gh-ost icon indicating copy to clipboard operation
gh-ost copied to clipboard

Published 20 hours ago verified publisher icon github

wildcards in grants are not supported

Open babinomec opened this issue 6 years ago • 2 comments

We have a lot of databases which are named like "something_data_<client>". If I give these grants to ghost user :

GRANT ALL PRIVILEGES ON `something\_data\_%`.* TO 'ghost'@'%'

It fails with : ERROR User has insufficient privileges for migration. Needed: SUPER|REPLICATION CLIENT, REPLICATION SLAVE and ALL on `something_data_<client>`.*

If I connect with mysql client, the user can see the databases and make changes.

It's most probably in the way the permissions are checked in gh-ost/go/logic/inspect.go validateGrants(). I can't think of a non-ugly solution to check that though...

babinomec avatar Feb 14 '19 17:02 babinomec

@babinomec have you found a solution?

We use RDS (Aurora) and have the same issue. It fails with: FATAL 2021-08-06 12:57:23 ERROR User has insufficient privileges for migration. Needed: SUPER|REPLICATION CLIENT, REPLICATION SLAVE and ALL on `mydb`.*.

mattmilesi avatar Aug 06 '21 13:08 mattmilesi

As far as I recall, no.

We ended up needing gh-ost on lots of different databases/tables so I think we gave permissions on everything and limited on the host part.

babinomec avatar Aug 06 '21 13:08 babinomec