Error in check for "LOCK TABLES" permission
981 views
Skip to first unread message
Andrew Kowalik
May 23, 2017, 2:22:59 PM5/23/17
to debezium
Attempting to run connector against user that has the below permission. "LOCK TABLES" is only allowed against a specific database. When running the connector I get an error that I do not have permission to LOCK TABLES. I am not very well versed in Java but it looks like maybe the permission check does not accept on a per table basis? Note that my database.whitelist only include the database I have access to lock.
Randall Hauch
May 23, 2017, 3:21:59 PM5/23/17
to debezium
Yeah, we're currently running `SHOW GRANTS FOR CURRENT_USER` and looking for "LOCK TABLES" within any of the grants. If none is found, then you should see the error:
User does not have the 'LOCK TABLES' privilege required to obtain a consistent snapshot by preventing concurrent writes to tables.
Is this the error that you're seeing? If so, log in as the same MySQL user that you've configured the Debezium connector to use, and run the above SHOW statement.
If that isn't the error you're seeing, then please provide the exact message, and make sure that your connector is configured to include only the events from the databases and tables for which you have permissions
Best regards,
Randall
On Tue, May 23, 2017 at 1:22 PM, Andrew Kowalik <drew.k...@gmail.com> wrote:
Attempting to run connector against user that has the below permission. "LOCK TABLES" is only allowed against a specific database. When running the connector I get an error that I do not have permission to LOCK TABLES. I am not very well versed in Java but it looks like maybe the permission check does not accept on a per table basis? Note that my database.whitelist only include the database I have access to lock.GRANT SELECT, LOCK TABLES ON `db_name`.* TO 'user'@'%'
--
You received this message because you are subscribed to the Google Groups "debezium" group.
To unsubscribe from this group and stop receiving emails from it, send an email to debezium+unsubscribe@googlegroups.com.
To post to this group, send email to debe...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/debezium/7535f023-c889-4b80-bafa-8820478c0ab4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Randall Hauch
May 23, 2017, 3:26:31 PM5/23/17
to debezium
BTW, the connector attempts to lock all tables with `FLUSH TABLES WITH READ LOCK`, and if that fails it looks at the grants as I described above. If it does find the grants, it attempts to lock the individual tables with:
FLUSH TABLES a, b, c WITH READ LOCK
where "a, b, c" is the list of fully-qualified names for the tables that the connector is trying to snapshot.
If you're really curious, turn on TRACE logging (see http://debezium.io/docs/logging/) to see in detail exactly what the connector is doing.
Best regards,
Randall
Reply all
Reply to author
Forward
0 new messages