[MDEV-23899] admin privilege required to monitoring replication status - 10.5.5 Created: 2020-10-06 Updated: 2022-01-25 Resolved: 2020-10-08 |
|
| Status: | Closed |
| Project: | MariaDB Server |
| Component/s: | Authentication and Privilege System, Replication |
| Affects Version/s: | 10.5.5 |
| Fix Version/s: | N/A |
| Type: | Bug | Priority: | Major |
| Reporter: | vidyadhar | Assignee: | Unassigned |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | privileges, replication | ||
| Environment: |
all/any |
||
| Issue Links: |
|
||||||||||||
| Description |
|
It seems we need REPLICATION ADMIN privilege in order to monitor replication status using "SHOW SLAVE STATUS" command. Monitoring replication is different activity and configuring and maintaining replication is different activity. The replication admin privilege provides full access to users on replication tasks like start/stop/change master, etc. https://mariadb.com/kb/en/grant/#replication-slave-admin We have "replication client" privilege available for this purpose but replication client renamed to "binlog monitor" in 10.5.2 version. When we grant "replication client" privilege it internally grants "binlog monitor" privilege only. As per documentation, "binlog monitor" should provide access to check slave status but we are unable to execute slave status even with this privilege. "New name for REPLICATION CLIENT from MariaDB 10.5.2, (REPLICATION CLIENT still supported as an alias for compatibility purposes). Permits running SHOW commands related to the binary log, in particular the SHOW BINLOG STATUS, SHOW REPLICA STATUS and SHOW BINARY LOGS statements." https://mariadb.com/kb/en/grant/#binlog-monitor
|
| Comments |
| Comment by vidyadhar [ 2020-10-08 ] | |||||||||||||||||||
|
Same issue persist in 10.5.6 as well.
| |||||||||||||||||||
| Comment by Elena Stepanova [ 2020-10-08 ] | |||||||||||||||||||
|
We have an open issue for this problem, |