Changes

Jump to: navigation, search

OPS345 Lab 4

485 bytes added, 01:10, 9 January 2022
Create an SQL user
Just as root: regular users in the DBMS are not in any way related to Linux users in /etc/passwd. Typically you will have on SQL user for each web application you have using the database server. SQL users also have SQL permissions, which have nothing to do with Linux permissions - they describe what operations that SQL user can do, on which databases.
* Create a database for testing the SQL queries in this section:<source>MariaDB [(none)]> CREATE DATABASE firstdb;</source> If you were running your own MariaDB - you would create a user and assign ppermissions (they're called "privileges" in SQL) for that user on a certain database. That won't work on AWS RDS because your root user doesn't have '''ALL PRIVILEGES''', so can't grant them to another user. * Try it anyway just to see the error:<source>MariaDB [(none)]> grant all privileges on firstdb.* TO 'asmith15db'@'%' identified by 'andrewdbpassword';ERROR 1044 (42000): Access denied for user 'dbroot'@'%' to database 'firstdb'</source> Instead creating a user in AWS RDS takes these three steps: #Create a user with this username and password (replace andrewdb with yours):<source>CREATE USER 'andrewdb'@'%' IDENTIFIED BY 'andrewdbpassword';</source>#Find what privileges your dbroot is able to assign:<source>show grants for 'dbroot';</source>#Give the most important permissions to your db user:<source>GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE ON firstdb.* TO 'asmith15db'@'%';</source>
<source></source>
<source></source>
* Typically you would use something like this: " MariaDB> grant all privileges on DATABASE_NAME.* TO 'USER_NAME'@'%' identified by 'PASSWORD'; " but that won't work on AWS RDS because your root user doesn't have ALL PRIVILEGES, so can't grant them to another user.
* Instead create a user first: CREATE USER 'andrewdb'@'%' IDENTIFIED BY 'andrewdbpassword';
* Find what privileges your root has: show grants for 'root';
* Give the most important ones to your db user: " GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE ON firstdb.* TO 'andrewdb'@'%'; "
* Log out from root
* mysql -u andrewdb -pandrewdbpassword -h ops345db.cobdogt5aykb.us-east-1.rds.amazonaws.com

Navigation menu