More than 1 year has passed since last update.

AuroraServerless v2 のDBユーザ作成&権限付与のエラー対処（ERROR 1045 (28000): Access denied for user 'admin'@'%' (using password: YES)）（ERROR 1064 (42000): You have an error in your SQL syntax;）

Last updated at 2022-07-14Posted at 2022-07-14

※試してませんが以前のようにGRANTでいきなりユーザ作るってことができなくなっているみたいなのでまずはCREATE USERを使ってユーザ作成してください

バージョン

mysql> select version();
+-----------+
| version() |
+-----------+
| 8.0.23    |
+-----------+

発生エラー

パターン１

grant all on *.* to 'audit'@'%';

ERROR 1045 (28000): Access denied for user 'admin'@'%' (using password: YES)

パターン２

grant all on `%`.* to 'audit'@'%' identified by 'password';

ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'identified by 'password' with grant option' at line 1

原因&解決策

本バージョンでGRANT ALL *.*ができないから

対処

ルートユーザの権限を確認
mysql> show grants for 'admin'@`%`;
+-----------------------------------------------+
| Grants for admin@%                            |
+-----------------------------------------------+
| GRANT USAGE ON *.* TO `admin`@`%`             |
| GRANT `rds_superuser_role`@`%` TO `admin`@`%` |
+-----------------------------------------------+
2 rows in set (0.00 sec)

ロールの中身を確認
mysql> show grants for 'admin'@`%` using rds_superuser_role;
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for admin@%                                                                                                                                                                                                                                                                                                                                                                                          |
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPL                          ICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE ROLE, DROP ROLE ON *.* TO `admin`@`%`WITH GRANT OPTION |
| GRANT APPLICATION_PASSWORD_ADMIN,CONNECTION_ADMIN,REPLICATION_APPLIER,ROLE_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,XA_RECOVER_ADMIN ON *.* TO `admin`@`%` WITH GRANT OPTION                                                                                                                                                                                                     |
| GRANT `rds_superuser_role`@`%` TO `admin`@`%`                                                                                                                                                                                                                                                                                                                                                               |
+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.03 sec)

好きなユーザーに権限付与（監査人大暴走可）
mysql> GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE ROLE, DROP ROLE ON *.* TO `audit`@`%` WITH GRANT OPTION;
Query OK, 0 rows affected (0.05 sec)

ROLLの権限確認
https://blog.s-style.co.jp/2018/07/2123/#:~:text=%E3%83%AD%E3%83%BC%E3%83%AB%E3%81%AE%E6%A8%A9%E9%99%90%E7%A2%BA%E8%AA%8D,GRANTS%E3%81%A7%E7%A2%BA%E8%AA%8D%E5%8F%AF%E8%83%BD%E3%81%A7%E3%81%99%E3%80%82&text=%E3%83%A6%E3%83%BC%E3%82%B6%E3%83%BC%E3%81%AB%E4%BB%98%E4%B8%8E%E3%81%95%E3%82%8C%E3%81%9F,%E4%BA%8B%E3%81%A7%E8%A1%A8%E7%A4%BA%E3%81%95%E3%82%8C%E3%81%BE%E3%81%99%E3%80%82&text=PostgreSQL%E3%81%A7%E3%81%AFpsql%E3%81%AE%5Cz,%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89%E3%81%A7%E7%A2%BA%E8%AA%8D%E5%8F%AF%E8%83%BD%E3%81%A7%E3%81%99%E3%80%82

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up