“Set Password” with a limited user
-
01-11-2019 - |
سؤال
I'm using MySQL 5.6. I want to have a limited service-user which is able to create/modify the users of my databases.
Now my problem is that I can quite figure out what privileges my service-user needs to perform all the user administration tasks (create user, grant/revoke db privileges, set password)
If I give him the global "create user" and "reload" privileges, he can't use "set password" [= MySQL Error: 1044 (Access denied)]
If I give him "select", "insert", "update" on 'mysql'.'user' and 'mysql'.'db', he can't use "set password" [= MySQL Error: 1044 (Access denied)]
If I give him "select", "insert", "update" on 'mysql'.*, he CAN use "set password"
I'd like to understand why this is happening, and how to achieve my approach 1 or 2. I don't want to use approach 3.
The "set password" equivalent
UPDATE mysql.user
SET Password=PASSWORD('newpass')
WHERE User='bob'
AND Host='%';
...works with my privileges 1 and 2.
Can somebody help me out?
لا يوجد حل صحيح