Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Duplicate
-
10.5.5
-
all/any
Description
It seems we need REPLICATION ADMIN privilege in order to monitor replication status using "SHOW SLAVE STATUS" command. Monitoring replication is different activity and configuring and maintaining replication is different activity.
The replication admin privilege provides full access to users on replication tasks like start/stop/change master, etc.
https://mariadb.com/kb/en/grant/#replication-slave-admin
We have "replication client" privilege available for this purpose but replication client renamed to "binlog monitor" in 10.5.2 version. When we grant "replication client" privilege it internally grants "binlog monitor" privilege only.
As per documentation, "binlog monitor" should provide access to check slave status but we are unable to execute slave status even with this privilege.
"New name for REPLICATION CLIENT from MariaDB 10.5.2, (REPLICATION CLIENT still supported as an alias for compatibility purposes). Permits running SHOW commands related to the binary log, in particular the SHOW BINLOG STATUS, SHOW REPLICA STATUS and SHOW BINARY LOGS statements."
https://mariadb.com/kb/en/grant/#binlog-monitor
MariaDB [(none)]> select version();
|
+--------------------+
|
| version() |
|
+--------------------+
|
| 10.5.5-MariaDB-log | |
+--------------------+
|
1 row in set (0.00 sec) |
|
|
MariaDB [(none)]> show grants;
|
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
| Grants for testscript@% | |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, BINLOG MONITOR, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO `testscript`@`%` IDENTIFIED BY PASSWORD '************' WITH GRANT OPTION | |
+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
1 row in set (0.00 sec) |
|
|
MariaDB [(none)]> show replica status;
|
ERROR 1227 (42000): Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation |
MariaDB [(none)]> show slave status;
|
ERROR 1227 (42000): Access denied; you need (at least one of) the SUPER, REPLICATION SLAVE ADMIN privilege(s) for this operation |
MariaDB [(none)]>
|
|
Attachments
Issue Links
- is duplicated by
-
-
- Closed
-
-
-
- Closed
-