[MDEV-8383] "GRANT role TO user" does not replicate - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.0.17-galera
Fix Version/s: 10.0.21-galera
Component/s: Admin statements, wsrep
Labels:
- galera
- replication
- roles
Environment:
Ubuntu TT, Galera 10.0.17, AWS EC2 instances

Description

Hello,

We have encountered a bug trying to build our Galera cluster.

Due to our app requirements (B2B apps) we need to create different mysql users for each customer, and restrict those users to only some filtered views with check option on to avoid customer X to be able to access data of customer Y (row level security).

This task can be trivial to manage through ROLES, by creating a role which has access to those views only and then assign that role to each mysql user of each customer.

It was ok for us to execute "SET ROLE X" at the beginning of each connection (until latest Galera with DEFAULT ROLE per user will become a stable release), but now we've hit another wall: The statement GRANT role TO userx@'%' does not replicate between GALERA nodes. Which means that some customers will end up with permissions (role granted) only on one node, unless we manually patch things out (which is a nightmare to maintain atm).

Does anybody know about this bug and are there plans to be solved?

Thank you
Cosmin

Attachments

Activity

People

Assignee:: Nirbhay Choubey (Inactive)

Reporter:: Cosmin Stahie

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2015-06-25 20:32

Updated:: 2016-08-16 21:34

Resolved:: 2015-07-11 02:10

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.