MySQL/Amazon RDS error: "you do not have SUPER privileges..."
MysqlAmazon Ec2Amazon Web-ServicesAmazon RdsSql GrantMysql Problem Overview
I'm attempting to copy my mysql database from an Amazon EC2 to an RDS:
I successfully did a mysqldump of my database into my root folder using this:
root@ip-xx-xx-xx-xx:~# mysqldump my_database -u my_username -p > my_database.sql
Then I tried to transfer this .sql file to my new RDS database:
root@ip-xx-xx-xx-xx:~# mysql my_database -u my_username -p -h
my_new_database.xxxxxxxxx.us-east-1.rds.amazonaws.com < my_database.sql
Unfortunately, I get following error message:
You do not have the SUPER privilege and binary logging is enabled
(you *might* want to use the less safe log_bin_trust_function_creators variable)
I tried to GRANT SUPER.. in a variety of ways but I'm getting errors when I try to do that too. Typing mysql > FLUSH privileges; doesn't work either.
I'm a mysql beginner so sorry for such an easy question. Thoughts?
Mysql Solutions
Solution 1 - Mysql
- Open the RDS web console.
- Open the “Parameter Groups” tab.
- Create a new Parameter Group. On the dialog, select the MySQL family compatible to your MySQL database version, give it a name and confirm. Select the just created Parameter Group and issue “Edit Parameters”.
- Look for the parameter
log_bin_trust_function_creatorsand set its value to1. - Save the changes.
- Open the “Instances” tab. Expand your MySQL instance and issue the “Instance Action” named “Modify”.
- Select the just created Parameter Group and enable “Apply Immediately”.
- Click on “Continue” and confirm the changes.
- Wait for the "Modifying" operation to be completed.
- Again, open the “Instances” tab. Expand your MySQL instance and expand “Instance Action” tab and select "Reboot".
A reboot isn't necessary since log_bin_trust_function_creators has apply type = dynamic. At least this is true if your RDS already has an attached parameter group and you edit it, as opposed to creating a new parameter group. Merely save the parameter edit and you're good to go.
Solution 2 - Mysql
Per http://getasysadmin.com/2011/06/amazon-rds-super-privileges/, you need to set log_bin_trust_function_creators to 1 in AWS console, to load your dump file without errors.
If you want to ignore these errors, and load the rest of the dump file, you can use the -f option:
mysql -f my_database -u my_username -p -h
my_new_database.xxxxxxxxx.us-east-1.rds.amazonaws.com < my_database.sql
The -f will report errors, but will continue processing the remainder of the dump file.
Solution 3 - Mysql
The problem with triggers and stored procedures in the dump file is that these definitions include the user who the stored procedure should be created by, the DEFINER. The user most likely doesn't exist in the RDS so a error is then raised. To be able to load the dump file you can remove the DEFINER using sed or Perl and create the stored procedure/trigger with the user who is performing the import.
perl -pe 's/\sDEFINER=`[^`]+`@`[^`]+`//' < mysqldump.sql > mysqldump.fixed.sql
Now you should be able to load the fixed dump file
mysql my_database -u my_username -p -h rds_host < mysqldump.fixed.sql
As said in earlier answer, you should set the DB Parameter:
log_bin_trust_function_creators = 1
Solution 4 - Mysql
For me, there was only 2 commands in my dump file which required SUPER privileges:
SET @@GLOBAL.gtid_purgedSET @@SESSION.SQL_LOG_BIN
According to the mysqldump docs you can disable these with --set-gtid-purged=OFF.
Then looking at man mysqldump:
> Use ON if the intention is to deploy a new replication slave using only some of the data from the dumped server. Use OFF if the intention is to repair a table by copying it within a topology. Use OFF if the intention is to copy a table between replication topologies that are disjoint and will remain so.
So I decided to add --set-gtid-purged=OFF to my mysqldump command and then I could successfully import the resulting dump file.
Solution 5 - Mysql
As defined in AWS documentation triggers, procedures, and functions are disabled by default because binary logging is enabled by default. Disabling basically makes your db more secure, but if you have properly secured through the network it won't matter.
Follow these steps and your problem will be fixed https://aws.amazon.com/premiumsupport/knowledge-center/rds-mysql-functions/
Also you shouldn't use definers when creating procedures. A simple sed command can remove it.
Solution 6 - Mysql
In addition to editing
> log_bin_trust_function_creators = 1
you need to remove all DEFINER from your dump file, check the following link for SED command that can help cleaning your sql dump file.
Solution 7 - Mysql
After used arun-r answer, if the problem is not solved you need to modify your dump file. It is simple.
In the dump file you will find lines like :
DELIMITER ;;
CREATE DEFINER=`username_from_dumped_database`@`host_from_dumped_database` PROCEDURE `procedure_or_function_name`()
BEGIN
You have to replace :
username_from_dumped_databaseby your username on rds database.host_from_dumped_databseby%
I don't know why but this trick worked for me. A simple text editor is enough to do this.
Solution 8 - Mysql
To complete @arun-r's answer, a reboot is necessary when you create a new parameter group.
