-
Type:
Bug
-
Status: Closed (View Workflow)
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.4.0
-
Fix Version/s: 2.0.0
-
Component/s: galeramon, ndbclustermon
-
Labels:None
The Galera monitor itself does not need the REPLICATION CLIENT privilege, since it has no reason to execute SHOW SLAVE STATUS. Nevertheless, core/monitor.c contains a hardcoded check for this privileged used for all modules.
Granting unnecessary privileges is a security risk, so advice to do so should be avoided.
The permissions required for each monitor should probably be defined by each monitor, not in a central location.