Details
-
Task
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
None
Description
If read_only mode is set (as it's usual on slaves) users (even without SUPER privilege) are able to run ANALYZE TABLE and OPTIMIZE TABLE statements on the tables they have SELECT and INSERT privileges for. This is by current design and is clearly documented.
But running these commands on slave with binary logging enabled generates transactions for the binary logs. With gtid_strict_mode these transactions (with their increased seqno) then conflict with those coming from master, effectively breaking replication.
I'd like to request either some change in read_only implementation or maybe some safe_read_only_slave mode were these statements are NOT written to the binary log and do not generate new GTIDs when gtid_strict_mode is enabled, or their execution is prevented with error as follows:
1. If a user has SUPER privilege she should be allowed to execute all operations on slave.
2. If a user has all privileges on a specific database but not SUPER, she still should not be allowed to run OPTIMIZE, ANALYZE, DROP/CREATE TEMPORARY TABLE, FLUSH... etc, So for non-SUPER user it should not be allowed run any operations that are generating new GTIDs.
This is different from MySQL's super_read_only option.