Details
-
New Feature
-
Status: Open (View Workflow)
-
Major
-
Resolution: Unresolved
-
25.01.1
-
None
-
None
-
None
Description
The command :
maxctrl show dbusers ReadWriteService
|
┌───────────────────┬────────────────────────────┬───────────────────────┬───────┬───────┬────────┬───────┬──────┐
|
│ User │ Host │ Plugin │ TLS │ Super │ Global │ Proxy │ Role │
|
├───────────────────┼────────────────────────────┼───────────────────────┼───────┼───────┼────────┼───────┼──────┤
|
│ backup_user │ localhost │ mysql_native_password │ false │ false │ true │ false │ │ |
├───────────────────┼────────────────────────────┼───────────────────────┼───────┼───────┼────────┼───────┼──────┤
|
is create to expose the SUPER privileges to detect the presence of a user that can bypass the READ_ONLY. also READ ONLY ADMIN privileges can bypass the READ_ONLY as reported https://mariadb.com/docs/server/ha-and-performance/standard-replication/read-only-replicas
So the the output " maxctrl show dbusers..." or include a new colum for this specific privileges or inglobe SUPER/ADMIN values.
I think we should add the READ ONLY ADMIN , next to SUPER for debug purpose to check the presence of user that can bypass super READ_ONLY which is critical for switch command
drop user if exists super_user; |
drop user if exists admin_only; |
drop user if exists super_and_admin; |
|
|
CREATE USER super_user@'%' IDENTIFIED BY 'aBcd123%'; |
GRANT SUPER ON *.* TO super_user@'%'; |
|
|
CREATE USER admin_only@'%' IDENTIFIED BY 'aBcd123%'; |
GRANT READ_ONLY ADMIN ON *.* TO admin_only@'%'; |
|
|
CREATE USER super_and_admin@'%' IDENTIFIED BY 'aBcd123%'; |
GRANT SUPER, READ_ONLY ADMIN ON *.* TO admin_only@'%'; |
Today (MaxScale 25.01.4)
│ User │ Host │ Plugin │ TLS │ Super │ Global │ Proxy │ Role │
|
│ admin_only │ % │ mysql_native_password │ false │ true │ false │ false │ │ |
│ super_and_admin │ % │ mysql_native_password │ false │ false │ false │ false │ │ |
│ super_user │ % │ mysql_native_password │ false │ true │ false │ false │ │ |