Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Not a Bug
-
10.5
-
None
Description
In the scope of MDEV-21743 a number of new privileges were introduced, mainly in order to split SUPER privilege. Upon upgrade from previous versions these privileges are added to users which had SUPER before; except for REPLICATION MASTER ADMIN privilege. It is currently given only to users which had SUPER and REPLICATION SLAVE.
For now, it doesn't affect anything, because for the sake of backward compatibility SUPER still has the capabilities it had before. However, as I understand, the new privileges are given to former SUPER users in order to deprecate/decommission SUPER in future, at which point it will become important: without getting REPLICATION MASTER ADMIN, former SUPER users will lose the ability to set global replication-related variables.
At the same time, adding REPLICATION MASTER ADMIN to former SUPER users will bring inconsistency. There is one capability which REPLICATION MASTER ADMIN has but SUPER users didn't before and as of 10.5.2 still don't: SHOW SLAVE HOSTS.
To summarize,
- if we don't add REPLICATION MASTER ADMIN to SUPER users upon upgrade, it is all right now, but in future versions SUPER users will lose a capability which they had before upgrade;
- if we do add REPLICATION MASTER ADMIN to SUPER users upon upgrade, it will (already now) give SUPER users a capability which they didn't have before.
I'm not sure which outcome is desired.
Attachments
Issue Links
- relates to
-
MDEV-21743 Split up SUPER privilege to smaller privileges
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-