Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Blocker
-
Resolution: Fixed
-
Affects Version/s: 10.0.14, 10.0.16
-
Fix Version/s: 10.0.21-galera, 5.5.45-galera
-
Component/s: Data Definition - Alter Table, Galera
-
Labels:None
-
Environment:PROD
Description
We have observed that galera cluster replicates commands on all other nodes when it was actually refused on one node due to lack of database permissions:
Steps to reproduce this issue:
Set up 3x nodes cluster (db01, db02 and db03):
-- Add database user account with following permissions: GRANT SELECT, INSERT, UPDATE, DELETE ON `test`.* TO 'iayyaz'@'%' identified by '123'; -- Create dummy database + table CREATE DATABASE test; USE test; create table t1 (a int);
– Login using user 'iayyaz' to node 'db01'
– Issue following commands:
rename table t1 to t2; (this command would fail due to lack of permissions) ERROR 1142 (42000): DROP, ALTER command denied to user 'iayyaz'@'10.10.16.7' for table 't1'
– Login to node 'db02'
You would find table has been renamed:
MariaDB [test]> show tables; +----------------+ | Tables_in_test | +----------------+ | t2 | +----------------+ 1 row in set (0.00 sec)
Gliffy Diagrams
Attachments
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
This is a serious issue, once table has been renamed on other nodes i,e, db02 and db03, Now if we issue DML on db01: