Description:
For most system variables, setting the session value requires no special privileges and can be done by any user to affect the current session. For some system variables, setting the session value can have effects outside the current session and thus is a restricted operation. For these, the SESSION_VARIABLES_ADMIN privilege enables the user to set the session value.
If a system variable is restricted and requires a special privilege to set the session value, the variable description indicates that restriction. Examples include binlog_format, sql_log_bin, and sql_log_off.
In addition, there are many other session-level variables that are crucial to the efficiency and security of the database, and they are also a threat if they are not set properly. For example: internal_tmp_mem_storage_engine, tmp_table_size, long_query_time, optimizer_switch, sql_mode and so on.
It is suggested to optimize the handling of SESSION_VARIABLES_ADMIN permissions, so DBA can dynamically adjust the session-level variables affected by SESSION_VARIABLES_ADMIN.
For example, set a new system variable to store all restricted session-level variables.
How to repeat:
Optimize the handling of SESSION_VARIABLES_ADMIN permission
