Question
REVOKE REPLICATION_APPLIER,ROLE_ADMIN ON *.* FROM "newuser"@"%"
- Posted on February 2, 2024
- DigitalOcean Managed MySQL DatabaseSecurity
Asked by geralSquid
Created a new user and tried to remove all grants, ended with:
GRANT USAGE ON *.* TO "user"@"%"
GRANT REPLICATION_APPLIER,ROLE_ADMIN ON *.* TO "new user"@"%"
I’m stuck trying to remove these the last grant (REPLICATION_APPLIER,ROLE_ADMIN) with my admin user in a MySQL8 managed database.
Ran
REVOKE REPLICATION_APPLIER,ROLE_ADMIN ON *.* FROM "newuser"@"%"
but gives me this error: Access denied for AuthId doadmin@% to database ‘mysql’.
Since having root access is not an option, how can i remove this grant?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Featured on Community
Get our biweekly newsletter
Sign up for Infrastructure as a Newsletter.
Hollie's Hub for Good
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Become a contributor
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Heya,
Dealing with permission issues in a managed database environment like DigitalOcean can be challenging, especially without root access.
In such cases as yours the only option would be contacting DigitalOcean’s support. They can assist in removing the permission for you.
Please reach out to our amazing support team who will be more than happy to assist! :)
Hope that helps! - KFSys.
Hey @geralsquid,
When dealing with DigitalOcean’s Managed MySQL Database, you’re working within a slightly different environment compared to a self-managed MySQL instance. Managed databases often have certain restrictions to maintain security and stability across the platform. One such restriction is that you might not have the same level of access as a root user, which can limit your ability to perform certain actions, such as directly revoking privileges like
REPLICATION_APPLIERandROLE_ADMIN.The error message you’re encountering, “Access denied for AuthId doadmin@% to database ‘mysql’,” indicates that your administrative user (
doadmin) does not have the necessary permissions to revoke these specific grants from the “newuser” user. This is a common security measure in managed environments to prevent accidental or malicious alterations to critical database functionalities, including replication and role administration.For actions that require higher privileges than your account possesses, the first step should be to contact DigitalOcean support. They can often make the necessary changes on your behalf or provide an alternative solution that complies with their managed database policies:
Although direct revocation of certain system-level privileges like
REPLICATION_APPLIERandROLE_ADMINmight not be поссибле due to the reasons mentioned, it’s still worth reaching out to the DigitalOcean support team.Hope that helps!
- Bobby.