AWS RDS - 使用 GRANT ALL PRIVILEGES ON the_db.* TO 'the_user'@'%' 时拒绝管理员用户访问
AWS RDS - Access denied to admin user when using GRANT ALL PRIVILEGES ON the_db.* TO 'the_user'@'%'
当我们尝试将特定数据库的所有权限授予用户时,数据库的管理员(超级用户)用户收到以下错误。
Access denied for user 'admin'@'%' to database 'the_Db'
在 Whosebug 中查看其他问题后,我找不到解决方案。我已经尝试更改 * -> % 但没有成功,这是以下来源中建议的方法:
http://www.fidian.com/problems-only-tyler-has/using-grant-all-with-amazons-mysql-rds
我认为 RDS 上有一个底层配置,所以我无法为用户授予所有权限,但我不知道如何检测正在发生的事情。
更新
在采取一些变通办法后,我注意到“删除版本控制行”权限是导致问题的原因。我可以添加除那个以外的所有权限。
https://mariadb.com/kb/en/grant/
所以我可以授予其他权限的唯一“方式”是使用这样的脚本来指定每个权限。
GRANT Alter ON *.* TO 'user_some_app'@'%';
GRANT Create ON *.* TO 'user_some_app'@'%';
GRANT Create view ON *.* TO 'user_some_app'@'%';
GRANT Delete ON *.* TO 'user_some_app'@'%';
GRANT Drop ON *.* TO 'user_some_app'@'%';
GRANT Grant option ON *.* TO 'user_some_app'@'%';
GRANT Index ON *.* TO 'user_some_app'@'%';
GRANT Insert ON *.* TO 'user_some_app'@'%';
GRANT References ON *.* TO 'user_some_app'@'%';
GRANT Select ON *.* TO 'user_some_app'@'%';
GRANT Show view ON *.* TO 'user_some_app'@'%';
GRANT Trigger ON *.* TO 'user_some_app'@'%';
GRANT Update ON *.* TO 'user_some_app'@'%';
GRANT Alter routine ON *.* TO 'user_some_app'@'%';
GRANT Create routine ON *.* TO 'user_some_app'@'%';
GRANT Create temporary tables ON *.* TO 'user_some_app'@'%';
GRANT Execute ON *.* TO 'user_some_app'@'%';
GRANT Lock tables ON *.* TO 'user_some_app'@'%';
试试这个
mysql -h your-rds-host-name -P 3306 -u rds-master-user -p
CREATE DATABASE sitedb;
CREATE USER 'siteuser'@'%' IDENTIFIED BY 'Password';
// 对于 MySQL 5.7 或更小
GRANT ALL ON sitedb.* TO 'siteuser'@'%' IDENTIFIED BY 'Password' WITH GRANT OPTION;
// MariaDB 10 Up
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, CREATE VIEW, EVENT, TRIGGER, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EXECUTE ON `sitedb`.* TO 'siteuser'@'%';
FLUSH PRIVILEGES;
EXIT
当我们尝试将特定数据库的所有权限授予用户时,数据库的管理员(超级用户)用户收到以下错误。
Access denied for user 'admin'@'%' to database 'the_Db'
在 Whosebug 中查看其他问题后,我找不到解决方案。我已经尝试更改 * -> % 但没有成功,这是以下来源中建议的方法:
http://www.fidian.com/problems-only-tyler-has/using-grant-all-with-amazons-mysql-rds
我认为 RDS 上有一个底层配置,所以我无法为用户授予所有权限,但我不知道如何检测正在发生的事情。
更新
在采取一些变通办法后,我注意到“删除版本控制行”权限是导致问题的原因。我可以添加除那个以外的所有权限。
https://mariadb.com/kb/en/grant/
所以我可以授予其他权限的唯一“方式”是使用这样的脚本来指定每个权限。
GRANT Alter ON *.* TO 'user_some_app'@'%';
GRANT Create ON *.* TO 'user_some_app'@'%';
GRANT Create view ON *.* TO 'user_some_app'@'%';
GRANT Delete ON *.* TO 'user_some_app'@'%';
GRANT Drop ON *.* TO 'user_some_app'@'%';
GRANT Grant option ON *.* TO 'user_some_app'@'%';
GRANT Index ON *.* TO 'user_some_app'@'%';
GRANT Insert ON *.* TO 'user_some_app'@'%';
GRANT References ON *.* TO 'user_some_app'@'%';
GRANT Select ON *.* TO 'user_some_app'@'%';
GRANT Show view ON *.* TO 'user_some_app'@'%';
GRANT Trigger ON *.* TO 'user_some_app'@'%';
GRANT Update ON *.* TO 'user_some_app'@'%';
GRANT Alter routine ON *.* TO 'user_some_app'@'%';
GRANT Create routine ON *.* TO 'user_some_app'@'%';
GRANT Create temporary tables ON *.* TO 'user_some_app'@'%';
GRANT Execute ON *.* TO 'user_some_app'@'%';
GRANT Lock tables ON *.* TO 'user_some_app'@'%';
试试这个
mysql -h your-rds-host-name -P 3306 -u rds-master-user -p
CREATE DATABASE sitedb;
CREATE USER 'siteuser'@'%' IDENTIFIED BY 'Password';
// 对于 MySQL 5.7 或更小
GRANT ALL ON sitedb.* TO 'siteuser'@'%' IDENTIFIED BY 'Password' WITH GRANT OPTION;
// MariaDB 10 Up
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, CREATE VIEW, EVENT, TRIGGER, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, EXECUTE ON `sitedb`.* TO 'siteuser'@'%';
FLUSH PRIVILEGES;
EXIT