Currently the read_only option is defined the following way:
Make all non-temporary tables read-only, with the exception for replication (slave) threads and users with the 'READ ONLY ADMIN' privilege.
The current implementation of read_only does not block users from using
SELECT ... LOCK IN SHARE MODE or LOCK TABLES ... READ, both of which can block
replication threads from continuing. LOCK IN SHARE MODE is especially dangerous as it takes write locks, which will block replication threads.
The solve this issue, we plan to extend the --read_only option to have 3 levels:
Note that the read_only option has no effects on slave/replica threads or temporary tables.
0 changes allowed
1 Make all non-temporary tables read-only, with the exception for users with the 'READ ONLY ADMIN' privilege.
2 block also LOCK TABLES and SELECT IN SHARE MOD
3 block also users with 'READ ONLY ADMIN' privilege. This is sames as MySQL's super_read_only option.
The --read-only option can now take 4 different values:
0 No read only (as before).
1 Blocks changes for users without the 'READ ONLY ADMIN' privilege (as before).
2 Blocks in addition LOCK TABLES and SELECT IN SHARE MODE for not 'READ ONLY ADMIN' users.
3 Blocks in addition 'READ_ONLY_ADMIN' users for all the previous statements.
read_only is changed to an enum and one can use the following names for the lock levels:
OFF, ON, NO_LOCK, NO_LOCK_NO_ADMIN
Too keep things compatible with older versions config files, one can
still use values FALSE and TRUE, which are mapped to OFF and ON.
Michael Widenius
added a comment - Relevant things from the commit message:
The --read-only option can now take 4 different values:
0 No read only (as before).
1 Blocks changes for users without the 'READ ONLY ADMIN' privilege (as before).
2 Blocks in addition LOCK TABLES and SELECT IN SHARE MODE for not 'READ ONLY ADMIN' users.
3 Blocks in addition 'READ_ONLY_ADMIN' users for all the previous statements.
read_only is changed to an enum and one can use the following names for the lock levels:
OFF, ON, NO_LOCK, NO_LOCK_NO_ADMIN
Too keep things compatible with older versions config files, one can
still use values FALSE and TRUE, which are mapped to OFF and ON.
People
Elena Stepanova
Michael Widenius
Votes:
0Vote for this issue
Watchers:
5Start watching this issue
Dates
Created:
Updated:
Git Integration
Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.
{"report":{"fcp":924.8000000119209,"ttfb":275.69999998807907,"pageVisibility":"visible","entityId":133551,"key":"jira.project.issue.view-issue","isInitial":true,"threshold":1000,"elementTimings":{},"userDeviceMemory":8,"userDeviceProcessors":64,"apdex":1,"journeyId":"8f8c8ea5-97a3-4038-b117-34887aebe841","navigationType":0,"readyForUser":994.6000000238419,"redirectCount":0,"resourceLoadedEnd":946.8000000119209,"resourceLoadedStart":292.60000002384186,"resourceTiming":[{"duration":52.80000001192093,"initiatorType":"link","name":"https://jira.mariadb.org/s/2c21342762a6a02add1c328bed317ffd-CDN/lu2bv2/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/css/_super/batch.css","startTime":292.60000002384186,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":292.60000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":345.4000000357628,"responseStart":0,"secureConnectionStart":0},{"duration":56.5,"initiatorType":"link","name":"https://jira.mariadb.org/s/7ebd35e77e471bc30ff0eba799ebc151-CDN/lu2bv2/820016/12ta74/2380add21a9a1006587582385952de73/_/download/contextbatch/css/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.css?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":293,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":293,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":349.5,"responseStart":0,"secureConnectionStart":0},{"duration":121.19999998807907,"initiatorType":"script","name":"https://jira.mariadb.org/s/e9b27a47da5fb0f74a35acd57e9847fb-CDN/lu2bv2/820016/12ta74/0a8bac35585be7fc6c9cc5a0464cd4cf/_/download/contextbatch/js/_super/batch.js?locale=en","startTime":293.10000002384186,"connectEnd":293.10000002384186,"connectStart":293.10000002384186,"domainLookupEnd":293.10000002384186,"domainLookupStart":293.10000002384186,"fetchStart":293.10000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":293.10000002384186,"responseEnd":414.30000001192093,"responseStart":414.30000001192093,"secureConnectionStart":293.10000002384186},{"duration":277.39999997615814,"initiatorType":"script","name":"https://jira.mariadb.org/s/c32eb0da7ad9831253f8397e6cc26afd-CDN/lu2bv2/820016/12ta74/2380add21a9a1006587582385952de73/_/download/contextbatch/js/jira.browse.project,project.issue.navigator,jira.view.issue,jira.general,jira.global,atl.general,-_super/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&locale=en&slack-enabled=true","startTime":293.4000000357628,"connectEnd":293.4000000357628,"connectStart":293.4000000357628,"domainLookupEnd":293.4000000357628,"domainLookupStart":293.4000000357628,"fetchStart":293.4000000357628,"redirectEnd":0,"redirectStart":0,"requestStart":293.4000000357628,"responseEnd":570.8000000119209,"responseStart":570.8000000119209,"secureConnectionStart":293.4000000357628},{"duration":281.5,"initiatorType":"script","name":"https://jira.mariadb.org/s/bc0bcb146314416123c992714ee00ff7-CDN/lu2bv2/820016/12ta74/c92c0caa9a024ae85b0ebdbed7fb4bd7/_/download/contextbatch/js/atl.global,-_super/batch.js?locale=en","startTime":293.60000002384186,"connectEnd":293.60000002384186,"connectStart":293.60000002384186,"domainLookupEnd":293.60000002384186,"domainLookupStart":293.60000002384186,"fetchStart":293.60000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":293.60000002384186,"responseEnd":575.1000000238419,"responseStart":575.1000000238419,"secureConnectionStart":293.60000002384186},{"duration":281.80000001192093,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-en/jira.webresources:calendar-en.js","startTime":293.80000001192093,"connectEnd":293.80000001192093,"connectStart":293.80000001192093,"domainLookupEnd":293.80000001192093,"domainLookupStart":293.80000001192093,"fetchStart":293.80000001192093,"redirectEnd":0,"redirectStart":0,"requestStart":293.80000001192093,"responseEnd":575.6000000238419,"responseStart":575.6000000238419,"secureConnectionStart":293.80000001192093},{"duration":282.10000002384186,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:calendar-localisation-moment/jira.webresources:calendar-localisation-moment.js","startTime":294,"connectEnd":294,"connectStart":294,"domainLookupEnd":294,"domainLookupStart":294,"fetchStart":294,"redirectEnd":0,"redirectStart":0,"requestStart":294,"responseEnd":576.1000000238419,"responseStart":576.1000000238419,"secureConnectionStart":294},{"duration":287.39999997615814,"initiatorType":"link","name":"https://jira.mariadb.org/s/b04b06a02d1959df322d9cded3aeecc1-CDN/lu2bv2/820016/12ta74/a2ff6aa845ffc9a1d22fe23d9ee791fc/_/download/contextbatch/css/jira.global.look-and-feel,-_super/batch.css","startTime":294.10000002384186,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":294.10000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":581.5,"responseStart":0,"secureConnectionStart":0},{"duration":283.39999997615814,"initiatorType":"script","name":"https://jira.mariadb.org/rest/api/1.0/shortcuts/820016/47140b6e0a9bc2e4913da06536125810/shortcuts.js?context=issuenavigation&context=issueaction","startTime":294.30000001192093,"connectEnd":294.30000001192093,"connectStart":294.30000001192093,"domainLookupEnd":294.30000001192093,"domainLookupStart":294.30000001192093,"fetchStart":294.30000001192093,"redirectEnd":0,"redirectStart":0,"requestStart":294.30000001192093,"responseEnd":577.6999999880791,"responseStart":577.6999999880791,"secureConnectionStart":294.30000001192093},{"duration":287.2999999523163,"initiatorType":"link","name":"https://jira.mariadb.org/s/3ac36323ba5e4eb0af2aa7ac7211b4bb-CDN/lu2bv2/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/css/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.css?jira.create.linked.issue=true","startTime":294.4000000357628,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":294.4000000357628,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":581.6999999880791,"responseStart":0,"secureConnectionStart":0},{"duration":283.80000001192093,"initiatorType":"script","name":"https://jira.mariadb.org/s/719848dd97ebe0663199f49a3936487a-CDN/lu2bv2/820016/12ta74/d176f0986478cc64f24226b3d20c140d/_/download/contextbatch/js/com.atlassian.jira.projects.sidebar.init,-_super,-project.issue.navigator,-jira.view.issue/batch.js?jira.create.linked.issue=true&locale=en","startTime":294.60000002384186,"connectEnd":294.60000002384186,"connectStart":294.60000002384186,"domainLookupEnd":294.60000002384186,"domainLookupStart":294.60000002384186,"fetchStart":294.60000002384186,"redirectEnd":0,"redirectStart":0,"requestStart":294.60000002384186,"responseEnd":578.4000000357628,"responseStart":578.4000000357628,"secureConnectionStart":294.60000002384186},{"duration":631.0999999642372,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-js/jira.webresources:bigpipe-js.js","startTime":301.4000000357628,"connectEnd":301.4000000357628,"connectStart":301.4000000357628,"domainLookupEnd":301.4000000357628,"domainLookupStart":301.4000000357628,"fetchStart":301.4000000357628,"redirectEnd":0,"redirectStart":0,"requestStart":301.4000000357628,"responseEnd":932.5,"responseStart":932.5,"secureConnectionStart":301.4000000357628},{"duration":630.3000000119209,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/1.0/_/download/batch/jira.webresources:bigpipe-init/jira.webresources:bigpipe-init.js","startTime":316.5,"connectEnd":316.5,"connectStart":316.5,"domainLookupEnd":316.5,"domainLookupStart":316.5,"fetchStart":316.5,"redirectEnd":0,"redirectStart":0,"requestStart":316.5,"responseEnd":946.8000000119209,"responseStart":946.8000000119209,"secureConnectionStart":316.5},{"duration":344.89999997615814,"initiatorType":"xmlhttprequest","name":"https://jira.mariadb.org/rest/webResources/1.0/resources","startTime":588.3000000119209,"connectEnd":588.3000000119209,"connectStart":588.3000000119209,"domainLookupEnd":588.3000000119209,"domainLookupStart":588.3000000119209,"fetchStart":588.3000000119209,"redirectEnd":0,"redirectStart":0,"requestStart":588.3000000119209,"responseEnd":933.1999999880791,"responseStart":933.1999999880791,"secureConnectionStart":588.3000000119209},{"duration":183.4000000357628,"initiatorType":"script","name":"https://www.google-analytics.com/analytics.js","startTime":916.6999999880791,"connectEnd":0,"connectStart":0,"domainLookupEnd":0,"domainLookupStart":0,"fetchStart":916.6999999880791,"redirectEnd":0,"redirectStart":0,"requestStart":0,"responseEnd":1100.1000000238419,"responseStart":0,"secureConnectionStart":0},{"duration":92.19999998807907,"initiatorType":"script","name":"https://jira.mariadb.org/s/d41d8cd98f00b204e9800998ecf8427e-CDN/lu2bv2/820016/12ta74/e65b778d185daf5aee24936755b43da6/_/download/contextbatch/js/browser-metrics-plugin.contrib,-_super,-project.issue.navigator,-jira.view.issue,-atl.general/batch.js?agile_global_admin_condition=true&jag=true&jira.create.linked.issue=true&slack-enabled=true","startTime":1042.5,"connectEnd":1042.5,"connectStart":1042.5,"domainLookupEnd":1042.5,"domainLookupStart":1042.5,"fetchStart":1042.5,"redirectEnd":0,"redirectStart":0,"requestStart":1042.5,"responseEnd":1134.699999988079,"responseStart":1134.699999988079,"secureConnectionStart":1042.5}],"fetchStart":0,"domainLookupStart":0,"domainLookupEnd":0,"connectStart":0,"connectEnd":0,"requestStart":120,"responseStart":276,"responseEnd":291,"domLoading":291,"domInteractive":1134,"domContentLoadedEventStart":1134,"domContentLoadedEventEnd":1184,"domComplete":1408,"loadEventStart":1408,"loadEventEnd":1409,"userAgent":"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)","marks":[{"name":"bigPipe.sidebar-id.start","time":1111.300000011921},{"name":"bigPipe.sidebar-id.end","time":1112.6000000238419},{"name":"bigPipe.activity-panel-pipe-id.start","time":1113.5},{"name":"bigPipe.activity-panel-pipe-id.end","time":1114.699999988079},{"name":"activityTabFullyLoaded","time":1206.9000000357628}],"measures":[],"correlationId":"ecdfd4399e0e4f","effectiveType":"4g","downlink":9,"rtt":0,"serverDuration":98,"dbReadsTimeInMs":12,"dbConnsTimeInMs":20,"applicationHash":"9d11dbea5f4be3d4cc21f03a88dd11d8c8687422","experiments":[]}}
Bug
Major
MDEV-9458 FR: Super read-only mode
Relevant things from the commit message:
The --read-only option can now take 4 different values:
0 No read only (as before).
1 Blocks changes for users without the 'READ ONLY ADMIN' privilege (as before).
2 Blocks in addition LOCK TABLES and SELECT IN SHARE MODE for not 'READ ONLY ADMIN' users.
3 Blocks in addition 'READ_ONLY_ADMIN' users for all the previous statements.
read_only is changed to an enum and one can use the following names for the lock levels:
OFF, ON, NO_LOCK, NO_LOCK_NO_ADMIN
Too keep things compatible with older versions config files, one can
still use values FALSE and TRUE, which are mapped to OFF and ON.