Documentation Home
MySQL 8.0 Reference Manual
Related Documentation Download this Manual
PDF (US Ltr) - 47.6Mb
PDF (A4) - 47.7Mb
PDF (RPM) - 43.1Mb
HTML Download (TGZ) - 10.9Mb
HTML Download (Zip) - 11.0Mb
HTML Download (RPM) - 9.5Mb
Man Pages (TGZ) - 233.8Kb
Man Pages (Zip) - 338.8Kb
Info (Gzip) - 4.3Mb
Info (Zip) - 4.3Mb
Excerpts from this Manual

MySQL 8.0 Reference Manual  /  ...  /  Privilege Checks For Group Replication Channels

17.3.3.2 Privilege Checks For Group Replication Channels

From MySQL 8.0.19, as well as securing asynchronous and semi-synchronous replication, you may choose to use a PRIVILEGE_CHECKS_USER account to secure the two replication applier threads used by Group Replication. The group_replication_applier thread on each group member is used for applying the group's transactions, and the group_replication_recovery thread on each group member is used for state transfer from the binary log as part of distributed recovery when the member joins or rejoins the group.

To secure one of these threads, stop Group Replication, then issue the CHANGE MASTER TO statement with the PRIVILEGE_CHECKS_USER option, specifying group_replication_applier or group_replication_recovery as the channel name. For example:

mysql> STOP GROUP_REPLICATION;
mysql> CHANGE MASTER TO PRIVILEGE_CHECKS_USER = 'gr_repl'@'%.example.com' FOR CHANNEL 'group_replication_recovery';
mysql> START GROUP_REPLICATION;

For Group Replication channels, the REQUIRE_ROW_FORMAT setting is automatically enabled when the channel is created, and cannot be disabled, so you do not need to specify this.

Important

In MySQL 8.0.19, ensure that you do not issue the CHANGE MASTER TO statement with the PRIVILEGE_CHECKS_USER option while Group Replication is running. This action causes the relay log files for the channel to be purged, which might cause the loss of transactions that have been received and queued in the relay log, but not yet applied.

If a remote cloning operation is used for distributed recovery in Group Replication (see Section 18.4.3.1, “Cloning for Distributed Recovery”), from MySQL 8.0.19, the PRIVILEGE_CHECKS_USER account and settings from the donor are cloned to the joining member. If the joining member is set to start Group Replication on boot, it automatically uses the account for the appropriate replication channels.

In MySQL 8.0.18, due to a number of limitations, it is recommended that you do not use a PRIVILEGE_CHECKS_USER account with Group Replication channels.