I have a mysql user that currently has the following privileges:
mysql> show grants;
+--...--+
| Grants for debian sys-maint@localhost
+--...--+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO 'debian-sys-maint'@'localhost' IDENTIFIED BY PASSWORD '*DA604C65D4EFF216D1F61FCD42726FA881FB6562' WITH GRANT OPTION |
+--...--+
I'd like it to be able to do that to another user:
mysql> grant all privileges on *.* to 'foo'@'%' identified by 'bar';
ERROR 1045 (28000): Access denied for user 'debian-sys-maint'@'localhost' (using password: YES)
What am I doing wrong?
Your
sys-maint@localhostuser doesn't haveALLprivileges. It's lacking theCREATE TABLESPACEprivilege.If your user really had
ALLprivileges then when you did aSHOW GRANTS;you'd see:To be able to do a
GRANT ALLon another or new user, the user issuing theGRANT ALLmust themselves have every permission or the grant will fail.To grant your 'sys-maint@localhost' user
CREATE TABLESPACEpermissions issue the following command from an account that does have enough rights to do so (e.g. root):Or when logged in as
sys-maint@localhost(and this works on MySQL 5.5) do the following:Logout then log back in again (
QUITif using the command linemysqlclient or disconnect if using a GUI client such as HeidiSQL) andsys-maint@localhostshould be able to issue theGRANT ALLcommand.This works because your
sys-maint@localhostalready has sufficient privileges to update theusertable.And as always, when tinkering with MySQL permissions, remember to do a
FLUSH PRIVILEGES;