Bug #111395 Missing documentation of new privilege TELEMETRY_LOG_ADMIN in 8.0.33
Submitted: 13 Jun 2023 10:45 Modified: 1 Aug 2023 14:13
Reporter: Simon Mudd (OCA) Email Updates:
Status: Closed Impact on me:
None 
Category:MySQL Server: Documentation Severity:S3 (Non-critical)
Version:8.0.33-community OS:Any
Assigned to: CPU Architecture:Any
Tags: 8.0.33, community

[13 Jun 2023 10:45] Simon Mudd
Description:
This also affects the release notes.

Replication broke on a box running 8.0.32. The error was:

Slave SQL State    Worker 1 failed executing transaction 'ae10f11d-63f6-11ed-9389-9cdc71cceb40:3652733097' at master log binlog.074217, end_log_pos 459916538; Error 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use' on query. Default database: ''. Query: 'GRANT TELEMETRY_LOG_ADMIN ON *.* TO 'user'@'%''

I'll admit this was my fault. This server runs 8.0.32 and the master had been upgraded to 8.0.33. However, I wasn't aware of the new privilege: TELEMETRY_LOG_ADMIN

This is not mentioned now in the 8.0.33 release notes though there are some mentions of telemtry: https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-33.html and also not mentioned in the grant statement documentation: https://dev.mysql.com/doc/refman/8.0/en/grant.html

I'm not sure if the MySQL 8.0.33 server pushed out this new grant itself or my tooling automation simply tried to do something but changes such as this need to be handled as you can't now load grants from an 8.0.33 server directly into an 8.0.32 server because of these differences.  So users need to be aware of the change and tooling may need to be aware when different privileges are added.

How to repeat:
Try to apply grants on 8.0.33 to an 8.0.32 server. It will fail. This is an incompatibility issue and it's not mentioned.

Suggested fix:
- Modify the release notes to refer to this new privilege as an incompatible (not backwards compatible) change.
- modify the GRANT page to refer to this new privilege

Tables 13.11 and 13.12 do not indicate in which version each privilege was added.

Please include that information for users to be able to configure their tooling to handle these incremental differences and make it explicit when they occurred.
[13 Jun 2023 11:27] MySQL Verification Team
Hello Simon,

Thank you for the report and feedback.
My apologies for marking this as a private as after discussion with developer confirmed that this telemetry log is available only in cloud and this is an alias for audit log. This is not a community doc bug hence I'll discuss with SR owner and ensure that it is logged in appropriate place so that doc issue addressed. Thank you.

regards,
Umesh
[13 Jun 2023 11:40] Simon Mudd
13:34 [smudd@myhost ~]$ rpm -qa | grep mysql-community-server
mysql-community-server-8.0.33-1.el8.x86_64

13:34 [myuser@myhost ~]$ mysql
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 1219595
Server version: 8.0.33 MySQL Community Server - GPL

....

myuser@myhost [(none)]> select @@version;
+-----------+
| @@version |
+-----------+
| 8.0.33    |
+-----------+
1 row in set (0.00 sec)

myuser@myhost [(none)]> show grants for root@localhost;
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Grants for root@localhost                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER, CREATE TABLESPACE, CREATE ROLE, DROP ROLE ON *.* TO `root`@`localhost` WITH GRANT OPTION                                                                                                                                                                                                                                                                                                   |
| GRANT APPLICATION_PASSWORD_ADMIN,AUDIT_ABORT_EXEMPT,AUDIT_ADMIN,BACKUP_ADMIN,BINLOG_ADMIN,BINLOG_ENCRYPTION_ADMIN,CLONE_ADMIN,CONNECTION_ADMIN,ENCRYPTION_KEY_ADMIN,FIREWALL_EXEMPT,FLUSH_OPTIMIZER_COSTS,FLUSH_STATUS,FLUSH_TABLES,FLUSH_USER_RESOURCES,GROUP_REPLICATION_ADMIN,INNODB_REDO_LOG_ARCHIVE,INNODB_REDO_LOG_ENABLE,PASSWORDLESS_USER_ADMIN,PERSIST_RO_VARIABLES_ADMIN,REPLICATION_APPLIER,REPLICATION_SLAVE_ADMIN,RESOURCE_GROUP_ADMIN,RESOURCE_GROUP_USER,ROLE_ADMIN,SERVICE_CONNECTION_ADMIN,SESSION_VARIABLES_ADMIN,SET_USER_ID,SHOW_ROUTINE,SYSTEM_USER,SYSTEM_VARIABLES_ADMIN,TABLE_ENCRYPTION_ADMIN,TELEMETRY_LOG_ADMIN,XA_RECOVER_ADMIN ON *.* TO `root`@`localhost` WITH GRANT OPTION |
| GRANT PROXY ON ``@`` TO `root`@`localhost` WITH GRANT OPTION                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3 rows in set (0.00 sec)

This is on a community server.

Please verify this if needed.
[13 Jun 2023 12:01] MySQL Verification Team
Thank you, Simon.
This is classified as a document bug and will be addressed accordingly.
[1 Aug 2023 14:13] Christine Cole
Posted by developer:
 
Added the missing privilege for telemetry-log administration. 
Added an entry to the Grant table listing (Table 13.12 Permissible Dynamic Privileges for GRANT and REVOKE)
Added an entry to the MySQL 8.0.33 changelog. The log applies to MySQL HeatWave on AWS.

Thank you for the report.