Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-22152

REPLICATION MASTER ADMIN privilege not given to former SUPER users upon upgrade

    XMLWordPrintable

    Details

      Description

      In the scope of MDEV-21743 a number of new privileges were introduced, mainly in order to split SUPER privilege. Upon upgrade from previous versions these privileges are added to users which had SUPER before; except for REPLICATION MASTER ADMIN privilege. It is currently given only to users which had SUPER and REPLICATION SLAVE.

      For now, it doesn't affect anything, because for the sake of backward compatibility SUPER still has the capabilities it had before. However, as I understand, the new privileges are given to former SUPER users in order to deprecate/decommission SUPER in future, at which point it will become important: without getting REPLICATION MASTER ADMIN, former SUPER users will lose the ability to set global replication-related variables.

      At the same time, adding REPLICATION MASTER ADMIN to former SUPER users will bring inconsistency. There is one capability which REPLICATION MASTER ADMIN has but SUPER users didn't before and as of 10.5.2 still don't: SHOW SLAVE HOSTS.

      To summarize,

      • if we don't add REPLICATION MASTER ADMIN to SUPER users upon upgrade, it is all right now, but in future versions SUPER users will lose a capability which they had before upgrade;
      • if we do add REPLICATION MASTER ADMIN to SUPER users upon upgrade, it will (already now) give SUPER users a capability which they didn't have before.

      I'm not sure which outcome is desired.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              elenst Elena Stepanova
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: