Bug #32089 FR: Separate SUPER privilege's one-more-connection behavior from ordinary tasks
Submitted: 4 Nov 2007 16:14 Modified: 7 Nov 2007 13:50
Reporter: Baron Schwartz (Basic Quality Contributor) Email Updates:
Status: Verified Impact on me:
None 
Category:MySQL Server: Security: Privileges Severity:S4 (Feature request)
Version: OS:Any
Assigned to: CPU Architecture:Any
Tags: qc

[4 Nov 2007 16:14] Baron Schwartz
Description:
The SUPER privilege is needed for several common operations such as SHOW INNODB STATUS.  It's unfortunate that these common operations are mixed in with the very useful behavior that SUPER reserves one connection even when the server has reached its max_connections limit.  I would like to allow routine monitoring and maintenance scripts to connect and do their work (SHOW INNODB STATUS, KILL, etc) without using up that safety margin. It seems there is a good precedent for this with some of the other privileges (PROCESS, for example).

How to repeat:
I think all of these privileges could usefully be separated.  I request the following new global privileges, or something equivalent:

KILL: kill other users' processes.

REPLICATION ADMIN: execute CHANGE MASTER TO statements.

LOG ADMIN: execute PURGE MASTER LOGS statements.

ENGINE STATUS: execute SHOW ENGINE STATUS commands.

The reserve-one-connection behavior could continue to apply to SUPER, or that could also be separated out and assigned explicitly, whatever seems best.  Of course SUPER should retain its current privileges for backwards compatibility, too.  It could become an alias for the privileges it encompasses, just as ALL is an alias for a group of privileges.
[7 Nov 2007 5:25] Valeriy Kravchuk
Thank you for a reasonable feature request.
[7 Nov 2007 13:50] Baron Schwartz
SHOW TRIGGERS also requires SUPER and might be a good idea to separate out.