Permission Desc

Different functions and stages require different permissions. The permission requirements that may be involved in each function are listed below. If there are any omissions, please suggest and add.

The suggested permissions are:

GRANT ALL PRIVILEGES ON *.* TO ...

or

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, PROCESS, REFERENCES, INDEX, ALTER, SUPER, REPLICATION SLAVE, REPLICATION CLIENT, TRIGGER ON *.* TO ...

Audit function

• information_schema db Metadata query permissions, table structure, index information, constraints, etc.
• mysql db use permission, no query, the library is connected by default, and it can be modified by calling the option --db parameter
• DML During the audit, the explain operation will be performed on the DML statement, and this operation requires the actual corresponding DML authority.
• REFERENCES Only required for foreign keys

Execute

• Actual SQL execution permissions

Use pt-osc

• PROCESS permission, view processlist information
• TRIGGER create and delete triggers
• SUPER or REPLICATION CLIENT When there is a master-slave, check the master-slave delay

Use gh-ost

• SUPER|REPLICATION CLIENT, REPLICATION SLAVE Simulate slave pull binlog events
• ALTER, CREATE, DELETE, DROP, INDEX, INSERT, LOCK TABLES, SELECT, TRIGGER, UPDATE

Backup

Remote database

• SUPER When the binlog format is not row, execute set session binlog_format='row'

• SUPER|REPLICATION CLIENT, REPLICATION SLAVE binlog解析

Database used for backup

• It is recommended to grant all permissions to the backup library instance