Bug #81847 | What privileges are needed to START SLAVE and STOP SLAVE? | ||
---|---|---|---|
Submitted: | 14 Jun 2016 11:40 | Modified: | 25 Apr 2019 14:33 |
Reporter: | Sheeri Cabral (Candidate Quality Contributor) | Email Updates: | |
Status: | Closed | Impact on me: | |
Category: | MySQL Server: Replication | Severity: | S3 (Non-critical) |
Version: | 5.6 and 5.7, 5.7.13 | OS: | Any |
Assigned to: | CPU Architecture: | Any | |
Tags: | privileges |
[14 Jun 2016 11:40]
Sheeri Cabral
[15 Jun 2016 5:40]
MySQL Verification Team
Hello Sheeri, Thank you for the report and feedback! Verifying for the inconsistency observed in the error messages. For the documentation part - imho, the required privileges information is present in relevant START SLAVE/STOP SLAVE pages i.e http://dev.mysql.com/doc/refman/5.7/en/start-slave.html and http://dev.mysql.com/doc/refman/5.7/en/stop-slave.html But it would be better if this is included in the "Privileges Provided by MySQL" section of the manual as well https://dev.mysql.com/doc/refman/5.7/en/privileges-provided.html Thanks, Umesh
[15 Jun 2016 5:41]
MySQL Verification Team
-- 5.7.14 daily build [umshastr@hod03]/export/umesh/server/binaries/mysql-advanced-5.7.14: bin/mysql -ubug -p123 -S run/slave.sock mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 6 Server version: 5.7.14-enterprise-commercial-advanced-log MySQL Enterprise Server - Advanced Edition (Commercial) Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show grants; +------------------------------------------+ | Grants for bug@localhost | +------------------------------------------+ | GRANT SELECT ON *.* TO 'bug'@'localhost' | +------------------------------------------+ 1 row in set (0.00 sec) mysql> show slave status\G ERROR 1227 (42000): Access denied; you need (at least one of) the SUPER, REPLICATION CLIENT privilege(s) for this operation mysql> start slave; ERROR 1045 (28000): Access denied for user 'bug'@'localhost' (using password: YES) mysql> show errors; +-------+------+----------------------------------------------------------------+ | Level | Code | Message | +-------+------+----------------------------------------------------------------+ | Error | 1045 | Access denied for user 'bug'@'localhost' (using password: YES) | +-------+------+----------------------------------------------------------------+ 1 row in set (0.00 sec) mysql> stop slave; ERROR 1045 (28000): Access denied for user 'bug'@'localhost' (using password: YES) mysql>
[25 Apr 2019 14:33]
Margaret Fisher
Posted by developer: Hi - I've just received this as a documentation bug. Thanks for pointing this out. The required privilege is REPLICATION_SLAVE_ADMIN. The privilege page said that was needed to "start and stop replication", but it didn't name the commands so you couldn't find them by searching. I've added the command names now.
[14 Oct 2019 11:37]
Matt Kimek
Could we ask for explanation why 5.7 documentation pointing to privileges in 8.0 ? https://dev.mysql.com/doc/refman/5.7/en/stop-slave.html Stops the slave threads. STOP SLAVE requires the REPLICATION_SLAVE_ADMIN (https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html#priv_replication-slave-ad...) https://dev.mysql.com/doc/refman/5.7/en/grant.html#grant-privileges
[13 Sep 2022 7:51]
Saurabh Tandon
When I am granting replication_slave_admin privilege in 5.7 it says - grant REPLICATION_SLAVE_ADMIN on '*' TO 'repl_monitor'@'%'; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'REPLICATION_SLAVE_ADMIN on '*' TO 'repl_monitor'@'%'' at line 1 I am not sure if I always need to grant super privileges for replication admin user.
[13 Sep 2022 7:52]
Saurabh Tandon
Ignore last command - This is the correct one with *.* mysql> GRANT REPLICATION_SLAVE_ADMIN ON *.* TO 'repl_monitor'@'%'; ERROR 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'REPLICATION_SLAVE_ADMIN ON *.* TO 'repl_monitor'@'%'' at line 1