Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
2.3.9
-
None
-
MXS-SPRINT-91
Description
The documentation is inconsistent regarding the privileges that are needed by the user account used by MariaDB Monitor.
One section says this:
The user requires the REPLICATION CLIENT privilege to successfully monitor the state of the servers. SUPER privilege is required for cluster manipulation features such as failover.
MariaDB [(none)]> grant replication client on . to 'maxscale'@'maxscalehost';
Query OK, 0 rows affected (0.00 sec)
https://mariadb.com/kb/en/mariadb-maxscale-23-mariadb-monitor/#configuration
It mentions that the SUPER privilege may also be needed, but a latter section says that several other privileges may also be needed:
The cluster operations require that the monitor user (user) has the following privileges:
- SUPER, to modify slave connections and set globals such as read_only
- REPLICATION CLIENT, to list slave connections
- RELOAD, to flush binary logs
- PROCESS, to check if the event_scheduler process is running
- SHOW DATABASES and EVENTS, to list and modify server events
https://mariadb.com/kb/en/mariadb-maxscale-23-mariadb-monitor/#cluster-manipulation-operations
These sections should be made consistent. I would also suggest adding a GRANT example to the "configuration" section that includes all privileges required for cluster manipulation options. e.g.:
GRANT RELOAD, PROCESS, SHOW DATABASES, REPLICATION CLIENT, EVENT, SUPER ON *.* TO 'maxscale'@'maxscalehost';
|