Privileges for MariaDB Enterprise Server 10.5

Overview

Privileges can be granted to users to control who can perform what actions in MariaDB Enterprise Server.

Privilege

Description

ADMIN OPTION

Grants ability to GRANT other users the roles you hold

ALL PRIVILEGES

Grants all available privileges at the given privilege level. Granting all privileges on a table does not grant any privileges on a database, for example.

ALTER

Grants ability to ALTER TABLE

ALTER ROUTINE

Grants ability to ALTER FUNCTION, ALTER PROCEDURE

BINLOG ADMIN

Grants ability to PURGE BINARY LOGS, SET (some variables only)

BINLOG MONITOR

Grants ability to SHOW MASTER STATUS, SHOW BINARY LOGS, SHOW BINLOG EVENTS, and SHOW BINLOG STATUS. Added in MariaDB Enterprise Server 10.5 as fine-grained SUPER privilege to reduce the dependency on SUPER. Prior to this version this will have been part of SUPER.

BINLOG REPLAY

Grants ability to execute BINLOG statements, SET TIMESTAMP (special cases), SET (some variables only). Added in MariaDB Enterprise Server 10.5 as fine-grained SUPER privilege to reduce the dependency on SUPER. Prior to this version this will have been part of SUPER.

CONNECTION ADMIN

Grants ability to KILL, SET (some variables only). Skips the execution of init_connect when the user connects. Ignores max_connections, max_user_connections, and max_password_errors when the user connects. Added in MariaDB Enterprise Server 10.5 as fine-grained SUPER privilege to reduce the dependency on SUPER. Prior to this version this will have been part of SUPER.

CREATE

Grants ability to CREATE DATABASE, CREATE TABLE

CREATE ROUTINE

Grants ability to CREATE FUNCTION, CREATE PROCEDURE

CREATE TABLESPACE

Unused, but is checked in granting privileges to other users (such as GRANT ALL)

CREATE TEMPORARY TABLES

Grants ability to CREATE TEMPORARY TABLE

CREATE USER

Grants ability to CREATE USER, or to create user with GRANT

CREATE VIEW

Grants ability to CREATE VIEW

DELETE

Grants ability to DELETE

DELETE HISTORY

Grants ability to DELETE HISTORY (from a system-versioned table)

DROP

Grants ability to DROP DATABASE, DROP TABLE, DROP VIEW, TRUNCATE

EVENT

Grants ability to ALTER EVENT, CREATE EVENT, DROP EVENT, and execute events

EXECUTE

Grants ability to execute stored routines

FEDERATED ADMIN

Grants ability to ALTER SERVER, CREATE SERVER, DROP SERVER. Added in MariaDB Enterprise Server 10.5 as fine-grained SUPER privilege to reduce the dependency on SUPER. Prior to this version this will have been part of SUPER.

FILE

Grants ability to Read and write files on the server

GRANT OPTION

Grants ability to GRANT (granting privileges only)

INDEX

Grants ability to CREATE INDEX, DROP INDEX, or create an index with ALTER TABLE

INSERT

Grants ability to INSERT

LOCK TABLES

Grants ability to LOCK TABLES (requires SELECT privilege)

PROCESS

Grants ability to SHOW PROCESSLIST

PROXY

Grants ability to Proxy from one account to another

READ ONLY ADMIN

Alias for READ_ONLY ADMIN

READ_ONLY ADMIN

Grants ability to START TRANSACTION (special cases), INSERT (special cases), UPDATE (special cases), DELETE (special cases), DROP TRIGGER (special cases), SET (some variables only). Added in MariaDB Enterprise Server 10.5 as fine-grained SUPER privilege to reduce the dependency on SUPER. Prior to this version this will have been part of SUPER.

REFERENCES

Unused, but is checked in granting privileges to other users (such as GRANT ALL)

RELOAD

Grants ability to FLUSH

REPLICA MONITOR

Grants ability to SHOW SLAVE STATUS, SHOW REPLICA STATUS, SHOW ALL SLAVES STATUS, SHOW ALL REPLICAS STATUS, SHOW RELAYLOG EVENTS. New privilege added in MariaDB Enterprise Server 10.5.8-5. Alias for SLAVE MONITOR.

REPLICATION CLIENT

Grants ability to SHOW MASTER STATUS, SHOW SLAVE STATUS, SHOW BINARY LOGS. In ES10.5, is an alias for BINLOG MONITOR and the capabilities have changed. BINLOG MONITOR grants ability to SHOW MASTER STATUS, SHOW BINARY LOGS, SHOW BINLOG EVENTS, and SHOW BINLOG STATUS.

REPLICATION MASTER ADMIN

Grants ability to SHOW REPLICA HOSTS, SHOW SLAVE HOSTS, SET (some variables only). Added in MariaDB Enterprise Server 10.5 as fine-grained SUPER privilege to reduce the dependency on SUPER. Prior to this version this will have been part of SUPER.

REPLICATION REPLICA

Grants ability to read binary log events from the primary (needed by replicas). Added in MariaDB Enterprise Server 10.5 as alias of REPLICATION SLAVE.

REPLICATION REPLICA ADMIN

Grants ability to start/monitor/stop slave and apply binlog events. Added in MariaDB Enterprise Server 10.5 as fine-grained SUPER privilege to reduce the dependency on SUPER. Prior to version 10.5, REPLICATION REPLICA ADMIN was part of SUPER. Starting in ES10.5.8-5, SHOW SLAVE STATUS, SHOW REPLICA STATUS, SHOW ALL SLAVES STATUS, SHOW ALL REPLICAS STATUS, SHOW RELAYLOG EVENTS are removed from REPLICATION REPLICA ADMIN and granted with newly created REPLICA MONITOR.

REPLICATION SLAVE

Grants ability to read binary log events from the master (needed by replicas). Capabilities changed in ES10.5, see details. REPLICATION REPLICA was added as an alias in 10.5.

REPLICATION SLAVE ADMIN

Grants ability to start/monitor/stop slave and apply binlog events. Alias for REPLICATION REPLICA ADMIN see REPLICATION REPLICA ADMIN for details.

SELECT

Grants ability to SELECT

SET USER

Grants ability to create triggers, views, stored procedures, and stored functions with a different definer. Added in MariaDB Enterprise Server 10.5 as fine-grained SUPER privilege to reduce the dependency on SUPER. Prior to this version this will have been part of SUPER.

SHOW DATABASES

Grants ability to SHOW DATABASES

SHOW SCHEMAS

Grants ability to SHOW SCHEMAS. SHOW SCHEMAS is a synonym for SHOW DATABASES.

SHOW VIEW

Grants ability to SHOW CREATE VIEW

SHUTDOWN

Grants ability to shut down the server

SLAVE MONITOR

Grants ability to SHOW SLAVE STATUS, SHOW REPLICA STATUS, SHOW ALL SLAVES STATUS, SHOW ALL REPLICAS STATUS, SHOW RELAYLOG EVENTS. New privilege added in MariaDB Enterprise Server 10.5.8-5. Alias for REPLICA MONITOR.

SUPER

Grants ability to perform superuser operations such as KILL thread, SET GLOBAL, CHANGE MASTER, etc.

TRIGGER

Grants ability to CREATE TRIGGER, DROP TRIGGER, execute triggers on tables you update

UPDATE

Grants ability to UPDATE (requires SELECT privilege for WHERE clause)

USAGE

Grants ability to connect to the database server