privilege principle):
-- Grant user permissions to all tables in my_database from localhost --
GRANT ALL ON my_database.* TO 'user'@'localhost';
-- Grant user permissions to my_table in my_database from localhost --
GRANT ALL ON my_database.my_table TO 'user'@'localhost';
-- Grant user permissions to all tables and databases from all hosts --
GRANT ALL ON *.* TO 'user'@'*';
If you would somehow run into the following error:
ERROR 1130 (HY000): Host ‘1.2.3.4’ is not allowed to connect to this
MySQL server
You need add/change the following two lines in /etc/mysql/my.cnf and restart mysql:
bind-address = 0.0.0.0
skip-networking
1) This worked for me. First, create a new user. Example: User foo with password bar
> mysql> CREATE USER 'foo'@'localhost' IDENTIFIED WITH mysql_native_password BY 'bar';
2) Replace the below code with a username with ‘foo’.
> mysql> GRANT ALL PRIVILEGES ON database_name.* TO'foo'@'localhost';
Note: database_name is the database that you want to have privileges, . means all on all
3) Login as user foo
mysql> mysql -u foo -p
Password: bar
4) Make sure your initial connection from Sequelize is set to foo with pw bar.
Just my 2 cents on the subject. I was having the exact same issue with trying to connect from MySQL Workbench. I’m running a bitnami-mysql virtual machine to set up a local sandbox for development.
Bitnami’s tutorial said to run the ‘Grant All Privileges’ command:
/opt/bitnami/mysql/bin/mysql -u root -p -e "grant all privileges on *.* to 'root'@'%' identified by 'PASSWORD' with grant option";
This was clearly not working, I finally got it to work using Mike Lischke’s answer.
What I think happened was that the [email protected]% user had the wrong credentials associated to it. So if you’ve tried to modify the user’s privileges and with no luck try:
- Dropping the user.
- Create the user again.
- Make sure you have the correct binding on your MySQL config file.
In my case I’ve commented the line out since it’s just for a sandbox environment.
1. Dropping the user.
From Mysql Console:
List Users (helpful to see all your users):
select user, host from mysql.user;
Drop Desired User:
drop user '{{ username }}'@'%';
2. Create the user again.
Create User and Grant Permissions:
CREATE USER '{{ username }}'@'%' IDENTIFIED BY '{{ password }}';
GRANT ALL PRIVILEGES ON *.* TO '{{ username }}'@'%' WITH GRANT OPTION;
Run this command:
FLUSH PRIVILEGES;
3. Make sure you have the correct binding on your MySQL config file.
Locate your MySQL config file (additional notes at the end). If you want to have MySQL listen for connections on more than one network find the following line on the config file:
bind-address=127.0.0.1
and comment it using a ‘#’:
#bind-address=127.0.0.1
For production environments you might want to use limit the network access (additional notes at the end).
Then restart your MySQL service.
Hope this helps someone having the same issue!
Binding: If you want to know more about this I suggest looking at the following
solution How to bind MySQL server to more than one IP address. It
basically says you can leave MySQL open and limit connections by using
a firewall, or natively if you have MySQL version 8.0.13 and above.
MySQL Config File The file could have different locations depending on your
Linux distribution and installation. On my system it was located at
'/etc/my.cnf'. Here are other suggested locations:
- /etc/mysql/mysql.conf.d
- /etc/mysql/my.cnf
You can also search for the config locations as shown in this website:
How to find locations of MySQL config files.
For those who’ve been confused by CREATE USER 'root'@'localhost' when you already have a root account on the server machine, keep in mind that your 'root'@'localhost' and 'root'@'your_remote_ip' are two different users (same user name, yet different scope) in mysql server. Hence, creating a new user with your_remote_ip postfix will actually create a new valid root user that you can use to access the mysql server from a remote machine.
For example, if you’re using root to connect to your mysql server from a remote machine whose IP is 10.154.10.241 and you want to set a password for the remote root account which is '[email protected]#', here are steps you would want to follow:
-
On your mysql server machine, do
mysql -u root -p, then enter your password forrootto login. -
Once in
mysql>session, do this to create root user for the remote scope:mysql> CREATE USER 'root'@'10.154.10.241' IDENTIFIED BY '[email protected]#'; -
After the
Query OKmessage, do this to grant the newly created root user all privileges:mysql> GRANT ALL ON *.* TO 'root'@'10.154.10.241'; -
And then:
FLUSH PRIVILEGES; -
Restart the mysqld service:
sudo service mysqld restart -
Confirm that the server has successfully restarted:
sudo service mysqld status
If the steps above were executed without any error, you can now access to the mysql server from a remote machine using root.
My Specs:
mysql --version
mysql Ver 8.0.16 for Linux on x86_64 (MySQL Community Server - GPL)
What worked for me:
mysql> CREATE USER 'username'@'localhost' IDENTIFIED BY 'desired_password';
mysql> GRANT ALL PRIVILEGES ON db_name.* TO 'username'@'localhost' WITH GRANT OPTION;
Response in both queries:
Query OK, O rows affected (0.10 sec*)
N.B: I created a database (db_name) earlier and was creating a user credential with all privileges granted to all tables in the DB in place of using the default root user which I read somewhere is a best practice.
The specified user just doesn’t exist on your MySQL (so, MySQL is trying to create it with GRANT as it did before version 8, but fails with the limitations, introduced in this version).
MySQL’s pretty dumb at this point, so if you have ‘root’@’localhost’ and trying to grant privileges to ‘root’@’%’ it treats them as different users, rather than generalized notion for root user on any host, including localhost.
The error message is also misleading.
So, if you’re getting the error message, check your existing users with something like this
SELECT CONCAT("'", user, "'@'", host, "'") FROM mysql.user;
and then create missing user (as Mike advised) or adjust your GRANT command to the actual exisiting user specificaion.
SolutionMany thanks @Nebulastic
If you want to only allow remote IP using following command
CREATE USER 'user_test'@'113.yy.xx.94' IDENTIFIED BY 'YOUR_PWD';
GRANT ALL ON *.* TO 'user_test'@'113.yy.xx.94';
FLUSH PRIVILEGES;
You will get this error
ERROR 1410 (42000): You are not allowed to create a user with GRANT
If you are trying to run a GRANT on a user that doesn’t exist!
Therefore, first run this to make sure the user you use in your GRANT matches exactly to what you have:
select User, Host from user;
In particular pay attention whether the user you created is at localhost but the one you are trying to grant to is %
Copy this and use it at once:
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
GRANT ALL ON *.* TO 'username'@'localhost';
FLUSH PRIVILEGES;
Instead of using single lines of code such as:
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
Then:
GRANT ALL ON *.* TO 'username'@'localhost';
Then:
FLUSH PRIVILEGES;
in select statement, changing ‘user’@’%’ to ‘user’@’localhost’ solved my problem
this commands work for me:
1-login to mysql and see all users
sudo mysql -u root
select user, host from mysql.user;
2-delete old user
drop user [email protected];
3-create new user
CREATE USER 'root'@'localhost' IDENTIFIED BY 'mypassword'
4-add all privileges to it:
GRANT ALL ON *.* TO 'root'@'localhost'
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password
BY 'mypassword';
5-finally flush privileges
FLUSH PRIVILEGES;
Check out your username and domain is the same as created before. Mysql select account by the two colums in user table.If it is different, mysql may think you want to create a new account by grant,which is not supported after 8.0 version.
My Specs:
mysql --version
mysql Ver 8.0.19 for Linux on x86_64 (MySQL Community Server - GPL)
What worked for me:
mysql> USE mysql;
mysql> UPDATE User SET Host='%' WHERE User='root' AND Host='localhost';
This worked for me:
mysql> FLUSH PRIVILEGES
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES
In my case I wanted to do something similar, I followed some steps from here but the best way was as @nebulasic mentioned:
USE mysql;
CREATE USER 'user'@'localhost' IDENTIFIED BY '[email protected]';
GRANT ALL ON *.* TO 'user'@'localhost';
FLUSH PRIVILEGES;
After this I encountered an error while trying to query the database or connect with SQLTools from VSCode.
Client does not support authentication protocol requested by server; consider upgrading MySQL client
Running this query will fix the problem:
ALTER USER 'user'@'localhost' IDENTIFIED WITH mysql_native_password BY '[email protected]$w0Rd';
I also want to mention that these steps are ok to work in a local environment, when doing something in production is recommended to allocate each user to each database with generated password accordingly and different other security measures if necessary.
1. grant privileges
mysql> GRANT ALL PRIVILEGES ON . TO ‘root’@’%’WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES
2. check user table:
mysql> use mysql
mysql> select host,user from user
3.Modify the configuration file
mysql default bind ip:127.0.0.1, if we want to remote visit services,just delete config
#Modify the configuration file
vi /usr/local/etc/my.cnf
#Comment out the ip-address option
[mysqld]
# Only allow connections from localhost
#bind-address = 127.0.0.1
4.finally restart the services
brew services restart mysql
Well, I just had the same problem. Even if route had ‘%’ could not connect remotely. Now, having a look at my.ini file (config file in windows) the bind-address statement was missed.
So… I putted this bind-address = * after [mysqld] and restarted the service. Now it works!
Try this, i had the same issue and i tried few options, but the below worked.
GRANT ALL ON . TO ‘root’@’%’;
Reference used — https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-20-04#step-6-%E2%80%94-testing-database-connection-from-php-optional
- ubuntu 22.04.1
- Mysql Ver 8.0.31-0
My root had no GRANT privileges so I could not grant new users any previligies.
Solution was to Drop current root user and create new one using ‘mysql_native_password’.
Commands as follows
Login to mysql with as root
mysql> DROP USER 'root'@'localhost' IDENTIFIED BY 'PASSWORD' FROM mysql.user;
mysql> CREATE USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'locahost' WITH GRANT OPTION;
mysql> FLUSH PRIVILEGES;
This may work:
grant all on dbtest.* to 'dbuser'@'%' identified by 'mysql_password';
I had this same issue, which led me here. In particular, for local development, I wanted to be able to do mysql -u root -p without sudo. I don’t want to create a new user. I want to use root from a local PHP web app.
The error message is misleading, as there was nothing wrong with the default 'root'@'%' user privileges.
Instead, as several people mentioned in the other answers, the solution was simply to set bind-address=0.0.0.0 instead of bind-address=127.0.0.1 in my /etc/mysql/mysql.conf.d/mysqld.cnf config. No changes were otherwise required.
I had the same problem on CentOS and this worked for me (version: 8.0.11):
mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%'
Stary mysql with sudo
sudo mysql
Comments Section
are you connecting directly with mysql or do you use ssh?
directly from command prompt as root user
See the differences between 13.7.1.6 GRANT Syntax and 13.7.1.4 GRANT Syntax.
im too stuck with the same issue. I am launching the mysql shell using
mysql -u root -p, then entering root password. Then I triedGRANT GRANT OPTION ON *.* TO 'root'@'%';and I get the errorERROR 1410 (42000): You are not allowed to create a user with GRANT
This command will create a new user. But I want to grant privileges to existing root user. mysql> CREATE USER ‘root’@’%’ IDENTIFIED BY ‘root’; Query OK, 0 rows affected (0.31 sec) mysql> GRANT ALL PRIVILEGES ON . TO ‘root’@’%’ WITH GRANT OPTION; Query OK, 0 rows affected (0.16 sec) mysql> SELECT User FROM mysql.user; +——————+ | User | +——————+ | root | | mysql.infoschema | | mysql.session | | mysql.sys | | root | +——————+ 5 rows in set (0.00 sec)
Now two users with name root are present in user table!! Also I am not able to connect remotely (root user). ————- Details: Type: com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException SQL State: 08001
Weird. The error message in your question indicates this user doesn’t exist. This is the only reason why I suggested to create it first. And it’s impossible to have the same user twice in single MySQL instance. They differ either in the name or in the host part.
These 2 users connect from different hosts. Run
SELECT User, Host FROM mysql.user;instead.
ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘. TO ‘root’@’%» at line 1
Got that error:
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
mysql> GRANT ALL PRIVILEGES ON . TO ‘root’@’%’; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘. TO ‘root’@’%» at line 1 mysql>
This does by far not answer the question. It’s about global permissions, and not database specific permissions.
This was a valid solution for me! I simply had failed to type the [email protected] line precisely. Be sure to check this before trying the other solutions suggested. For me it was: CREATE USER ‘user’@’%domain.com’ and then when I issued the failing GRANT statement, my syntax was off by one ‘.’. It looked like this GRANT …. TO ‘user’@’%.domain.com’. I forgot to put the ‘.’ in my create statement and it made all the difference in fixing this issue.
Rather than toss out code, also explain why it’s the appropriate solution. The goal is to educate so the OP knows what to do the next time, not merely solve the immediate problem.
Although it would work in your specific situation. This pieces of sql syntax updates a user, and it does not set a user account. It also does not grant privileges.
Could you elaborate on why it doesn’t work instead of just complaining? That way I can help you out or post additional information.
This answer doesn’t even sort of address the question of root user privilege.
This is actually the closest to the correct answer.
Updated the answer accordingly.
This doesn’t even fully answer the question.
Best answer, now it’s
GRANT ALL ONfor MySQL 8.0. Also I believe instead of disablingbind-addressyou can bind to127.0.0.1and include--protocol=tcpin any commands. The performance long-term is also better than withlocalhost.
What all answers beside mine miss here is that the OP wondered why the user can no longer be created with the GRANT command. It was never asked how to use
GRANTto grant privileges. But somehow people refuse to read what has been asked and answered before.
i had a typo in the user and this was what happend!
@Praveen are you ever going to accept an answer here?
This should be accepted answer! Same here, it’s what after @ that matters and it must be correct. Stupid Mysql
In MySQL 8
FLUSH PRIVILEGES;is redundant, the changes are applied immediately.
Thanks a lot, your answer was sort of clarifying to me. mysql v8 deals ‘host:localhost’ only locally, but host:% is being dealt with for remote connection, so we need either a new user with host ‘%’ in mysql.user table or modify one on the table to that host and grant all permissions to be able to use remotely. Although you better clarify it more and provide a full solution, you’re on the stack, so you better get points
Yeah, for some reason this gives me the error message ‘You have an error in your SQL syntax’
I too had same problem — do double check if your create user actually created a user as expected
Only answer in the internet that work for my version.
This was it. Thank you! The user had different host name (e.g.
'user'@'%'vs'user'@'data').
Related Topics
mysql
mysql-8.0
mysql-error-1064
Mentions
The Tin Man
Nebulastic
Praveen
User
Toni
Acv
Stephan Vierkant
Mike Lischke
Sergey Podushkin
Zenglong Chen
Zero
Shivangg
Minding
Fatemeh Sadeghi
Bumi Ke
Rajeshk
Broodje Be
Nuel Makara
Armando Juarez
Devo Chen
Ehab Reda
Anup Joshi
Marshall Fungai
Cloudkollektiv
Edd Michira
References
stackoverflow.com/questions/50177216/how-to-grant-all-privileges-to-root-user-in-mysql-8-0