[MDEV-23918] admin privlege required to view contents of relay logs in 10.5 - Jira

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.5.5, 10.5.6
Fix Version/s: 10.5.9
Component/s: Authentication and Privilege System, Replication
Labels:
Environment:
ANY

Description

I completely understand the point that SUPER privilege has been divided in to multiple parts for better privilege management.

Here, we can use "binlog monitor" privilege to view the contents of binary logs. However, when it comes to relay log it require "replication slave admin" privilege. In earlier version, it need "replication slave" privilege to view the contents of relay logs.

https://mariadb.com/kb/en/grant/#replication-slave-admin

It would be nice to consider the same behavior and provide users with "replication slave" privilege to view the relay log contents using "SHOW RELAYLOGS EVENTS" command accordingly

MariaDB [(none)]> select version();

+---------------------+

| version()           |

+---------------------+

| 10.4.13-MariaDB-log |

+---------------------+

1 row in set (0.00 sec)

MariaDB [(none)]>

MariaDB [(none)]> show relaylog events in 'relaylog.000030';

ERROR 1227 (42000): Access denied; you need (at least one of) the REPLICATION SLAVE privilege(s) for this operation

MariaDB [(none)]>

MariaDB [(none)]> select version();

+----------------+

| version()      |

+----------------+

| 10.5.5-MariaDB |

+----------------+

1 row in set (0.00 sec)

MariaDB [(none)]> show relaylog events in 'relaylog.000603';

ERROR 1227 (42000): Access denied; you need (at least one of) the REPLICATION SLAVE ADMIN privilege(s) for this operation

MariaDB [(none)]>

Attachments

Issue Links

relates to

MDEV-23610 Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that

Closed

MDEV-27611 CLONE - Slave user can't run "SHOW SLAVE STATUS" anymore after upgrade to 10.5, mysql_upgrade should take of that

Closed

Activity

Ascending order - Click to sort in descending order

Sergei Golubchik added a comment - 2020-11-04 21:41 - edited

sujatha.sivakumar, should this also be in the new REPLICATION CLIENT MONITOR privilege?

That is, does it logically fit into the same group?

Sergei Golubchik added a comment - 2020-11-04 21:41 - edited sujatha.sivakumar , should this also be in the new REPLICATION CLIENT MONITOR privilege? That is, does it logically fit into the same group?

Sujatha Sivakumar (Inactive) added a comment - 2020-11-05 07:02

Hello serg

Post ~~MDEV-21743~~, binary log related SHOW commands are organized like this:

BINLOG MONITOR (New Privilege)
- SHOW BINLOG EVENTS
- SHOW BINLOG STATUS
- SHOW BINARY LOGS

Since we are planning to add a new privilege as part of ~~MDEV-23610~~, for "SHOW REPLICA STATUS"
command we can include "SHOW RELAY LOG EVENTS" command as well.

REPLICA MONITOR (Proposed new privilege name)
- SHOW SLAVE STATUS
- SHOW RELAYLOG EVENTS

Sujatha Sivakumar (Inactive) added a comment - 2020-11-05 07:02 Hello serg Post MDEV-21743 , binary log related SHOW commands are organized like this: BINLOG MONITOR (New Privilege) SHOW BINLOG EVENTS SHOW BINLOG STATUS SHOW BINARY LOGS Since we are planning to add a new privilege as part of MDEV-23610 , for "SHOW REPLICA STATUS" command we can include "SHOW RELAY LOG EVENTS" command as well. REPLICA MONITOR (Proposed new privilege name) SHOW SLAVE STATUS SHOW RELAYLOG EVENTS

Sujatha Sivakumar (Inactive) added a comment - 2020-11-16 09:07

Fix is implemented as part of ~~MDEV-23610~~

Sujatha Sivakumar (Inactive) added a comment - 2020-11-16 09:07 Fix is implemented as part of MDEV-23610

People

Assignee:: Sujatha Sivakumar (Inactive)

Reporter:: vidyadhar

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2020-10-08 13:33

Updated:: 2022-01-25 10:29

Resolved:: 2020-11-16 09:07

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.

MariaDB Server