We have encountered a bug trying to build our Galera cluster.
Due to our app requirements (B2B apps) we need to create different mysql users for each customer, and restrict those users to only some filtered views with check option on to avoid customer X to be able to access data of customer Y (row level security).
This task can be trivial to manage through ROLES, by creating a role which has access to those views only and then assign that role to each mysql user of each customer.
It was ok for us to execute "SET ROLE X" at the beginning of each connection (until latest Galera with DEFAULT ROLE per user will become a stable release), but now we've hit another wall: The statement GRANT role TO userx@'%' does not replicate between GALERA nodes. Which means that some customers will end up with permissions (role granted) only on one node, unless we manually patch things out (which is a nightmare to maintain atm).
Does anybody know about this bug and are there plans to be solved?