mirror of
https://github.com/MariaDB/server.git
synced 2025-07-30 16:24:05 +03:00
MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that
Add a new privilege "SLAVE MONITOR" which will grant user the permission to execute "SHOW SLAVE STATUS" and "SHOW RELAYLOG EVENTS" commands. SHOW SLAVE STATUS requires either SLAVE MONITOR/SUPER SHOW RELAYLOG EVENTS requires SLAVE MONITOR privilege.
This commit is contained in:
Sujatha
@ -18,7 +18,37 @@ CREATE USER user_super_replslave@localhost;
|
||||
GRANT SUPER, REPLICATION SLAVE ON *.* TO user_super_replslave@localhost;
|
||||
SHOW GRANTS FOR user_super_replslave@localhost;
|
||||
Grants for user_super_replslave@localhost
|
||||
GRANT SUPER, REPLICATION SLAVE, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user_super_replslave`@`localhost`
|
||||
GRANT SUPER, REPLICATION SLAVE, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super_replslave`@`localhost`
|
||||
#
|
||||
# MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that
|
||||
#
|
||||
#
|
||||
# Users with privilege SUPER prior to 10.5 should successfully execute
|
||||
# SHOW SLAVE STATUS command
|
||||
#
|
||||
CREATE USER user_replsuper@localhost;
|
||||
GRANT SUPER ON *.* TO user_replsuper@localhost;
|
||||
SHOW GRANTS FOR user_replsuper@localhost;
|
||||
Grants for user_replsuper@localhost
|
||||
GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user_replsuper`@`localhost`
|
||||
#
|
||||
# Users with privilege REPLICATION CLIENT prior to 10.5 should successfully execute
|
||||
# SHOW SLAVE STATUS command
|
||||
#
|
||||
CREATE USER user_replclient@localhost;
|
||||
GRANT REPLICATION CLIENT ON *.* TO user_replclient@localhost;
|
||||
SHOW GRANTS FOR user_replclient@localhost;
|
||||
Grants for user_replclient@localhost
|
||||
GRANT BINLOG MONITOR ON *.* TO `user_replclient`@`localhost`
|
||||
#
|
||||
# Users with privilege REPLICATION SLAVE prior to 10.5 should successfully execute
|
||||
# SHOW RELAYLOG EVENTS command
|
||||
#
|
||||
CREATE USER user_replslave@localhost;
|
||||
GRANT REPLICATION SLAVE ON *.* TO user_replslave@localhost;
|
||||
SHOW GRANTS FOR user_replslave@localhost;
|
||||
Grants for user_replslave@localhost
|
||||
GRANT REPLICATION SLAVE, REPLICATION MASTER ADMIN, SLAVE MONITOR ON *.* TO `user_replslave`@`localhost`
|
||||
# mysql_upgrade --force --silent 2>&1
|
||||
FLUSH PRIVILEGES;
|
||||
#
|
||||
@ -38,7 +68,35 @@ GRANT SUPER, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLI
|
||||
#
|
||||
SHOW GRANTS FOR user_super_replslave@localhost;
|
||||
Grants for user_super_replslave@localhost
|
||||
GRANT SUPER, REPLICATION SLAVE, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY ON *.* TO `user_super_replslave`@`localhost`
|
||||
GRANT SUPER, REPLICATION SLAVE, SET USER, FEDERATED ADMIN, CONNECTION ADMIN, READ_ONLY ADMIN, REPLICATION SLAVE ADMIN, REPLICATION MASTER ADMIN, BINLOG ADMIN, BINLOG REPLAY, SLAVE MONITOR ON *.* TO `user_super_replslave`@`localhost`
|
||||
#
|
||||
# MDEV-23610: Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that
|
||||
#
|
||||
#
|
||||
# Should automatically get BINLOG MONITOR and REPLICA MONITOR
|
||||
#
|
||||
SHOW GRANTS FOR user_replclient@localhost;
|
||||
Grants for user_replclient@localhost
|
||||
GRANT BINLOG MONITOR, SLAVE MONITOR ON *.* TO `user_replclient`@`localhost`
|
||||
#
|
||||
# Should automatically get REPLICA MONITOR
|
||||
#
|
||||
SHOW GRANTS FOR user_replslave@localhost;
|
||||
Grants for user_replslave@localhost
|
||||
GRANT REPLICATION SLAVE, SLAVE MONITOR ON *.* TO `user_replslave`@`localhost`
|
||||
connect con1,localhost,user_super_replslave,,test;
|
||||
connection con1;
|
||||
SHOW SLAVE STATUS;
|
||||
disconnect con1;
|
||||
connect con1,localhost,user_replclient,,test;
|
||||
connection con1;
|
||||
SHOW SLAVE STATUS;
|
||||
disconnect con1;
|
||||
connect con1,localhost,user_replslave,,test;
|
||||
connection con1;
|
||||
SHOW RELAYLOG EVENTS;
|
||||
disconnect con1;
|
||||
connection default;
|
||||
SELECT
|
||||
json_value(Priv, '$.version_id'),
|
||||
json_value(Priv, '$.access'),
|
||||
@ -51,6 +109,9 @@ AND
|
||||
user LIKE 'user_%';
|
||||
json_value(Priv, '$.version_id') json_value(Priv, '$.access') user
|
||||
NULL 1073741823 user_all
|
||||
NULL 1048576 user_replclient
|
||||
NULL 524288 user_replslave
|
||||
NULL 32768 user_replsuper
|
||||
NULL 32768 user_super
|
||||
NULL 557056 user_super_replslave
|
||||
DROP TABLE mysql.global_priv;
|
||||
|
||||
Reference in New Issue
Block a user