Hello together,
I do have a problem with the mysql_user module.
It does create my user with the provided password, but it does not create the permissions I do pass.
Here is my call:
`
name: Create User with single database privilieges
mysql_user: name=“ttr”
host=localhost
password=testPass
priv=“tinytinyrss.*:USAGE”
state=present
`
When I then log into MySQL and view allowed databases:
`
[root@munin ~]# mysql -u ttr -ptestPass
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 60
Server version: 5.5.40-MariaDB MariaDB Server
Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
Would you not need to grant SELECT instead of USAGE?
According to MySQL docs, USAGE is granted at the server level. When I create a user locally (with or without Ansible), that user gets USAGE on . but it doesn’t allow them to see any databases.
# Revoke all privileges for user 'bob' and password '12345'
- mysql_user: name=bob password=12345 priv=*.*:USAGE state=present
The MySQL Documentation explains it with the full details:
The USAGE privilege specifier stands for “no privileges.” It is used at the global level with GRANT to modify account attributes such as resource limits or SSL characteristics without affecting existing account privileges.
So it was a mistake of mine, not ansible. Shame on me
Nevetheless thanks for the hint.
