Uploaded image for project: 'MariaDB MaxScale'
  1. MariaDB MaxScale
  2. MXS-2496

Service user with roles causes false warnings

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 2.3.6
    • Fix Version/s: 2.3.8
    • Component/s: Authenticator
    • Labels:
      None

      Description

      When using roles to assign privileges for the maxscale user for services there are some privilege warnings that do not seem to effect operation:

      2019-05-16 13:08:57 warning: [Galera-Service] User 'maxscale' is missing the SHOW DATABASES privilege. This means that MaxScale cannot see all databases and authentication can fail.
      2019-05-16 13:08:57 warning: [Galera-Service] User 'maxscale' is missing the SHOW DATABASES privilege. This means that MaxScale cannot see all databases and authentication can fail
      

      MariaDB [(none)]> SHOW GRANTS FOR 'maxscale'@'xxxxxxxxxx.com';
      +---------------------------------------------------------------------------------------------------------------------------------+
      | Grants for maxscale@xxxxxxxxxx.com |
      +---------------------------------------------------------------------------------------------------------------------------------+
      | GRANT maxscale_role TO 'maxscale'@'xxxxxxxxxx.com' |
      | GRANT USAGE ON *.* TO 'maxscale'@'xxxxxxxxxx.com' IDENTIFIED BY PASSWORD '*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' |
      +---------------------------------------------------------------------------------------------------------------------------------+
      2 rows in set (0.00 sec)
      MariaDB [(none)]> SHOW GRANTS FOR 'maxscale_role';
      +---------------------------------------------------------------------------------------+
      | Grants for maxscale_role |
      +---------------------------------------------------------------------------------------+
      | GRANT SHOW DATABASES, REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO 'maxscale_role' |
      | GRANT SELECT ON `mysql`.`roles_mapping` TO 'maxscale_role' |
      | GRANT SELECT ON `mysql`.`tables_priv` TO 'maxscale_role' |
      | GRANT SELECT ON `mysql`.`user` TO 'maxscale_role' |
      | GRANT SELECT ON `mysql`.`db` TO 'maxscale_role' |
      +---------------------------------------------------------------------------------------+
      5 rows in set (0.00 sec)
      MariaDB [(none)]> SELECT user, host, default_role FROM mysql.user WHERE user = 'maxscale' AND host = 'xxxxxxxxxx.com';
      +----------+---------------------------+---------------+
      | user | host | default_role |
      +----------+---------------------------+---------------+
      | maxscale | xxxxxxxx.com | maxscale_role |
      +----------+---------------------------+---------------+
      1 row in set (0.00 sec)
      

        Attachments

          Activity

            People

            • Assignee:
              markus makela markus makela
              Reporter:
              kjoiner Kyle Joiner
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: