Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-23918

admin privlege required to view contents of relay logs in 10.5

Details

    Description

      I completely understand the point that SUPER privilege has been divided in to multiple parts for better privilege management.

      Here, we can use "binlog monitor" privilege to view the contents of binary logs. However, when it comes to relay log it require "replication slave admin" privilege. In earlier version, it need "replication slave" privilege to view the contents of relay logs.

      https://mariadb.com/kb/en/grant/#replication-slave-admin

      It would be nice to consider the same behavior and provide users with "replication slave" privilege to view the relay log contents using "SHOW RELAYLOGS EVENTS" command accordingly

      MariaDB [(none)]> select version();
      +---------------------+
      | version()           |
      +---------------------+
      | 10.4.13-MariaDB-log |
      +---------------------+
      1 row in set (0.00 sec)
       
      MariaDB [(none)]>
      MariaDB [(none)]> show relaylog events in 'relaylog.000030';
      ERROR 1227 (42000): Access denied; you need (at least one of) the REPLICATION SLAVE privilege(s) for this operation
      MariaDB [(none)]>
       
      MariaDB [(none)]> select version();
      +----------------+
      | version()      |
      +----------------+
      | 10.5.5-MariaDB |
      +----------------+
      1 row in set (0.00 sec)
       
      MariaDB [(none)]> show relaylog events in 'relaylog.000603';
      ERROR 1227 (42000): Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation
      MariaDB [(none)]>
      
      

      Attachments

        Issue Links

          Activity

            serg Sergei Golubchik added a comment - - edited

            sujatha.sivakumar, should this also be in the new REPLICATION CLIENT MONITOR privilege?

            That is, does it logically fit into the same group?

            serg Sergei Golubchik added a comment - - edited sujatha.sivakumar , should this also be in the new REPLICATION CLIENT MONITOR privilege? That is, does it logically fit into the same group?

            Hello serg

            Post MDEV-21743, binary log related SHOW commands are organized like this:

            • BINLOG MONITOR (New Privilege)
              • SHOW BINLOG EVENTS
              • SHOW BINLOG STATUS
              • SHOW BINARY LOGS

            Since we are planning to add a new privilege as part of MDEV-23610, for "SHOW REPLICA STATUS"
            command we can include "SHOW RELAY LOG EVENTS" command as well.

            • REPLICA MONITOR (Proposed new privilege name)
              • SHOW SLAVE STATUS
              • SHOW RELAYLOG EVENTS
            sujatha.sivakumar Sujatha Sivakumar (Inactive) added a comment - Hello serg Post MDEV-21743 , binary log related SHOW commands are organized like this: BINLOG MONITOR (New Privilege) SHOW BINLOG EVENTS SHOW BINLOG STATUS SHOW BINARY LOGS Since we are planning to add a new privilege as part of MDEV-23610 , for "SHOW REPLICA STATUS" command we can include "SHOW RELAY LOG EVENTS" command as well. REPLICA MONITOR (Proposed new privilege name) SHOW SLAVE STATUS SHOW RELAYLOG EVENTS

            Fix is implemented as part of MDEV-23610

            sujatha.sivakumar Sujatha Sivakumar (Inactive) added a comment - Fix is implemented as part of MDEV-23610

            People

              sujatha.sivakumar Sujatha Sivakumar (Inactive)
              vidyadhar.chelluru vidyadhar
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.